[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

Dennis Groves dennis.groves at gmail.com
Mon Mar 11 10:26:36 UTC 2013


On 11 Mar 2013, at 10:08, Dennis Groves wrote:

> One of the issues is the concept of identity, it only takes [32 bits 
> of information to identify 
> somebody](https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy). 
> IP Address is certainly not enough and unsurprisingly you can easily 
> gather enough information to have very high confidence in identity 
> without any username or password.

A better link on [browser 
uniqueness](https://panopticlick.eff.org/browser-uniqueness.pdf) that 
will give you much better information about uniquely identifying 
visitors without either username or password. Of course my browser only 
gives 21.4 bits of the 33 required; however even that is information 
that gives you a high degree of confidence about me. Also remember IP 
addresses have origins; and origins have populations - information is 
being leaked all over the place…



Dennis

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130311/425c7e6f/attachment.html>


More information about the Owasp-appsensor-project mailing list