←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 1 comments | 12 Dec 25 12:35 UTC | HN request time: 0.396s | source
Show context
ekjhgkejhgk ◴[12 Dec 25 14:55 UTC] No.46244716[source]
OT on Tor:

Recently this link was on HN[1]. It ranks your browser on regular tracking and fingerprinting separately. "Tor without JS" was the only option I found to be completely fingerprint resistant. Even Tor "with JS on strict settings" ranked it as only "partly fingerprint resistant". (Interestingly firefox without JS never returns)

Scary stuff.

I'd like to hear other people's experiences/experiments here.

[1] https://coveryourtracks.eff.org/

replies(9): >>46244951 #>>46245164 #>>46245404 #>>46245460 #>>46245479 #>>46246168 #>>46246185 #>>46246384 #>>46248377 #
twhb ◴[12 Dec 25 17:31 UTC] No.46246384[source]
This tool is deeply flawed. Fingerprinting protection is sometimes done by binning, which this tool rewards, and is sometimes done by randomizing, which this tool harshly punishes. The net result is it generally guides you away from the strongest protection.

The flip side of this, having the complementary flaw of testing only persistence, not uniqueness, is (warning, real tracking link) fingerprinting.com/demo. You can try resetting your ID and seeing if it changes here. Since tracking requires (a degree of) uniqueness AND (a degree of) persistence, the danger signal is only failing both the EFF test and this test.

Failing both is a requirement to derive meaning, not being lax: measuring only uniqueness would fail a random number generator, and measuring only persistence would fail the number 4.

replies(2): >>46247138 #>>46247174 #
monerozcash ◴[12 Dec 25 18:37 UTC] No.46247174[source]
It seems to reward totally unique randomized fingerprints also, which is maybe not great.
replies(1): >>46248501 #
1. whytevuhuni ◴[12 Dec 25 21:25 UTC] No.46249162[source]
This is the 3rd copy of a flagged comment within a single minute.