What is tor doing about finger printing? Is there a project to deal with that?
On Wed, May 8, 2013 at 12:13 AM, Joe Btfsplk <joebtfs...@gmx.com> wrote: > > On 5/7/2013 5:27 PM, Moritz Bartl wrote: > >> >> https://www.torproject.org/**projects/torbrowser/design/<https://www.torproject.org/projects/torbrowser/design/> >> >> "WebGL can reveal information about the video card in use, and high >> precision timing information can be used to fingerprint the CPU and >> interpreter speed." >> [...] >> The adversary simply renders WebGL, font, and named color data to a >> Canvas element, extracts the image buffer, and computes a hash of that >> image data. Subtle differences in the video card, font packs, and even >> font and graphics library versions allow the adversary to produce a >> stable, simple, high-entropy fingerprint of a computer. In fact, the >> hash of the rendered image can be used almost identically to a tracking >> cookie by the web server. >> [...] >> WebGL is fingerprintable both through information that is exposed about >> the underlying driver and optimizations, as well as through performance >> fingerprinting. >> >> Because of the large amount of potential fingerprinting vectors and the >> previously unexposed vulnerability surface, we deploy a similar strategy >> against WebGL as for plugins. " >> >> OK, thanks for detailed reply. Now that the "adversary" has a > fingerprint of my machine (therein lies the problem - the data being given > out), unless they're the gubment & I'm a bad guy (or living in a represses > society), what are they going to do w/ that info? In the real world, not, > "theoretically, they could..." Let's assume I haven't done anything that > falls under criminal court jurisdiction & very unlikely anything even > falling under civil court jurisdiction. > > This is good info to know. My wondering about another method of using a > stand alone media player (not browser plugin) that plays Flash or WebGL > content, & whether it avoids some of these issues, is in another post, > today. > > ______________________________**_________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk