Browse code

Add 'Panopticlick' project idea

https://trac.torproject.org/projects/tor/ticket/18328

Damian Johnson authored on28/02/2016 08:27:16
Showing1 changed files
... ...
@@ -437,6 +437,11 @@ meetings around the world.</li>
437 437
     privacy and security issues in mainline version.
438 438
     </p>
439 439
 
440
+    <p>
441
+    <b>Project Ideas:</b><br />
442
+    <i><a href="#panopticlick">Panopticlick</a></i><br />
443
+    </p>
444
+
440 445
     <a id="project-httpseverywhere"></a>
441 446
     <h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
442 447
     href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
... ...
@@ -1467,6 +1472,61 @@ href="https://github.com/arlolra/ctypes-otr/issues">one of the open key
1467 1472
 verification issues</a> as part of the application process.
1468 1473
     </p>
1469 1474
     </li>
1475
+
1476
+    <a id="panopticlick"></a>
1477
+    <li>
1478
+    <b>Panopticlick</b>
1479
+    <br>
1480
+    Likely Mentors: <i>Georg (GeKo)</i>
1481
+    <p>
1482
+
1483
+The <a href="https://panopticlick.eff.org">Panopticlick project by the EFF</a>
1484
+revolutionized how people think about <a
1485
+href="https://panopticlick.eff.org/browser-uniqueness.pdf">browser
1486
+fingerprinting</a>, both by developing tests and metrics to measure browser
1487
+fingerprintability, and by crowdsourcing the evaluation and contribution of
1488
+individual browser features to overall fingerprintability.
1489
+
1490
+    </p>
1491
+    <p>
1492
+
1493
+Unfortunately, the way Panopticlick is designed <a
1494
+href="https://blog.torproject.org/blog/effs-panopticlick-and-torbutton">makes
1495
+it difficult</a> to evaluate defenses to browser fingerprinting, especially
1496
+for browsers with a relatively small userbase such as Tor Browser. This is
1497
+because any approach we take to reduce fingerprinting automatically makes our
1498
+users more distinct from the previous users who submitted their fingerprint
1499
+data to the EFF. Indeed, it is also impossible to ever expect that users of
1500
+one browser will ever be able to blend in with users of another browser
1501
+(Chrome users will always be distinguishable from Firefox users for example,
1502
+based on feature set alone).
1503
+
1504
+   </p>
1505
+   <p>
1506
+
1507
+To address this, we would like to have <a
1508
+href="https://trac.torproject.org/projects/tor/ticket/6119">our own
1509
+fingerprint test suite</a> to evaluate the fingerprintability of each browser
1510
+feature for users running a specific Tor Browser version. There are also <a
1511
+href="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting">additional
1512
+fingerprinting tests</a> we can add beyond those deployed by Panopticlick.
1513
+   </p>
1514
+   <p>
1515
+
1516
+For this project, the student would develop a website that users can
1517
+voluntarily visit to test and record their Tor Browser fingerprint.  The user
1518
+should get feedback on how she performed and the test results should be
1519
+available in a machine readable format (e.g. JSON), broken down by Tor Browser
1520
+version.  In a second step one could think about adding more sophisticated
1521
+tests or supporting other browser vendors that might want to test the
1522
+uniformity amongst their userbase as well. Of course, results from each
1523
+browser would also need to be broken down by both browser implementation and
1524
+version, so that results would only reflect the population of that specific
1525
+implementation.
1526
+
1527
+    </p>
1528
+    </li>
1529
+
1470 1530
 <!--
1471 1531
     <a id=""></a>
1472 1532
     <li>