I don't get that EFF's Panopticlick entropy and uniqueness estimates are relevant to discussing Tor anonymity.
With the latest Tor browser in a Crunchbang 11 x64 VirtualBox VM without guest extensions (rather unusual right there) I get 11.29 bits (one in 2,505) with default NoScript "Allow Scripts Globally". That's very close to Ben's 12.06 bits (one in 4,260). With NoScript toggled to "Forbid Scripts Globally", I get exactly what Ben got: 9.05 bits (one in 529). And by the way, that's not the sum of the individual browser characteristic results. As Joe notes, they're mostly 1.75 bits, because Panopticlick can't determine them. And the overall estimate seems to largely ignore them. >From the results with scripts blocked, I conclude that Panopticlick sees the same fingerprint from all Tor browsers that have NoScript blocking all scripts. The "one in 529" arguably reflects the share of visitors who are using Tor browser. It says nothing about differences between Tor browsers. With scripts allowed globally, Panopticlick sees another 2-3 bits. I suspect that much of the additional information is also the same for all Tor browsers, given what I've read about Tor-specific tweaks. If that's the case, this isn't a major issue. What is a major issue is the risk of being exploited through a JavaScript vulnerability. And that's why I always block scripts. The risk from doing that, of course, is that each user will tend to customize their NoScript profile in a distinct way. And that will allow websites to tell them apart. Even so, Panopticlick can't report anything about that. For that, one would need a version of Panopticlick that's restricted to assessing and comparing Tor browser profiles. Right? -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
