How to use Freeware to improve web browsing anonymity

[Danny D'Amico]

I'm trying to improve my browsing anonymity ...

QUESTION:
Q1: How can we change our screen size & resolution for browsing only?
Q2: Does turning off javascript actually help or hurt anonymity?

DETAILS:
Testing on both Linux and Windows 7, with and without Tor, (see sites below):
1. Panopticlick.eff.org originally reported I was unique out of over 3 million tests.
http://farm4.staticflickr.com/3691/12053056614_6276635c79_o.gif
2. So, I successively removed addons, which dropped me to one of thousands.
http://farm3.staticflickr.com/2873/12053491716_19a6fc8f3f_o.gif

Therefore, I ask:
1. Given the worst offender (apparently) is my (HD) *screen size & resolution*,
is there a way to change that for panopticlick to see?

2. Some freeware browser testing sites explicitly say *turning off javascript*
makes us *more unique* (since few do it); yet, panopticlick freeware intimates
otherwise. Which is it?
http://farm8.staticflickr.com/7299/12053031364_72dbf11a16_o.gif

http://www.stayinvisible.com/
"Javascript is disabled.
NOTE: You are very visible with disabled Javascript nowadays,
when Javascript is essential for all modern websites."

NOTE: Here are test sites I tried (not in any particular order):
http://panopticlick.eff.org
http://www.stayinvisible.com
http://ip-check.info/?lang=en
http://ip.cc/anonymity-test.php
http://ipduh.com/anonymity-check
http://ipinfo.info/html/privacy-check.php
http://tools-on.net/privacy.shtml
http://www.iprivacytools.com/proxy-checker-anonymity-test

In summary:
Q1: How can we change our screen size & resolution for browsing only?
Q2: Does turning off javascript actually help or hurt anonymity?

[J.O. Aho]

On 20/01/14 17:32, Danny D'Amico wrote:
> I'm trying to improve my browsing anonymity ...
>
> QUESTION:
> Q1: How can we change our screen size & resolution for browsing only?
> Q2: Does turning off javascript actually help or hurt anonymity?
>
> DETAILS:
> Testing on both Linux and Windows 7, with and without Tor, (see sites below):
> 1. Panopticlick.eff.org originally reported I was unique out of over 3 million tests.
> http://farm4.staticflickr.com/3691/12053056614_6276635c79_o.gif
> 2. So, I successively removed addons, which dropped me to one of thousands.
> http://farm3.staticflickr.com/2873/12053491716_19a6fc8f3f_o.gif

Not sure if this test does look at fonts, but installed fonts can change
your browser print too.

> Therefore, I ask:
> 1. Given the worst offender (apparently) is my (HD) *screen size & resolution*,
> is there a way to change that for panopticlick to see?

ctrl-alt-numpad+
ctrl-alt-numpad-
depending on your Xorg configuration, of course you can adjust the
source code for the open source browsers so they report the wrong screen
size.

> 2. Some freeware browser testing sites explicitly say *turning off javascript*
> makes us *more unique* (since few do it); yet, panopticlick freeware intimates
> otherwise. Which is it?
> http://farm8.staticflickr.com/7299/12053031364_72dbf11a16_o.gif

For some of the tests depend on javascript, so the less results you give
on the different tests run, the less you have to compare with.

There is a popular plug-in, no-script, which allows you to enable
javascript on sites you trust and it's been installed ~2248090 times.

--

//Aho

[Mike Easter]

Danny D'Amico wrote:
> I'm trying to improve my browsing anonymity ...

I don't believe that you have properly stated or 'guided' (targeted)
your 'desired' objective.

That is, I believe you are misguiding yourself in terms of what you are
trying to do and how you are trying to do it based on this panopticlick
statement:

// Is your browser configuration rare or unique? If so, web sites may
be able to track you, even if you limit or disable cookies.

Panopticlick tests your browser to see how unique it is based on the
information it will share with sites it visits. //



--
Mike Easter

[Dave-UK]

"Danny D'Amico" <da...@is.invalid> wrote in message news:pan.2014.01...@is.invalid...

