Andrew David Wong: > On 2016-06-08 13:05, [email protected] wrote: >> I've run a test on https://panopticlick.eff.org/ to see how >> 'anonymous' the Tor browser is on Whonix workstation. It seems to
Whonix doesn't make any changes to Tor Browser so it will be just as anonymous as it would on any other platform. I have not tried to reproduce the issue mentioned by Andrew below so I'm not sure what Qubes does differently. Any resolution that is a multiple of 200x100 (max width 1000) is a VALID Default Tor Browser resolution (depends on screen size). (relevant code: https://gitweb.torproject.org/mikeperry/torbutton.git/tree/src/chrome/content/torbutton.js?h=1.5-next#n2201) Depending on your definition of "anonymous", panopticlick may not be the best place to measure. How many non-paranoid, non-techie users visit panopticlick.eff.org? Hardly representative of the general population. More importantly, Tor Browser will only make you "anonymous" relative to other Tor Browser users, not relative to the general population as a whole. A browser width of 1000 if likely *unique* to Tor Browser since many websites these days will use 1200+ pixels to draw optimally, and any "normal" user would expand the width of their browser. >> have a 'nearly-unique' fingerprint. The problem seems to be the >> browsers window size/resolution (1000x600x24). > Here are the results on panopticlick of various browser resolutions vs infobits: 1920x1080x24 2.36 1000x2000x24 17.16=unique 1000x1400x24 17.16 1000x1300x24 17.16 1000x1200x24 17.16 1000x1100x24 17.16 1000x1000x24 9.8 1000x900x24 7.59 1000x800x24 9.05 1000x700x24 8.03 1000x600x24 7.16 1000x500x24 10.44 1000x400x24 12.1 1000x300x24 17.16 Your resolution of 1000x600 is as good as it gets (for Tor Browser) :) You can also see that if you want to appear to be a "normal" user (running at 1920x1080), you shouldn't use Tor Browser. Some strange facts about Tor Browser browsers that have been tested on Panopticlick with JS Enabled (probably not many of the total browsers to begin with): * Not a single Tor Browser out of 145,000+ total browsers was on a fairly common 27" 2560x1440 monitor... * Even the ubiquitous 1920x1080 monitor lost to smaller screens (for Tor Browser). * Out of 145,000+ total browsers, there were 31 Tor Browsers running at 1000x400! Probably VMs occupying fractional screen space (and not old-timers clinging to their 640x480 monitors). Or One Guy playing with his fingerprints. >> In total, the browser leaks about 14 bits of identifying >> information. whereas on SubgraphOS, this number is significantly >> lower (around 7 bits, if memory serves well) Even with JavaScript >> disabled, it only reduces the amount of identifying information to >> 11 bits. > It would be really helpful to see the detailed comparison with Subgraph. What other variables differed besides screen size? > > Sounds like this issue: > > https://github.com/QubesOS/qubes-issues/issues/1856 > > But also note the Tor Project's stance on fingerprinting linkability: > > https://www.torproject.org/projects/torbrowser/design/#fingerprinting- > linkability > > ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5758FD06.5060407%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
