How Unique Is Your Web Browser? (You're being tracked based on how unique your browser settings are)

Electronic Frontier Foundation ^

[LibWhacker]

Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and con figurtion information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test site, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample.

By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a figerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.

We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a trade off between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- fingerprinting privacy technologies can be self- defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

[LibWhacker]

Take the test here: https://panopticlick.eff.org/??

Read the paper here: https://panopticlick.eff.org/browser-uniqueness.pdf

Criminy, I thought I was being smart running a boatload of privacy plugins, setting my browser up not to run scripts, accept cookies, nor generally, to give out much information at all about me or my computer.

But now, it turns out, that can be used against me; i.e., my computer is totally unique amongst 1.5 million browsers tested, and therefore, can be tracked across the web based upon this unique fingerprint! Or, as one wag has said, "What a cruel twist of fate, all my plugins designed to give me privacy are being used to identify me!"

[driftdiver]

They can also track you by IP and location.

[Paladin2]

"Your browser fingerprint appears to be unique among the 1,592,818 tested so far."

That's a problem.

[JPG]

You can browse but you can't hide.

[Paladin2]

Same with me, except I had to allow their program to send data back.

[DBrow]

Mine to seems to be completely unique among the 1.56 million in their database.

So what are the odds that we BOTH have such unique settings?

One thing making mine unique was that I have Java plugins- but who does not?

I think these guys are BUILDING a database of browser characteristics, to use to track people.

[Squantos]

In theory that makes sense.... Could indeed be a tell tale.

I do such to avoid the average bs malware etc...

[MetaThought]

Now you need another plugin to protect all this info ...

[SWAMPSNIPER]

[lmsii]

I’m worse than you (1,593,093)and was doing the same thing.

[LibWhacker]

Interesting... We all have similar but not identical uniqueness measures. How can that be? If they’ve tested 1.6M browsers and 100,000 of them share your fingerprint, would they tell you that you were unique among [the other] 1.5M? How exactly does that work? I’m not sure.

[Squantos]

Nothing is something per se... That would only seem to apply to no such agency sorts who can breach your security if they want anyway.

Only way for two people to keep a secret is if one of em is dead.....supposedly....:o)

[LibWhacker]

LOL

[LibWhacker]

Lol, boy, is that ever the truth!

[LostInBayport]

I was unique with 20.6 bits too. Hmmm.

[Paladin2]

Looks like it comes from “Browser Plugin Details” which may include the order of when you added the plugins.

[ken21]

ditto.

[bunkerhill7]

Buy a used computer trade-in from a repair shop. It usually has the original buyer`s administrator`s login defaults locked in and defaults to the original buyer`s email address and windows license info. All the upgrades are registered with the administrator.

[brityank]

Weird.

Here's an easier way of tracking someone - the only way to defeat it is through an anonymizer portal:

Here's what I got:

Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 12.46 bits of identifying information.