tor-webwml.git

Add 'Panopticlick' project idea
Parent 1c76876fe
Damian Johnson

Damian Johnson commited on 2016-02-28 08:27:26
Zeige 1 geänderte Dateien mit 60 Einfügungen und 0 Löschungen. 

https://trac.torproject.org/projects/tor/ticket/18328
getinvolved/en/volunteer.wml
Zeige Datei @ ec691dded
... ... 
@@ -437,6 +437,11 @@ meetings around the world.</li>
437 437 
     privacy and security issues in mainline version.
438 438 
     </p>
439 439
440 
+    <p>
441 
+    <b>Project Ideas:</b><br />
442 
+    <i><a href="#panopticlick">Panopticlick</a></i><br />
443 
+    </p>
444 
+
440 445 
     <a id="project-httpseverywhere"></a>
441 446 
     <h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
442 447 
     href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
... ... 
@@ -1467,6 +1472,61 @@ href="https://github.com/arlolra/ctypes-otr/issues">one of the open key
1467 1472 
 verification issues</a> as part of the application process.
1468 1473 
     </p>
1469 1474 
     </li>
1475 
+
1476 
+    <a id="panopticlick"></a>
1477 
+    <li>
1478 
+    <b>Panopticlick</b>
1479 
+    <br>
1480 
+    Likely Mentors: <i>Georg (GeKo)</i>
1481 
+    <p>
1482 
+
1483 
+The <a href="https://panopticlick.eff.org">Panopticlick project by the EFF</a>
1484 
+revolutionized how people think about <a
1485 
+href="https://panopticlick.eff.org/browser-uniqueness.pdf">browser
1486 
+fingerprinting</a>, both by developing tests and metrics to measure browser
1487 
+fingerprintability, and by crowdsourcing the evaluation and contribution of
1488 
+individual browser features to overall fingerprintability.
1489 
+
1490 
+    </p>
1491 
+    <p>
1492 
+
1493 
+Unfortunately, the way Panopticlick is designed <a
1494 
+href="https://blog.torproject.org/blog/effs-panopticlick-and-torbutton">makes
1495 
+it difficult</a> to evaluate defenses to browser fingerprinting, especially
1496 
+for browsers with a relatively small userbase such as Tor Browser. This is
1497 
+because any approach we take to reduce fingerprinting automatically makes our
1498 
+users more distinct from the previous users who submitted their fingerprint
1499 
+data to the EFF. Indeed, it is also impossible to ever expect that users of
1500 
+one browser will ever be able to blend in with users of another browser
1501 
+(Chrome users will always be distinguishable from Firefox users for example,
1502 
+based on feature set alone).
1503 
+
1504 
+   </p>
1505 
+   <p>
1506 
+
1507 
+To address this, we would like to have <a
1508 
+href="https://trac.torproject.org/projects/tor/ticket/6119">our own
1509 
+fingerprint test suite</a> to evaluate the fingerprintability of each browser
1510 
+feature for users running a specific Tor Browser version. There are also <a
1511 
+href="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting">additional
1512 
+fingerprinting tests</a> we can add beyond those deployed by Panopticlick.
1513 
+   </p>
1514 
+   <p>
1515 
+
1516 
+For this project, the student would develop a website that users can
1517 
+voluntarily visit to test and record their Tor Browser fingerprint.  The user
1518 
+should get feedback on how she performed and the test results should be
1519 
+available in a machine readable format (e.g. JSON), broken down by Tor Browser
1520 
+version.  In a second step one could think about adding more sophisticated
1521 
+tests or supporting other browser vendors that might want to test the
1522 
+uniformity amongst their userbase as well. Of course, results from each
1523 
+browser would also need to be broken down by both browser implementation and
1524 
+version, so that results would only reflect the population of that specific
1525 
+implementation.
1526 
+
1527 
+    </p>
1528 
+    </li>
1529 
+
1470 1530 
 <!--
1471 1531 
     <a id=""></a>
1472 1532 
     <li>
1473 1533