1
00:00:00,180 --> 00:00:06,870
Now that we covered most features of the Torah browser I want to spend one more lecture talking about

2
00:00:06,870 --> 00:00:08,530
the security settings.

3
00:00:08,580 --> 00:00:18,220
What do they change and how these changes affect our privacy and anonymity we can access the security

4
00:00:18,220 --> 00:00:21,780
settings from the shield icon and here beside the Onion.

5
00:00:21,780 --> 00:00:23,760
That we were using in the previous lecture.

6
00:00:24,340 --> 00:00:30,100
If this shield is empty it means the security settings are set to the standard settings.

7
00:00:30,250 --> 00:00:33,850
Clicking on it again will show you the security level that you have right now.

8
00:00:33,850 --> 00:00:36,430
And as you can see I'm at standard.

9
00:00:36,430 --> 00:00:44,750
If you want to change this you can click on advanced security settings in here you can also access this

10
00:00:44,930 --> 00:00:48,240
from the options menu like I showed you in the previous lecture.

11
00:00:48,350 --> 00:00:57,020
So you just go here you go to options and then go to privacy and scroll down to the security levels.

12
00:00:57,590 --> 00:01:02,540
So as you can see we have three main very simple security levels right now.

13
00:01:02,540 --> 00:01:05,260
We're set to standard which is the default.

14
00:01:05,450 --> 00:01:10,660
This option will make tor browser as usable as any other browser.

15
00:01:10,670 --> 00:01:17,540
Just a little bit slower but it'll allow you to access everything all content is available.

16
00:01:17,570 --> 00:01:19,480
Scripts will not be blocked.

17
00:01:19,640 --> 00:01:27,200
So it'll make all Web sites very nice and usable but it is not the most secure setting especially if

18
00:01:27,200 --> 00:01:34,860
you're using Tor browser on Windows which is not a very secure operating system by default so cranking

19
00:01:34,860 --> 00:01:40,440
this up to safer will disable javascript on hash TTP pages.

20
00:01:40,500 --> 00:01:44,630
It will also disable some fonts and other hasty e-mail content.

21
00:01:44,730 --> 00:01:49,100
So it might make web sites function slightly different than normal.

22
00:01:49,110 --> 00:01:56,170
They might look slightly different than normal but it'll be a little bit safer and more private.

23
00:01:56,250 --> 00:02:04,630
And then if you crack this up all the way to the safest it'll disable javascript on all pages even ETP

24
00:02:04,830 --> 00:02:05,690
pages.

25
00:02:05,850 --> 00:02:13,050
Obviously all traffic will be forest over hash TTP s because tor comes with his TTP everywhere videos

26
00:02:13,050 --> 00:02:14,710
will not play by default.

27
00:02:14,760 --> 00:02:21,030
A lot of other hasty e-mail content will be blogged to make sure that you get the highest levels of

28
00:02:21,030 --> 00:02:25,100
security and anonymity out of this browser.

29
00:02:25,160 --> 00:02:30,470
Note how change in the security level and here changes the icon on the top right.

30
00:02:30,480 --> 00:02:35,610
So in the future when you're using Tor and you're not sure what level you're in you can simply look

31
00:02:35,610 --> 00:02:39,340
at the icon if it's false that means you're in safest if it's half full.

32
00:02:39,330 --> 00:02:40,820
That means you're in safer.

33
00:02:40,830 --> 00:02:43,710
And if it's empty it means you're on standard.

34
00:02:43,710 --> 00:02:49,170
You can also just click it to see exactly what security level you're on.

35
00:02:49,170 --> 00:02:54,030
So now that I'm happy with my level I'm going to keep it that the safest and we're going to close this

36
00:02:54,990 --> 00:03:02,070
and I actually want to show you the results of some tests that I did for the three different security

37
00:03:02,070 --> 00:03:03,510
levels.

38
00:03:03,510 --> 00:03:10,230
So with the basic or standard security level I use this Web site right here and I'm going to include

39
00:03:10,260 --> 00:03:12,980
its link in the resources of this lecture.

40
00:03:13,020 --> 00:03:20,430
Basically this Web site runs a number of tests to see how much information your browser is given about

41
00:03:20,430 --> 00:03:21,560
you.