> I'm trying to improve my browsing anonymity ...
>

Use Tor:
https://www.torproject.org/projects/torbrowser.html.en

[Paul]

Simple. Run your browser from within a VM. You can set the
screen resolution of the virtual machine to whatever you want,
making it smaller than your main screen.

When I checked https://panopticlick.eff.org/ here, the browser
plugins seemed to be my biggest exposure. And I don't really
have that much stuff added either.

A general overview of what they use it for.

http://en.wikipedia.org/wiki/Device_fingerprint

Paul

[Johnny]

From Wikipedia:

Diversity requires that no two machines have the same fingerprint.
However, large numbers of machines are likely to have exactly the same
configuration data and thus the same fingerprint. This is particularly
true in the case of factory installed operating systems. One remedy is
to use a scripting language to harvest a large numbers of parameters
from the client machine;...


I tried that website with Noscript enabled, and then disabled.

NoScript enabled:

Within our dataset of several million visitors, only one in 30,866
browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys
14.91 bits of identifying information.


NoScript disabled:

Within our dataset of several million visitors, only one in 1,898,271
browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys
20.86 bits of identifying information.


The first time I went there it was double that amount, so I guess the
number would continue to decrease each time I visited the site.


It seems the more unique the browser, the more trackable it is. So I
guess it is better to have your computer set up exactly like millions of
others.


I use NoScript, Better Privacy, and have changed dom.storage in Firefox
from True to False, and delete cookies when Firefox closes.

[Danny D'Amico]

On Mon, 20 Jan 2014 18:25:45 +0100, J.O. Aho wrote:

> Not sure if this test does look at fonts, but installed fonts can change
> your browser print too.

On both Windows & Ubuntu, I haven't installed any fonts, on purpose.
But, I don't know *how* fonts get installed.

Q: Is there freeware designed to clean up the fonts?

[Danny D'Amico]

On Mon, 20 Jan 2014 09:30:23 -0800, Mike Easter wrote:

> That is, I believe you are misguiding yourself in terms of what you are
> trying to do and how you are trying to do it based on this panopticlick
> statement:

Hmmm... I'm simply trying to be as NOT-UNIQUE as possible.
That is, I prefer that every browser look like mine.

I can get close to that, to around one in 3,000, if I turn off
javascript (but that's problematic).

So, I'm about one in 100K, mainly due to my screen size & resolution,
which is HD.

What I need is a way to mimick the most standard, most common, screen
size and resolution.

Q: What *is* the most common screensize and resolution anyway?

[Danny D'Amico]

On Mon, 20 Jan 2014 13:27:27 -0500, Paul wrote:

> Simple. Run your browser from within a VM. You can set the
> screen resolution of the virtual machine to whatever you want,
> making it smaller than your main screen.

This is the first suggestion that will help the problem of
being less unique.

My current (HD) screensize & resolution is: 1920x1080x24

This is apparently rather rare; so I need to make it something
less - but also more common.

Q: What is the most common screensize & resolution less than HD?

[Eef Hartman]

In alt.os.linux Danny D'Amico <da...@is.invalid> wrote:
> Q: What *is* the most common screensize and resolution anyway?

Probably 1280x1024 (most 17" up to 20" screens).

See i.e. this section in an older xorg.conf:
Section "Screen"
Identifier "1280x1024-24bit-nv-tft"
Device "Nvidia Generic" # for instance nv or nouveau driver
Monitor "Monitor-tft"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "1280x1024" "1024x768" "800x600" "640x480"
EndSubSection
EndSection
(Monitor-tft means refresh rate at 60 Hz, a crt normally needs
a higher, i.e. 75Hz, rate to prevent flickering).
--
*****************************************************************
** Eef Hartman, Delft University of Technology, dept. EWI/CE **
** e-mail: E.J.M....@tudelft.nl - phone: +31-15-27 82525 **
*****************************************************************

[Danny D'Amico]

On Mon, 20 Jan 2014 13:27:27 -0500, Paul wrote:

> When I checked https://panopticlick.eff.org/ here, the browser
> plugins seemed to be my biggest exposure. And I don't really
> have that much stuff added either.

