1
00:00:00,000 --> 00:00:06,000
In the previous lecture, I showed you how to modify the settings for the Tor browser for maximum privacy,

2
00:00:06,000 --> 00:00:08,000
anonymity, and security.

3
00:00:08,000 --> 00:00:14,000
But when we got to this security section in here, I actually skipped it and I told you that I will

4
00:00:14,000 --> 00:00:15,000
cover it in the next lecture.

5
00:00:15,000 --> 00:00:22,000
I did that because the settings in here are very, very important and they can drastically affect your

6
00:00:22,000 --> 00:00:25,000
privacy, anonymity and security online.

7
00:00:25,000 --> 00:00:30,000
That's why I want to spend a full lecture talking about the three options that we have in here, and

8
00:00:30,000 --> 00:00:35,000
how they compare once we actually test them against real online trackers.

9
00:00:35,000 --> 00:00:37,000
Now, just a quick reminder.

10
00:00:37,000 --> 00:00:40,000
In order to access this window, you have to go to the options.

11
00:00:40,000 --> 00:00:48,000
Click on settings, click the security settings and scroll down to the settings section that we have

12
00:00:48,000 --> 00:00:49,000
in here.

13
00:00:50,000 --> 00:00:52,000
Now as you can see, the default option is standard.

14
00:00:52,000 --> 00:00:58,000
And this is basically the normal default settings that you get on any web browser or specifically a

15
00:00:58,000 --> 00:01:03,000
Firefox web browser because the Tor browser is based on Firefox.

16
00:01:04,000 --> 00:01:06,000
The safer option in here.

17
00:01:06,000 --> 00:01:11,000
As you can see, it's going to disable JavaScript on Non-https websites.

18
00:01:11,000 --> 00:01:17,000
It's going to disable some fonts and math symbols, and the audio and video are click to play.

19
00:01:18,000 --> 00:01:21,000
If you crank it all the way up to the safest.

20
00:01:21,000 --> 00:01:27,000
It's going to disable JavaScript on all websites, so Http and https.

21
00:01:27,000 --> 00:01:35,000
It's also going to disable more fonts, icons, math symbols and images and videos and audio are going

22
00:01:35,000 --> 00:01:36,000
to be click to play.

23
00:01:36,000 --> 00:01:43,000
Now if you look here on the top right this shield icon here, this indicates the security settings that

24
00:01:43,000 --> 00:01:43,000
you are at.

25
00:01:43,000 --> 00:01:47,000
So as you can see, if you are on the safest it's set to full.

26
00:01:47,000 --> 00:01:51,000
If we are on the safer the middle it's set to half full.

27
00:01:51,000 --> 00:01:55,000
And if you are on the standard it is set to empty.

28
00:01:56,000 --> 00:02:01,000
Now, an important thing to keep in mind is that the higher the security setting, the more browser

29
00:02:01,000 --> 00:02:03,000
features that will be disabled.

30
00:02:03,000 --> 00:02:04,000
So again on the safest.

31
00:02:04,000 --> 00:02:10,000
As you can see, JavaScript is disabled on everything and more symbols and more images are disabled.

32
00:02:10,000 --> 00:02:15,000
Therefore, some website features are not going to work, but you will be more secure, more private

33
00:02:15,000 --> 00:02:16,000
and more anonymous.

34
00:02:16,000 --> 00:02:18,000
So this is up to you.

35
00:02:18,000 --> 00:02:23,000
You can go ahead and modify this as you're browsing, but it is best to keep it on the safest.

36
00:02:23,000 --> 00:02:25,000
And I'm not just saying this.

37
00:02:25,000 --> 00:02:29,000
I actually ran three different tests, one with each security level.

38
00:02:29,000 --> 00:02:34,000
And I'm going to show you now the results, and you'll see how the safest security level is actually

39
00:02:34,000 --> 00:02:36,000
so much better than the other two.

40
00:02:37,000 --> 00:02:39,000
So I'm going to share this website for you.

41
00:02:39,000 --> 00:02:45,000
And basically this website runs a number of tests against your browser to see how easy it is to track

42
00:02:45,000 --> 00:02:47,000
it and to fingerprint it.

43
00:02:47,000 --> 00:02:51,000
So the first test run in here with the lowest security settings.

44
00:02:51,000 --> 00:02:56,000
And as you can see it's saying we have some protection but we also have some gaps.

45
00:02:57,000 --> 00:03:02,000
If we look at the details in here, you can see that we have partial protection against tracking ads.

46
00:03:02,000 --> 00:03:09,000
We have partial protection against invisible trackers, and we have partial protection against fingerprinting.

47
00:03:09,000 --> 00:03:13,000
What we mean by fingerprinting is how unique our browser is.

48
00:03:13,000 --> 00:03:19,000
The more unique it is, the worst for us because that means we can be identified easier.

49
00:03:19,000 --> 00:03:21,000
So we actually want to be less unique.

50
00:03:21,000 --> 00:03:24,000
And we want to be mixed up with all of the other browsers around the world.

51
00:03:24,000 --> 00:03:27,000
Now, if we scroll down, we'll get even more information.

52
00:03:27,000 --> 00:03:34,000
So you can see that our browser is one in over 100,000 browsers, again meaning that it is very, very

53
00:03:34,000 --> 00:03:35,000
unique.

54
00:03:35,000 --> 00:03:42,000
And you can see that our browser is leaking 13.42 bits of identifying information.

55
00:03:42,000 --> 00:03:46,000
We will talk more about these identifying information at the end of the lecture.

56
00:03:46,000 --> 00:03:53,000
But let's see how these results in here compare to the second to the moderate security level.

