About panopticlick test

Discussion in 'privacy technology' started by Stefan Froberg, Nov 25, 2014.

  1. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    104
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's 2 schools of thought regarding fingerprinting of this type.
    1, Making your browser look like everyone else so that you're not as easily profiled.
    2, Sending as little information as possible.
    The goal of the first is to make you blend in. For the 2nd, the goal is to give an adversary as little information as possible, making it more difficult to attack you. Which is better depends on who you consider your adversary.
    Your results appear to be taking the 2nd approach. Your sending very little information which in itself is quite unique. The numbers on that page don't have a lot of meaning. There's many more ways to track and identify a user than that page covers. Personally, I prefer the 2nd approach and would rather deal with the tracking issue by blocking connections to the trackers.
     
  3. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    104
    Thanks for quick answer!

    So my choices are basically:
    Try to block as much stuff as possible and make life harder for would be attacker but also sticking out like a sore thumb.
    Or alternatively try to blend to grow and keep fingers crossed that nobody targets you.

    Hmmh... This is going to be a difficult choice ...
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Not necessarily. It really depends on who you consider an adversary, although those lines aren't as clear as they used to be either. There's no clear distinction between corporate tracking for profit, government tracking for surveillance, or profiling by a hacker to determine where you're vulnerable. By the same token, a user doesn't have to take a one or the other approach. Your choices aren't limited to sending information that's identifiable or profile-able or not sending any information. Sending incomplete or false information is another option. Your approach can be a combination of all 3. With the Tor Browser for instance, users all basically look the same. That doesn't necessarily mean that they're all running the same thing or vulnerable to the same attacks. Example, when I'm browsing with Tor, most sites recognize my setup as the Tor Browser running on XP. Neither is correct.

    Don't give too much weight to Panopticlick results. They are just one aspect of the tracking, surveilling, and profiling that is part of the modern web. In order to completely blend in, a browser basically has to tell sites everything that they ask, including where they're vulnerable. The average browser will allow all of the connections to trackers and adservers to be made, allow all of the tracking scripts to run, tell a site the versions of every installed plugin on request, etc. Using an extension like NoScript or a filtering proxy will make you appear more unique but will also make you more resistant to attacks. Extensions like Ghostery and Request Policy will also make you more unique, but they also interfere with corporate tracking by blocking connections to the known trackers. To an extent, they can also help against hacking by blocking connections to malicious sites or compromised adservers.

    Many aspects of it are a tradeoff. There is no perfect solution. Internet security and privacy isn't a black and white issue. Start with identifying who or what you consider your primary adversary and what you most want to defend against.
     
Loading...