When I tested for the first time in late December FF52 and 57 behaved the
same.
I have been thinking about the same about Tor but I think this may not work
correctly because in Tor things seem more complicated. Perhaps there are
additional (Tor specific) about:config variables which don't have a match in
FF. I am currently testing some things with Tor and Panopticlick and I
actually find that specific (supposedly more private settings) give worse
Panopticlick score (i.e. result in easier fingerprinting). Example: With
default settings the Panopticlick gives 6.58 bits of entropy for Tor. If
enable DNT - the result raises to 7.91 bits, i.e. the fingerprint becomes
more unique (less privacy). Strangely I always get:
Is your browser accepting Do Not Track commitments? - No.
Also in Tor OCSP queries are enabled by default. Disabling that (with all
other settings default) doesn't change the bits. I am still not sure how good
or bad disabling OCSP may be. If the IP address is anonymized the challenges
are different, so Tor should be tested in a different way as a whole as one
expects much more from it.