42
00:03:21,600 --> 00:03:27,240
So as you can see with the standard the browser is blocking ads.

43
00:03:27,330 --> 00:03:35,940
It's not like an invisible trackers it's like parties that honor the Do Not Track promise.

44
00:03:35,970 --> 00:03:36,650
This is fine.

45
00:03:36,660 --> 00:03:38,030
This is good.

46
00:03:38,040 --> 00:03:41,940
And finally it does not protect from fingerprinting.

47
00:03:41,940 --> 00:03:45,950
So it's telling us that the browser has a unique fingerprint.

48
00:03:45,950 --> 00:03:53,430
And at the bottom here if you read this statistic it's telling you that among the more than 200000 browsers

49
00:03:53,700 --> 00:04:01,530
that were tested on this Web site our browser appears to be unique so that it can be used to basically

50
00:04:01,530 --> 00:04:11,080
identify us and in here it's telling us that there are at least seventeen point eight four bits of identifying

51
00:04:11,080 --> 00:04:17,680
information that can be gathered by literally analyzing our browser.

52
00:04:17,750 --> 00:04:24,140
Now I've also run the same test after changing my security level to medium.

53
00:04:24,140 --> 00:04:29,590
And if you come here you'll see that my browser is blocking traffic in ads.

54
00:04:29,600 --> 00:04:36,800
It also has partial protection against blocking invisible trackers which is again very similar to what

55
00:04:36,800 --> 00:04:38,920
we had with the standard.

56
00:04:38,990 --> 00:04:44,390
We can also see that our browser blocks Acceptable Ads.

57
00:04:44,390 --> 00:04:47,540
It still blocks parties that honor the Do Not Track.

58
00:04:47,540 --> 00:04:49,490
Like I said this is fine.

59
00:04:49,490 --> 00:04:55,710
And finally our browser still has a unique fingerprint.

60
00:04:55,840 --> 00:05:00,370
Now again if we click on the show the full details we can get the statistics.

61
00:05:00,640 --> 00:05:08,530
Again it's saying that our browser can is still unique and the browser is given seventeen point eight

62
00:05:08,530 --> 00:05:11,590
four bits of identifying information.

63
00:05:11,620 --> 00:05:17,370
Again it's actually identical to what we got with the standard.

64
00:05:17,410 --> 00:05:23,890
Now finally I cranked my security all the way to the highest similar to what I have right now and I

65
00:05:23,890 --> 00:05:28,810
run the same test in here and as you can see the results are much better.

66
00:05:28,810 --> 00:05:31,180
So again browser is blocking all tracking us.

67
00:05:31,180 --> 00:05:31,840
This is fine.

68
00:05:31,840 --> 00:05:35,460
It was happening with both standard and medium.

69
00:05:36,010 --> 00:05:40,140
Then it's also a block in invisible trackers.

70
00:05:40,210 --> 00:05:43,060
It's not except in the Do Not Try commitment.

71
00:05:43,120 --> 00:05:44,400
Like I said this is fine.

72
00:05:44,410 --> 00:05:45,610
This is good.

73
00:05:45,610 --> 00:05:50,070
And finally when it's CNN does your browser protect you from fingerprinting.

74
00:05:50,170 --> 00:05:51,460
This is yes.

75
00:05:51,460 --> 00:05:54,100
So this is the main thing that's different here.

76
00:05:54,100 --> 00:05:57,940
If you look here and it says no.

77
00:05:58,300 --> 00:06:04,900
And in the standard again it was saying no so our browser had a unique fingerprint whereas right now

78
00:06:05,110 --> 00:06:09,910
it has less unique fingerprint if you want to think of it that way.

79
00:06:09,910 --> 00:06:15,970
So looking at the statistic here it's saying that only one in one hundred and fourteen browsers have

80
00:06:15,970 --> 00:06:24,060
the same fingerprint whereas before we had one unique fingerprint among more than 200000 browsers.

81
00:06:24,250 --> 00:06:32,380
Not only that but our browser now only gives six point eighty four bits of identifying information whereas

82
00:06:32,470 --> 00:06:40,060
as shown before here and here with the two medium and low security settings it was given seventeen point

83
00:06:40,090 --> 00:06:41,320
eight four.

