←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 1 comments | 12 Dec 25 12:35 UTC | HN request time: 0s | source
Show context
ekjhgkejhgk ◴[12 Dec 25 14:55 UTC] No.46244716[source]
OT on Tor:

Recently this link was on HN[1]. It ranks your browser on regular tracking and fingerprinting separately. "Tor without JS" was the only option I found to be completely fingerprint resistant. Even Tor "with JS on strict settings" ranked it as only "partly fingerprint resistant". (Interestingly firefox without JS never returns)

Scary stuff.

I'd like to hear other people's experiences/experiments here.

[1] https://coveryourtracks.eff.org/

replies(9): >>46244951 #>>46245164 #>>46245404 #>>46245460 #>>46245479 #>>46246168 #>>46246185 #>>46246384 #>>46248377 #
monerozcash ◴[12 Dec 25 16:08 UTC] No.46245460[source]
Regular OS X safari: Our tests indicate that you have strong protection against Web tracking.

>Your browser fingerprint has been randomized among the 378,837 tested in the past 45 days. Although sophisticated adversaries may still be able to track you to some extent, randomization provides a very strong protection against tracking companies trying to fingerprint your browser.

>Currently, we estimate that your browser has a fingerprint that conveys at least 18.53 bits of identifying information.

Anyway, this test doesn't really communicate the results very well. Yes, Tor browser stands out. No, it's not easy to differentiate between different Tor browser users via this kind of fingerprinting.

replies(2): >>46245685 #>>46245689 #
ekjhgkejhgk ◴[12 Dec 25 16:28 UTC] No.46245685[source]
Could you clarify if that's with or without JS?
replies(1): >>46245720 #
monerozcash ◴[12 Dec 25 16:31 UTC] No.46245720[source]
I have not disabled JS or made any other configuration changes on this device. Entirely stock Safari and entirely stock MacOS.
replies(1): >>46246477 #
ekjhgkejhgk ◴[12 Dec 25 17:39 UTC] No.46246477[source]
That's not really believable. I'm starting to think this website isn't very reliable.
replies(1): >>46246571 #
monerozcash ◴[12 Dec 25 17:48 UTC] No.46246571[source]
No, it's believable. All this website is communicating to us that most MacOS Safari installs look the same.
replies(1): >>46247094 #
ekjhgkejhgk ◴[12 Dec 25 18:30 UTC] No.46247094[source]
It's not "install" that matter here. If two people have the same "install" but their browser windows have different sizes, they'll be distinguishable. Or any perperty that can be queried via JS.

Let me rephrase it: you believe it, I don't believe.

replies(1): >>46247158 #
monerozcash ◴[12 Dec 25 18:35 UTC] No.46247158[source]
Browser window size and timezone are basically the only identifying details the page gets besides the fact that I use Safari on MacOS

For window size only 1 in 380326.0 browsers has this value.

replies(1): >>46247259 #
ekjhgkejhgk ◴[12 Dec 25 18:45 UTC] No.46247259[source]
For example, what does the section "time zone" and "time zone offset" read for you? You have JS on, so what did JS return on that point?

I'm downloading safari right now.

EDIT: just saw I need to download playonlinux or wine. Forget about it.

replies(1): >>46247867 #
monerozcash ◴[12 Dec 25 19:37 UTC] No.46247867[source]
It gets my correct timezone.
replies(1): >>46248937 #
ekjhgkejhgk ◴[12 Dec 25 21:05 UTC] No.46248937[source]
> For window size only 1 in 380326.0 browsers has this value.

Sorry, who concluded that this is fingerprintin resistant? Does the website tell you that, or was this your conclusion? Because my reading is with a number that small, you're almost uniquely identifiable. Is it possible you're misunderstanding what the report is showing?

Would you be assed to continue this conversation elsewhere? I'd like to get to the bottom of this?

replies(1): >>46249383 #
1. monerozcash ◴[12 Dec 25 21:45 UTC] No.46249383{3}[source]
That's the website output.

Those two values are the only ones returned by the browser which are useful for fingerprinting beyond "stock safari". Window size being the biggest part of that, but window size tends to change fairly regularly.