| 1 |
On Thu, Jan 26, 2012 at 7:38 PM, William Kenworthy <billk@×××××××××.au> wrote: |
| 2 |
> On Thu, 2012-01-26 at 11:14 -0500, Michael Mol wrote: |
| 3 |
>> On Thu, Jan 26, 2012 at 11:04 AM, Frank Steinmetzger <Warp_7@×××.de> wrote: |
| 4 |
>> > On Thu, Jan 26, 2012 at 09:34:56AM -0500, Michael Mol wrote: |
| 5 |
>> > |
| 6 |
>> >> >>> I guess you mean https://panopticlick.eff.org/ |
| 7 |
>> >> >> |
| 8 |
>> >> >> My results from work: |
| 9 |
>> >> >> |
| 10 |
>> >> >> Your browser fingerprint appears to be unique among the 1,939,102 tested so far. |
| 11 |
>> >> >> |
| 12 |
>> >> >> Currently, we estimate that your browser has a fingerprint that |
| 13 |
>> >> >> conveys at least 20.89 bits of identifying information. |
| 14 |
>> >> >> |
| 15 |
>> >> > |
| 16 |
>> >> > |
| 17 |
>> >> > Funny, I get exactly the same thing except add one to the large number. |
| 18 |
>> >> > I guess you tested before I did. How does one avoid this but still |
| 19 |
>> >> > have sites work? |
| 20 |
>> >> |
| 21 |
>> >> Well, I just went to the same site using a Chrome 'incognito' browser, |
| 22 |
>> >> and got this: |
| 23 |
>> >> |
| 24 |
>> >> Within our dataset of several million visitors, only one in 969,560 |
| 25 |
>> >> browsers have the same fingerprint as yours. |
| 26 |
>> >> |
| 27 |
>> >> Currently, we estimate that your browser has a fingerprint that |
| 28 |
>> >> conveys 19.89 bits of identifying information. |
| 29 |
>> > |
| 30 |
>> > I get almost the same numbers with just using NoScript and Flashblock. (And |
| 31 |
>> > the above result when I allow the Java applet and JavaScript). |
| 32 |
>> > |
| 33 |
>> > This backs me up in using noscript and flashblock. Sometimes I doubt myself |
| 34 |
>> > when I get asked once more why I would use NoScript in times when most of the |
| 35 |
>> > web relies on JS. I then say that privacy and comfort is more important to me |
| 36 |
>> > than having to allow JS on a site from time to time. (Even though some sites |
| 37 |
>> > obviously don't work without it, such as video portals, most of them still do, |
| 38 |
>> > albeit some gt a borked layout from it). |
| 39 |
>> |
| 40 |
>> FWIW, I'm not using NoScript or Flashblock, only an Adblock. And |
| 41 |
>> Chrome blocked the Java applet both in the normal and incognito modes. |
| 42 |
>> |
| 43 |
>> |
| 44 |
> |
| 45 |
> To turn this on its head ... rather than hiding, is there a way to |
| 46 |
> create identical browsers that pollute their (google et al.) databases? |
| 47 |
> |
| 48 |
> Perhaps a read only VM with a standard fit out? (noscript etc. - |
| 49 |
> basically a sandboxed browser for the paranoid!) |
| 50 |
> |
| 51 |
> or does such a thing already exist? |
| 52 |
|
| 53 |
Sure. Boot an Ubuntu live CD and use the browser in there. And forget |
| 54 |
all the fancy plugins. For how panopticlick works, their presence will |
| 55 |
say more about you then their absence. |
| 56 |
|
| 57 |
Your target needs to be having as simple, generic a setup as possible. |
| 58 |
Disabling features which come enabled by default sets you apart. |
| 59 |
Adding fonts to the system, or adding plugins to the browser, or |
| 60 |
enabling extensions, or having an unusual operating platform show up |
| 61 |
in your User-Agent--all of it. Every customization you make makes you |
| 62 |
more unique. |
| 63 |
|
| 64 |
It's much the same as dressing the same as everyone else outside; it's |
| 65 |
called keeping a low profile. |
| 66 |
|
| 67 |
-- |
| 68 |
:wq |
Archives