I already solved the easy stuff, the first of which was to remove
*all* self-installed plugins. Here is one place where Tor excels,
as the set of plugins is more standard with the Tor Browser
Bundle than with a typical Firefox installation setup.

[Paul]

You can cook up something with VirtualBox.
As a hosting software, it's pretty flexible for VMs.

Paul

[Danny D'Amico]

On Mon, 20 Jan 2014 14:04:42 -0600, Johnny wrote:

> I use NoScript, Better Privacy, and have changed dom.storage in Firefox
> from True to False, and delete cookies when Firefox closes.

That statement made me look at my Panopticlick results:
DOM localStorage: Yes, DOM sessionStorage: Yes, IE userData: No

So, it looks like I need to change that to "No".

Googling what DOM storage is, I find this:
https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage

But, better yet, googling for how to stop it, I find this:
http://webdevwonders.com/clear-dom-storage/

So, this is privacy attempt, so far, on Firefox settings:
[Firefox]about:config->javascript.enable->(change from true to false)
[Firefox]about:config->dom.storage.enabled->(change from true to false)

[Danny D'Amico]

On Mon, 20 Jan 2014 20:45:17 +0000, Danny D'Amico wrote:

> So, this is privacy attempt, so far, on Firefox settings:
> [Firefox]about:config->javascript.enable->(change from true to false)
> [Firefox]about:config->dom.storage.enabled->(change from true to false)

Yikes!

That made the Firefox UNIQUE!

I *really* need to work on solving this - but turning off DOM seems to
be something almost nobody does.

Can that be correct?

[Danny D'Amico]

On Mon, 20 Jan 2014 20:34:03 +0000, Eef Hartman wrote:

> Probably 1280x1024 (most 17" up to 20" screens).

Given I have a 1920x1080x24 (16:9) HD laptop screen, I tried
to set it to 1280x1024x24 using the Ubuntu 13.10 GUI, but,
it won't change.
http://farm6.staticflickr.com/5476/12057757516_6c6c0cf77e_o.png

Is there freeware extant which will change the screen resolution?

[Paul]

Generally, hobbling the browser to the point of making
it useless, is going to make you pretty unique.

I'm sure you'll figure out a good set of compromises
with more testing.

Paul

[Johnny]

That's probably correct. You can either be unique, or let websites
store a lot of information on your computer forever.

It prevents forever cookies, "HTML5" cookies from being stored on your
computer, in Firefox.

[Mike Easter]

Danny D'Amico wrote:
> Mike Easter wrote:
>
>> That is, I believe you are misguiding yourself in terms of what you are
>> trying to do and how you are trying to do it based on this panopticlick
>> statement:
>
> Hmmm... I'm simply trying to be as NOT-UNIQUE as possible.
> That is, I prefer that every browser look like mine.

I understand the 'concept'.

What I'm questioning is 'what are you thinking about?'

That is, imagine security (or privacy) generically as opposed to what
some lock manufacturer tells you. (compare to panopticlick as a type of
lock manufacturer).

The lock manufacturer might try to sell you on a harder lock but not be
aware of the insecurity of your door hinges on the outside or your frail
lock hasp.

> Q: What *is* the most common screensize and resolution anyway?

You are focusing on whether cobalt or titanium (for example) is harder
than forged steel when I think you should first be thinking about the
complexion or nature of the adversary (analyzing your browser) that you
are trying to defeat.

Is your problem that you want to go to a webforum as multiple different
personas and not be recognized as having been there before as another
persona or something else?