57
00:03:54,000 --> 00:03:59,000
Now if you look up again, you can see we have partial protection against tracking ads and invisible

58
00:03:59,000 --> 00:04:04,000
trackers, very similar to what we had in the low security setting, believe it or not.

59
00:04:04,000 --> 00:04:09,000
And in the fingerprinting we actually have more of a unique fingerprint.

60
00:04:09,000 --> 00:04:16,000
So as a result, the safer option, the middle option is actually less safe than the low option.

61
00:04:16,000 --> 00:04:20,000
So even if we scroll down you can see that we are more unique.

62
00:04:20,000 --> 00:04:25,000
So our browser is one in over 200,000 instead of 100,000 in here.

63
00:04:25,000 --> 00:04:32,000
And you can see that the browser is leaking 14.49 bits of identifying information compared to what we

64
00:04:32,000 --> 00:04:36,000
have in here, which was 13.42.

65
00:04:36,000 --> 00:04:42,000
Now, if we compare this to the safest, you can actually see that it's telling you in the title that

66
00:04:42,000 --> 00:04:45,000
we have strong protection against web tracking.

67
00:04:45,000 --> 00:04:48,000
And as you can see, it's not partial anymore.

68
00:04:48,000 --> 00:04:49,000
We are blocking tracking ads.

69
00:04:49,000 --> 00:04:51,000
We're blocking invisible trackers.

70
00:04:51,000 --> 00:04:54,000
And it is protecting us from fingerprinting.

71
00:04:54,000 --> 00:05:02,000
So as you can see, this table is already much safer than the results that we had in here and in here.

72
00:05:03,000 --> 00:05:11,000
Now, going back to the details of the highest security, you can see that our browser is 1 in 96 browsers.

73
00:05:11,000 --> 00:05:13,000
So that means it is not unique.

74
00:05:13,000 --> 00:05:18,000
It's actually mixed up with a lot of other browsers around the world around the internet.

75
00:05:18,000 --> 00:05:24,000
Whereas again, in here we were one in over 200,000, and in here we were one in over 100,000.

76
00:05:26,000 --> 00:05:31,000
You can also see it's only leaking 6.59 bits of identifying information.

77
00:05:31,000 --> 00:05:35,000
Again, this is much less than what we had in the two options in here.

78
00:05:36,000 --> 00:05:42,000
Therefore, as you can see, the safest option is actually going with the safest in here.

79
00:05:42,000 --> 00:05:45,000
The only thing is, like I said, some website features are not going to work.

80
00:05:45,000 --> 00:05:50,000
In that case, if you trust that website, you can come here and change the setting when you're loading

81
00:05:50,000 --> 00:05:51,000
that website.

82
00:05:52,000 --> 00:05:52,000
Now.

83
00:05:52,000 --> 00:05:57,000
Also, if you scroll down in here in this website, it's actually going to show you each browser feature

84
00:05:57,000 --> 00:06:01,000
and the amount of identifying information it is leaking.

85
00:06:01,000 --> 00:06:07,000
So you can see the user agent in here is leaking 4.39 of identifying information.

86
00:06:07,000 --> 00:06:16,000
If you scroll down, the Http accept header is leaking 4.6 bits of identifying information, and as

87
00:06:16,000 --> 00:06:22,000
you scroll down, you'll get more information on how this number is being calculated in here.

88
00:06:22,000 --> 00:06:24,000
Now you might think, big deal.

89
00:06:24,000 --> 00:06:29,000
So what if my browser is given 17.84 bits of information?

90
00:06:29,000 --> 00:06:30,000
What does that mean?

91
00:06:31,000 --> 00:06:32,000
Well.

92
00:06:32,000 --> 00:06:41,000
According to information theory, this information can be added together in order to identify you in

93
00:06:41,000 --> 00:06:42,000
information theory.

94
00:06:42,000 --> 00:06:50,000
Information is measured in bits and according to this formula right here we can calculate the amount

95
00:06:50,000 --> 00:06:58,000
of information a certain fact, such as your browser plug ins can reveal about your identity.

96
00:06:58,000 --> 00:07:06,000
Like I said, this is measured in bits and adding all these bits together can be used to identify you.

97
00:07:07,000 --> 00:07:15,000
So at the time of recording this lecture, the population of Earth is around 77 billion.

98
00:07:15,000 --> 00:07:23,000
Plugging this value into this equation right here, we can see that in order to identify a person on

99
00:07:23,000 --> 00:07:27,000
Earth, all we need is 32.8.

100
00:07:27,000 --> 00:07:31,000
So nearly 33 bits of information.

101
00:07:31,000 --> 00:07:38,000
So when searching for someone, we start adding the bits of information that we discover about them

102
00:07:38,000 --> 00:07:45,000
one by one, such as their language, their location, the browser they use, and so on.

103
00:07:45,000 --> 00:07:53,000
Once we get about 33 bits of information, identifying this person will become relatively easy.

104
00:07:54,000 --> 00:07:58,000
So going back to what we had here, you get the idea.

105
00:07:58,000 --> 00:08:05,000
The more bits that your browser is given about you, the worse, because these bits can be used to locate

106
00:08:05,000 --> 00:08:07,000
and identify you.

107
00:08:07,000 --> 00:08:15,000
So if we look at the high security, we can see we're only revealing six point bits of information.

108
00:08:15,000 --> 00:08:19,000
And as I said before, some of this information is incorrect.

109
00:08:19,000 --> 00:08:21,000
So it's a pretty good start.

110
00:08:21,000 --> 00:08:28,000
And again, as we go through the course, we're going to talk about more advanced methods of protecting

111
00:08:28,000 --> 00:08:30,000
our security and anonymity.