1 |
On Thu, Jan 26, 2012 at 7:38 PM, William Kenworthy <billk@×××××××××.au> wrote: |
2 |
> On Thu, 2012-01-26 at 11:14 -0500, Michael Mol wrote: |
3 |
>> On Thu, Jan 26, 2012 at 11:04 AM, Frank Steinmetzger <Warp_7@×××.de> wrote: |
4 |
>> > On Thu, Jan 26, 2012 at 09:34:56AM -0500, Michael Mol wrote: |
5 |
>> > |
6 |
>> >> >>> I guess you mean https://panopticlick.eff.org/ |
7 |
>> >> >> |
8 |
>> >> >> My results from work: |
9 |
>> >> >> |
10 |
>> >> >> Your browser fingerprint appears to be unique among the 1,939,102 tested so far. |
11 |
>> >> >> |
12 |
>> >> >> Currently, we estimate that your browser has a fingerprint that |
13 |
>> >> >> conveys at least 20.89 bits of identifying information. |
14 |
>> >> >> |
15 |
>> >> > |
16 |
>> >> > |
17 |
>> >> > Funny, I get exactly the same thing except add one to the large number. |
18 |
>> >> > I guess you tested before I did. How does one avoid this but still |
19 |
>> >> > have sites work? |
20 |
>> >> |
21 |
>> >> Well, I just went to the same site using a Chrome 'incognito' browser, |
22 |
>> >> and got this: |
23 |
>> >> |
24 |
>> >> Within our dataset of several million visitors, only one in 969,560 |
25 |
>> >> browsers have the same fingerprint as yours. |
26 |
>> >> |
27 |
>> >> Currently, we estimate that your browser has a fingerprint that |
28 |
>> >> conveys 19.89 bits of identifying information. |
29 |
>> > |
30 |
>> > I get almost the same numbers with just using NoScript and Flashblock. (And |
31 |
>> > the above result when I allow the Java applet and JavaScript). |
32 |
>> > |
33 |
>> > This backs me up in using noscript and flashblock. Sometimes I doubt myself |
34 |
>> > when I get asked once more why I would use NoScript in times when most of the |
35 |
>> > web relies on JS. I then say that privacy and comfort is more important to me |
36 |
>> > than having to allow JS on a site from time to time. (Even though some sites |
37 |
>> > obviously don't work without it, such as video portals, most of them still do, |
38 |
>> > albeit some gt a borked layout from it). |
39 |
>> |
40 |
>> FWIW, I'm not using NoScript or Flashblock, only an Adblock. And |
41 |
>> Chrome blocked the Java applet both in the normal and incognito modes. |
42 |
>> |
43 |
>> |
44 |
> |
45 |
> To turn this on its head ... rather than hiding, is there a way to |
46 |
> create identical browsers that pollute their (google et al.) databases? |
47 |
> |
48 |
> Perhaps a read only VM with a standard fit out? (noscript etc. - |
49 |
> basically a sandboxed browser for the paranoid!) |
50 |
> |
51 |
> or does such a thing already exist? |
52 |
|
53 |
Sure. Boot an Ubuntu live CD and use the browser in there. And forget |
54 |
all the fancy plugins. For how panopticlick works, their presence will |
55 |
say more about you then their absence. |
56 |
|
57 |
Your target needs to be having as simple, generic a setup as possible. |
58 |
Disabling features which come enabled by default sets you apart. |
59 |
Adding fonts to the system, or adding plugins to the browser, or |
60 |
enabling extensions, or having an unusual operating platform show up |
61 |
in your User-Agent--all of it. Every customization you make makes you |
62 |
more unique. |
63 |
|
64 |
It's much the same as dressing the same as everyone else outside; it's |
65 |
called keeping a low profile. |
66 |
|
67 |
-- |
68 |
:wq |