--
Mike Easter

[Mike Barnes]

Danny D'Amico wrote:
> On Mon, 20 Jan 2014 09:30:23 -0800, Mike Easter wrote:
>
>> That is, I believe you are misguiding yourself in terms of what you are
>> trying to do and how you are trying to do it based on this panopticlick
>> statement:
>
> Hmmm... I'm simply trying to be as NOT-UNIQUE as possible.
> That is, I prefer that every browser look like mine.

That's one approach. Another approach is to look *different* every time.
Like reporting a randomly-varying (but actually non-existent for all the
difference that makes) screen resolution. You'll be unique but
non-identifiable, especially if many others do the same.

Not that that would do *me* any good... I have a unique combination of
plugins and a unique combination of fonts. And disguising those wouldn't
do me much good either, because of my fixed IP address. Ho hum.

--
Mike Barnes

[Chuck Anderson]

Danny D'Amico wrote:
> I'm trying to improve my browsing anonymity ...
>
> QUESTION:
> Q1: How can we change our screen size & resolution for browsing only?
> Q2: Does turning off javascript actually help or hurt anonymity?
>
> DETAILS:
> Testing on both Linux and Windows 7, with and without Tor, (see sites below):
> 1. Panopticlick.eff.org originally reported I was unique out of over 3 million tests.
> http://farm4.staticflickr.com/3691/12053056614_6276635c79_o.gif
> 2. So, I successively removed addons, which dropped me to one of thousands.
> http://farm3.staticflickr.com/2873/12053491716_19a6fc8f3f_o.gif
>
>

Strange statistics. Every time I reload the page my uniqueness drops
significantly. With just 10 analyses I've gone from one in 3 million to
one in 200,000. They haven't got a very large sampling if I can skew
their statistics by that much with so few samples.

--
*****************************
Chuck Anderson • Boulder, CO
http://cycletourist.com
Turn Off, Tune Out, Drop In
*****************************

[Mike Easter]

Mike Barnes wrote:
> Danny D'Amico wrote:

>> Mike Easter wrote:
>>
>>> That is, I believe you are misguiding yourself in terms of what you are
>>> trying to do and how you are trying to do it based on this panopticlick
>>> statement:
>>
>> Hmmm... I'm simply trying to be as NOT-UNIQUE as possible.
>> That is, I prefer that every browser look like mine.
>
> That's one approach. Another approach is to look *different* every time.
> Like reporting a randomly-varying (but actually non-existent for all the
> difference that makes) screen resolution. You'll be unique but
> non-identifiable, especially if many others do the same.

That is one/another look at the concept I'm trying to get across.

The OP is saying: "I'm concerned about the fact that my browser doesn't
look like enough different browsers, ergo it looks too close to 'just me'."

I'm saying, "Exactly WHY are you concerned about that?" This person
over here isn't concerned about that. This other person over here also
isn't concerned about that. Is there some specific reason YOU should be
so concerned about that that isn't vague fuzzy thinking about 'privacy
as a nebulous concept'."

Then, whether you want to TELL what the specific thinking is or not, you
should mentally ADDRESS in your own mind the specific thinking about why
specifically, what specific website or another you should care whether
you look like this many or that many different browsers and what you can
do about that specific concern for that specific instance which might
have nothing to do with resolution or screensize.


--
Mike Easter

[Beauregard T. Shagnasty]

In alt.windows7.general, Chuck Anderson wrote:

> Strange statistics. Every time I reload the page my uniqueness drops
> significantly. With just 10 analyses I've gone from one in 3 million to
> one in 200,000. They haven't got a very large sampling if I can skew
> their statistics by that much with so few samples.

Every time you refresh the page you add another record to their database.
As it happens, it is the same data as the last one. You're now *two*
records. Then *three*. They ain't smart enough to realize you are still
the same visitor.

Makes me think the whole process is just a wad of hokum.

--
-bts
-This space for rent, but the price is high

[mike]

This is a script I wrote so a headless linux system would use the
resolutions available on my remote screen. Should be able to
adapt this to what you want, or just xrandr manually to set new
resolutions.
Note that this will change the way linux addresses your screen.
It does not guarantee that your display can work in that mode.