84
00:06:41,320 --> 00:06:48,520
So with the high security settings you're given much less information about your browser and about yourself

85
00:06:48,610 --> 00:06:57,340
in general now you can actually scroll down here after clicking on more information to see where exactly

86
00:06:57,550 --> 00:07:06,040
these bits of information are coming from so you can see the user agent of the browser is revealing

87
00:07:06,040 --> 00:07:10,420
three point seventy four bits of information about you.

88
00:07:10,450 --> 00:07:16,250
You can see the history teepee header here revealing the language used along with more information.

89
00:07:16,270 --> 00:07:23,310
Again this is accounting for one point five eight bits of info going down we can see the browser plugins

90
00:07:23,320 --> 00:07:29,250
are revealing information the time zone even the screen size and the color depth.

91
00:07:29,380 --> 00:07:34,090
And that's why I said don't maximize the screen because if you maximize it.

92
00:07:34,090 --> 00:07:36,640
This will give the true size of your monitor.

93
00:07:36,700 --> 00:07:39,620
Again given even more information.

94
00:07:39,730 --> 00:07:46,740
If you keep scrolling down here you'll see exactly where each bit of information is coming from.

95
00:07:46,840 --> 00:07:53,500
And given us the total of seventeen point four eight in this example when we had the security at medium

96
00:07:55,300 --> 00:07:56,980
now you might think big deal.

97
00:07:56,980 --> 00:08:01,850
So what if my browser is given seventeen point eight four bits of information.

98
00:08:01,900 --> 00:08:02,890
What does that mean.

99
00:08:03,880 --> 00:08:12,550
Well according to information theory this information can be added together in order to identify you

100
00:08:13,580 --> 00:08:15,270
in information theory.

101
00:08:15,280 --> 00:08:17,830
Information is measured in bits.

102
00:08:17,980 --> 00:08:25,570
And according to this formula right here we can calculate the amount of information a certain fact such

103
00:08:25,600 --> 00:08:31,010
as your browser plugins can reveal about your identity.

104
00:08:31,150 --> 00:08:39,450
Like I said this is measured in bits and adding all these bits together can be used to identify you.

105
00:08:39,630 --> 00:08:48,480
So at the time of recording this lecture the population of Earth is around 77 billion plug in this value

106
00:08:48,600 --> 00:08:50,880
into this equation right here.

107
00:08:50,910 --> 00:08:56,580
We can see that in order to identify a person on earth.

108
00:08:56,730 --> 00:08:59,340
All we need is thirty two point eight.

109
00:08:59,550 --> 00:09:03,110
So nearly thirty three bits of information.

110
00:09:04,200 --> 00:09:11,220
So when searching for someone we start adding the bits of information that we discover about them one

111
00:09:11,220 --> 00:09:17,660
by one such as their language their location the browser they use and so on.

112
00:09:17,700 --> 00:09:25,560
Once we get about thirty three bits of information identifying this person will become relatively easy

113
00:09:26,980 --> 00:09:34,330
so going back to what we had here you can see the browser in the medium security settings is already

114
00:09:34,330 --> 00:09:38,910
revealing seventeen point eight bits of information about you.

115
00:09:38,950 --> 00:09:46,540
So all that's left is only 15 bits of information and locating you will be relatively easy.

116
00:09:46,600 --> 00:09:52,210
Now granted some of the information that we see here is incorrect such as the screen size because we

117
00:09:52,210 --> 00:09:58,720
don't have the screen in full screen but you get the idea the more bits that your browser is given about

118
00:09:58,720 --> 00:10:05,510
you the worst because these bits can be used to locate and identify you.

119
00:10:05,530 --> 00:10:13,350
So if we look at the high security we can see we're only revealing six point eighty four bits of information.

120
00:10:13,420 --> 00:10:17,140
And as I said before some of this information is incorrect.

121
00:10:17,200 --> 00:10:20,260
So it's a pretty good start.

122
00:10:20,380 --> 00:10:26,440
And again as we go through the course we're going to talk about more advanced methods of protecting

123
00:10:26,530 --> 00:10:28,540
our security and anonymity.