Lots of ideas, many of which I've had as well, but I am missing conclusions. On the demo page it tells me my CPU benchmark and some scrolling measurements. Great, but how unique was that now? And how are you going to make the data points into a fingerprint? Because next time I scroll, I will totally scroll a millisecond differently.
He needs to collect data first in order to be able to say something about that. Panoptoclick [1] can report on uniqueness because they have test data from thousands of clients. Perhaps these fingerprints can be added there for the exposure (and because they will work to identify non-tor browsers as well).
> And how are you going to make the data points into a fingerprint?
The two "scrolling deltas" arrays are very different in nature, you could easily drop all the zeros and boil it down to "all 3" or "not all 3". That would give a nonzero contribution to the number of bits of that form an overall fingerprint. Similarly for the CPU benchmark, a phone is not as powerful as a desktop, so a result of "500" on one and "2800" on another are very likely different machines. So bin it to the nearest 500 and you'll have another non-zero contribution. Repeat for client rectangles and so on.
Good points but not even an attempt is being made at using the data. He could have tried his laptop, his phone and his mom's tablet or something, at the very least, though that would probably still be hugely overfitting the data.