#!/bin/sh

#file name is ar.sh
#don't forget to make it executable
#script to add video modes to the dropdown box in the display settings menu
#if there's no hardware display,
#put 75-ohm terminating resistors on the VGA port RGB so the OS will
enable a
#display in default resolution. Otherwise don't get a frame buffer.
#this allows you to run a headless system and change the resolution from VNC
clear
#determine the name of your video output by running xrandr.
#edit the script below to change all occurrences of DVI-0
#to whatever you got from xrandr.

#setup output. Edit this for other ports, see man xrandr
xrandr --output DVI-0
echo done output

#create new modes
#use cvt to generate strings for additional new modes. Paste here and
addmode.
#modes that duplicate an existing mode name string will produce errors.
xrandr --newmode "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200
1203 1209 1245 -hsync +vsync
xrandr --newmode "1920x1080_60.00" 173.00 1920 2048 2248 2576 1080
1083 1088 1120 -hsync +vsync
xrandr --newmode "1280x1024_60.00" 109.00 1280 1368 1496 1712 1024
1027 1034 1063 -hsync +vsync
xrandr --newmode "1024x768_60.00" 63.50 1024 1072 1176 1328 768 771
775 798 -hsync +vsync
echo done newmodes

#add modes to selection list
xrandr --addmode DVI-0 "1920x1200_60.00"
xrandr --addmode DVI-0 "1920x1080_60.00"
xrandr --addmode DVI-0 "1280x1024_60.00"
xrandr --addmode DVI-0 "1024x768_60.00"
echo done adddmodes
echo
echo New Display resolutions have been added to your display resolution
settings menu.
echo These may not work on your display.

#activate new mode
#substitute the startup mode you really want in the line below

xrandr --output DVI-0 --mode "1920x1080_60.00"

#echo done activating the mode

#If you run this more than once, it spits out confusing errors 'cuz the
modes already
#exist.
#must be run from the shell and user that it's modifying. Running as
root won't work.
#unless it's the root shell.

#debugged in Debian squeeze 8/30/2013 on HP Pavillion a6200n with
onboard nvidia No gurarantees!

[Danny D'Amico]

On Mon, 20 Jan 2014 13:18:44 -0800, Mike Easter wrote:

> Is your problem that you want to go to a webforum as multiple different
> personas and not be recognized as having been there before as another
> persona or something else?

That would be a good scenario.

Also, to multiple web sites period, sans any "persona", without a connection
being tied to them via the browser & IP address.

[Danny D'Amico]

On Mon, 20 Jan 2014 13:48:25 -0800, Mike Easter wrote:

> I'm saying, "Exactly WHY are you concerned about that?" This person
> over here isn't concerned about that. This other person over here also
> isn't concerned about that.

I try to stay up on computer security & privacy.

Sure, there are MANY people who use Yahoo, iPhones, and Internet Explorer;
but I, for one, (should) know better.

I like to know, for example, that my MAC address (which I randomly spoof)
can be seen by the Starbucks' access point router but no further.

I like to know, for example, that Java is a security hole, which can
relatively easily be disabled.

I like to know, for example, that Tor has the concept of Bridges, which
further hide the use of Tor (in simple cases, anyway).

The list goes on - but - there's nothing wrong with trying to blend in
with the crowd when browsing.

To be explicit, I don't have a *specific* worry. There isn't a state-sponsored
agency I'm trying to hide from. I'm not breaking the law. etc.

I'm just trying to be slightly more anonymous than I would have been
were I to browse with a unique browser fingerprint.

[Paul]

Does Linux have an EDID reader ? It would be interesting
to see if the hardware makes any claims about EDID.

On Windows we use this, because the Registry is such a mess.
It's impossible to figure out what keys control the resolution.
There's a lot of potential places to look. This free utility,
can read the serial interface in real time.

http://www.entechtaiwan.com/util/moninfo.shtm

I don't think a laptop panel has an EDID, but it would be
fun to check anyway. Perhaps even the Xorg log file makes some
mention (/var/log/Xorg.0.log) ?

Paul

[Danny D'Amico]

On Mon, 20 Jan 2014 22:11:51 +0000, Beauregard T. Shagnasty wrote:

> Every time you refresh the page you add another record to their database.

In the Panopticlick FAQ they discuss this:
https://panopticlick.eff.org/faq.php

"The site uses a 3-month persistent cookie to try to prevent double-counting
of browsers."

Here's what they say at the end of the FAQ:
A final, overall point:
The quality of data that we get from this project is definitely decreased as a
result of the fact that the design of the website encourages people to play
with their browser configurations. A lot of people are doing things like
turning off javascript, entering private browsing mode, or deleting cookies
just to see what effects those actions have on uniqueness.

That's great from an educational point of view, but it's probably going to
add a lot of noise to our data that we'll only be able to correct for partially.
We'd have gotten better data by putting these tests in an invisible corner
of a high-traffic website, but that simply isn't the EFF way when it comes to
running an experiment like this: we wanted to make sure people knew they were
participating, and let them know — even approximately — how rare/unique they
were.

[John Hasler]

Paul writes:
> Does Linux have an EDID reader ? It would be interesting
> to see if the hardware makes any claims about EDID.

get-edid (1)
read-edid tools to retrieve and interpret monitor specifications using the VESA VBE DDC ...

parse-edid (1)
read-edid tools to retrieve and interpret monitor specifications using the VESA VBE DDC ...
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

[Chris Ahlstrom]

Paul wrote this copyrighted missive and expects royalties:

> mike wrote:
>>>
>>>> Probably 1280x1024 (most 17" up to 20" screens).
>>>
>>> Given I have a 1920x1080x24 (16:9) HD laptop screen, I tried
>>> to set it to 1280x1024x24 using the Ubuntu 13.10 GUI, but,
>>> it won't change.
>>> http://farm6.staticflickr.com/5476/12057757516_6c6c0cf77e_o.png
>>>
>>> Is there freeware extant which will change the screen resolution?

I would think there's a built-in GUI for it.

>> This is a script I wrote so a headless linux system would use the
>> resolutions available on my remote screen.

<script snipped>

> Does Linux have an EDID reader ? It would be interesting
> to see if the hardware makes any claims about EDID.

From my maindesktop (/var/log/dmesg):

[ 10.775366] Raw EDID:
[ 10.775412] 00 e4 28 6b a2 2e 26 00 00 e0 00 20 01 01 01 00
[ 10.775451] 01 12 01 01 60 2a 0a 10 2a 02 24 a6 44 46 82 25
[ 10.775489] 00 10 54 90 a4 80 81 80 60 42 81 40 94 0b 04 00
[ 10.775527] 22 00 a9 40 00 01 21 29 00 20 62 1a 25 40 68 20
[ 10.775565] 22 00 a2 0b 11 00 00 18 00 00 00 24 00 40 28 29
[ 10.775604] 19 20 02 41 20 00 31 22 24 22 00 00 00 41 00 22
[ 10.775641] 00 0a 42 01 00 0a 20 20 20 20 20 20 00 00 00 30
[ 10.775679] 00 22 20 31 31 42 26 21 0a 20 20 20 20 20 00 f1
[ 10.775722] radeon 0000:01:05.0: VGA-1: EDID block 0 invalid.

>
> On Windows we use this, because the Registry is such a mess.
> It's impossible to figure out what keys control the resolution.
> There's a lot of potential places to look. This free utility,
> can read the serial interface in real time.
>
> http://www.entechtaiwan.com/util/moninfo.shtm
>
> I don't think a laptop panel has an EDID, but it would be
> fun to check anyway. Perhaps even the Xorg log file makes some
> mention (/var/log/Xorg.0.log) ?

--
It happened that a fire broke out backstage in a theater. The clown came
out to inform the public. They thought it was just a jest and applauded.
He repeated his warning, they shouted even louder. So I think the world
will come to an end amid general applause from all the wits, who believe
that it is a joke.

[Jasen Betts]

On 2014-01-20, Paul <nos...@needed.com> wrote:

>> Q1: How can we change our screen size & resolution for browsing only?
>> Q2: Does turning off javascript actually help or hurt anonymity?
>
> Simple. Run your browser from within a VM. You can set the
> screen resolution of the virtual machine to whatever you want,
> making it smaller than your main screen.

Or use xnest (you can specify screen size on the command-line)

Xnest :2 &
export DISPLAY=:2
gnome-wm & # you're going to need a window manager
# can use twm etc... here instead
chromium ; kill %1 # run a browser close xnest when done






--
For a good time: install ntp

--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---

[dx...@albury.nospam.net.au]

On 21/01/14 04:45, Dave-UK wrote:
>
> "Danny D'Amico" <da...@is.invalid> wrote in message
> news:pan.2014.01...@is.invalid...

>> I'm trying to improve my browsing anonymity ...
>

> Use Tor:
> https://www.torproject.org/projects/torbrowser.html.en

Wasn't Tor (a Firefox clone, I think) mentioned as one of the most
susceptible to supplying the USA's NSA with data of where "we" have been
on the Internet??

Daniel

[dx...@albury.nospam.net.au]

On 21/01/14 07:04, Johnny wrote:

<Snip>
> From Wikipedia:
>
> Diversity requires that no two machines have the same fingerprint.
> However, large numbers of machines are likely to have exactly the same
> configuration data and thus the same fingerprint. This is particularly
> true in the case of factory installed operating systems. One remedy is
> to use a scripting language to harvest a large numbers of parameters
> from the client machine;...
>
>
> I tried that website with Noscript enabled, and then disabled.
>
> NoScript enabled:
>
> Within our dataset of several million visitors, only one in 30,866
> browsers have the same fingerprint as yours.
>
> Currently, we estimate that your browser has a fingerprint that conveys
> 14.91 bits of identifying information.
>
>
> NoScript disabled:
>
> Within our dataset of several million visitors, only one in 1,898,271
> browsers have the same fingerprint as yours.
>
> Currently, we estimate that your browser has a fingerprint that conveys
> 20.86 bits of identifying information.
>
>
> The first time I went there it was double that amount, so I guess the
> number would continue to decrease each time I visited the site.
>
>
> It seems the more unique the browser, the more trackable it is. So I
> guess it is better to have your computer set up exactly like millions of
> others.

>
>
> I use NoScript, Better Privacy, and have changed dom.storage in Firefox
> from True to False, and delete cookies when Firefox closes.

How does one get 14.91 bits of identifying information or 20.86 bits of
identifying information?? How can the .91 bits/.86 bits be determined??
A bit is a bit is a bit, and you cannot have parts of bits!! (I was
going to type "bits of bits, but thought better of it!!) Unless these
figures are some sort of average and, therefore, pretty useless!!

Daniel

[Dave-UK]

"Dani...@teranews.com" <dx...@albury.nospam.net.au> wrote in message news:XduDu.302928$gh2....@fx24.iad...

No.

[Auric__]

> No.

Get it from the horse's mouth:

https://blog.torproject.org/category/tags/nsa

--
The footprint of the owner is the best manure.

[Paul]

Log base 2 of "you're one in a million". That is where
that comes from.

Try this. The web page tells you "you're unique out of
4 million users". Then it says "22 bits of information".
Now, figure out, what is 2 to the 22nd power ? See
the correspondence ? And for you kids at home, I hope
you worked that out in your head, and not with a calculator :-)
2**10 is 1024 or roughly a thousand. Then 2**20 is going
to be a thousand times a thousand. Leaving you to work
out 2**2 which is four. That's the four million.

They're not bits, when you consider they're just
taking log base 2 of the "odds". Say the odds were
1 in 7. Log base 2 of 7 is 2.8. 2**2.8 is 7.
I could quip that was "2.8 bits" of information.
Maybe someone thought it would make the
table easier to read or something :-) Or they
wanted to get you interested in logarithms :-)
Maybe an evil math teacher made them do it :-)
The possibilities are endless.

Paul

[Gene E. Bloch]

On 1/21/2014, Paul posted:

The concept of bits in this case comes from Information Theory, where I
suspect it is defined exactly as you have described it above, and it
does have a very precise meaning in that discipline.

I bet you know more about that than I do...

--
Gene E. Bloch (Stumbling Bloch)

[Paul]

Gene E. Bloch wrote:

>
> The concept of bits in this case comes from Information Theory, where I
> suspect it is defined exactly as you have described it above, and it
> does have a very precise meaning in that discipline.
>
> I bet you know more about that than I do...

I never studied Information Theory. It was thrust upon me.
Sorta like when as a kid, your mom made you eat your vegetables.

Paul

[Gene E. Bloch]

On 1/21/2014, Paul posted:

Mmm. Cauliflower. Good!

But Brussels sprouts are even better...

I have enjoyed eggplant at Chinese and other restaurants, but a sort of
salad buffet place that some friends used to gather at (until they went
out of business) managed to create some very unappetizing eggplant.

[Paul]

We used to have dishes with eggplant in them, in the company cafeteria.
Part of their "evil vegetable" campaign I think :-)

It may have been the Brussel sprouts which were my nemesis as a kid.

And cauliflower is OK, if it's cooked in a vat full of Cheez Whiz :-)
Because you can hid just about anything, with enough Cheez Whiz.
(We had cauliflower at home, served in a cheese sauce, but it
wasn't actually made with Cheez Whiz. It only looked like that,
in consistency. The cheese sauce we had, was a lighter color.)

I have since seen recipes listed on the back of a bottle of
Cheez Whiz, which implored the user to microwave the *entire bottle* ,
and pour it over another food stuff. The horror! Example here.
At least if you make your own cheese sauce, you can control the
amount of salt used.

http://writing.upenn.edu/wh/involved/awards/juniorfellow/scrapbook/cheezwhiz.jpg

Paul

[Danny D'Amico]

On Tue, 21 Jan 2014 16:22:40 -0500, Paul wrote:

> Log base 2 of "you're one in a million". That is where
> that comes from.

Finally, it all starts to make sense!

So, when Panopticlick says:
"Within our dataset of several million visitors, only one in 1,266,800

browsers have the same fingerprint as yours. Currently, we estimate

that your browser has a fingerprint that conveys 20.25 bits of
identifying information."

Apparently, that means 2^20.25 is about 1,266,800 (give or take).

Is that how it works?

[Paul]

It's a funny coincidence, if it doesn't actually work that way.

Paul

[Gene E. Bloch]

On 1/21/2014, Danny D'Amico posted:

Actually, for 1,266,800 the info size is 20.27 bits. I'd say 20.25 is
close enough :-)

[dx...@albury.nospam.net.au]

O.K., thanks for the link, Auric.

Daniel

[dx...@albury.nospam.net.au]

Ah!! So that's what they are talking about ... 2^14.91 comes out as
30,786.281 (which is pretty close to the 30,866 they mention.

And 2^20.86 give 1,903,205.611 which is close to their 1,898,271.

Daniel

[Jasen Betts]

Q: how many bits to represents a digit 0-9

A1: 2^10 > 10^3 (but fairly close) so somehere just less than 10/3 bits are needed.

A2: log_2(10) is approx 3.32 so about 3.32 bits are needed.

> A bit is a bit is a bit, and you cannot have parts of bits!!

a bit is a quantity of information.

a box is known to contain contains 64 stones 63 white and 1 black,
bow many bits does it take to record the colour of every stones?

the the black stone has 6 bits of uniqueness
he white stones only 2/21 bits.




base 91 encoding gets 6-1/3 bits per character IIRC.