Skip to comments.
How Unique Is Your Web Browser? (You're being tracked based on how unique your browser settings are)
Electronic Frontier Foundation ^
Posted on 06/04/2011 6:29:49 PM PDT by LibWhacker
Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and con figurtion information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test site, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample.
By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a figerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.
We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a trade o�ff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- fingerprinting privacy technologies can be self- defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.
(Excerpt) Read more at panopticlick.eff.org ...
TOPICS: Computers/Internet
KEYWORDS: browser; extremelyunique; fingerprinting; howunique; nearlyunique; prettyunique; privacy; somewhatunique; superunique; unique; uniquelyunique; veryunique
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-69 next last
To: LibWhacker
I got the same result as everyone else.
Also, an icon which I’ve never seen before on my computer showed up down in the lower right hand corner of the screen, next to the antivirus icon. Something to do with Java.
21
posted on
06/04/2011 7:10:15 PM PDT
by
IAMIUBU
To: brityank
Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours. Okay, that's useful information, thx. So what they are saying is that, perhaps, 400 to 600 computers share your fingerprint. A lot better than me!
To: driftdiver
A few weeks ago. I visited a site that offered certain tours in Europe. About a week later, I got a brochure from them in the mail - the U.S. mail.
23
posted on
06/04/2011 7:13:12 PM PDT
by
Krankor
(Her voice was soft and cool, her eyes were clear and bright . But she's not there)
To: brityank
“Currently, we estimate that your browser has a fingerprint that conveys 12.46 bits of identifying information.”
OK
So how do I go about becoming a 12 bitter instead of a 20 bitter?
Seriously, not trying to be funny.
24
posted on
06/04/2011 7:15:24 PM PDT
by
IAMIUBU
To: IAMIUBU
I have a similar icon, but it’s because I’m running a plugin called NoScript.
To: DBrow
I think these guys are BUILDING a database of browser characteristics, to use to track peopleThat was my first thought.
26
posted on
06/04/2011 7:23:10 PM PDT
by
bgill
(Kenyan Parliament - how could a man born in Kenya who is not even a native American become the POTUS)
To: IAMIUBU
To: brityank
Most of that information is correct, but I doubt this one:
“Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours.”
I am running Xubuntu Linux and Firefox browser, but I tried the same view from an old Redhat Linux machine with Galeon Browser (Mozilla/Netscape derivative) and got exactly the same statement.
28
posted on
06/04/2011 7:27:33 PM PDT
by
Texas Fossil
(Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
To: LibWhacker
Interesting; it seems that the two attributes - at least for the three browsers that I regularly use (FF4, Opera 11, IE9) - that are the most unique are (1) the browser plugin details that are sent in the HTTP headers, and (2) the number of system fonts sent in the HTTP headers.
Other than that, the user-agent string is the next most unique attribute, but it differs among the three; for FF4 it’s not that rare (guess that means a lot of folks switched to FF4 pretty quickly), for Opera it’s a more unique attribute - probably because a lot fewer people use Opera, and for IE9 it’s a very unique attribute, most likely because IE9 is so new and because IE users tend to be slower at upgrading - particularly enterprise users - than FF users or Opera users.
I think I might explore how to stop the browsers from sending out so much info on things that are relatively irrelevant, like system fonts.
29
posted on
06/04/2011 7:28:18 PM PDT
by
Oceander
(The phrase "good enough for government work" is not meant as a compliment)
To: DBrow
“Your browser fingerprint appears to be unique among the 1,594,804 tested so far.”
I think you’re right.
Somebody just set us up the bomb.
30
posted on
06/04/2011 7:34:27 PM PDT
by
Salamander
(I wear my sunglasses at night.)
To: DBrow
“So what are the odds that we BOTH have such unique settings?”
Quite large. I identified 23 relevant elements on ‘User Agent’ and ‘HTTP_ACCEPT Headers’ alone. If each of them were binary (has only two choices) there would be 2^23 different possible configurations, or 8,388,608, which is much more than the 1.56 million in the database. They’re not binary, there’s a lot more configurations than that. And that’s without taking the other five parameters. Collision chances don’t seem too high.
To: Oceander
I think I might explore how to stop the browsers from sending out so much info on things that are relatively irrelevant, like system fonts. Hi, Oceander... When you figure it out, and if it wouldn't be too much trouble, would you kindly summarize what you've found so that all Freepers can make the necessary changes? Again, only if you have the time. I know I sure haven't deciphered it yet and would greatly appreciate a nice, easy to understand primer. Thanks!
To: brityank
Lets rethink that, here is what it said for my old machine.
Browser Identity
| Browser Characteristic |
bits of identifying information |
one in x browsers have this value |
value |
|
|
|
|
|
|
|
| User Agent |
20.6+ |
1594759 |
Mozilla/5.0 Galeon/1.2.5 |
(X11; Linux i686; U;) Gecko/20020809 |
33
posted on
06/04/2011 7:48:36 PM PDT
by
Texas Fossil
(Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
To: Salamander
You have no chance to survive
Make Your Time
To: brityank
Here is what it said about my newer Linux machine:
Browser Identity
| Browser Characteristic |
bits of identifying information |
one in x browsers have this value |
value |
| User Agent |
10.24 |
1207.64 |
Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 |
35
posted on
06/04/2011 7:54:21 PM PDT
by
Texas Fossil
(Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
To: brityank
Here is what the site says using Lynx text browser on the old Linux machine:
Panopticlick -- How Unique, and Trackable, Is Your Browser?
Your browser fingerprint appears to be unique among the 1,596,279
tested so far.
Currently, we estimate that your browser has a fingerprint that
conveys at least 20.61 bits of identifying information.
The measurements we used to obtain this result are listed below. You
can read more about our methodology, statistical results, and some
defenses against fingerprinting in this article.
Help us increase our sample size: Email This Digg This Post this to
Reddit Share Panopticlick with delicious Share this on Facebook Tweet
Panopticlick Dent Panopticlick
Browser Characteristic bits of identifying information one in x
browsers have this value value
User Agent
20.61+
1596279
Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6b
HTTP_ACCEPT Headers
36
posted on
06/04/2011 8:30:33 PM PDT
by
Texas Fossil
(Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
To: LibWhacker
Your browser fingerprint appears to be unique among the 1,597,433 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 20.61 bits of identifying information. I have no idea what the heck this means.
37
posted on
06/04/2011 9:02:52 PM PDT
by
Tainan
(Cogito Ergo Conservitus.)
To: LibWhacker
One in 320,000 with scrips off, one in 1.598 Million (unique) with scrips enabled for the Panopticlick site only. Panopticlick kept feeding me suspicious scripts, the latest Java release was going wild with detections.
38
posted on
06/04/2011 9:38:20 PM PDT
by
Iris7
("Do not live lies!" ...Aleksandr Solzhenitsyn)
To: Tainan
It’s just a measure of how much information your browser is handing off to any server on the internet it connects to. In this case, I think, ‘bits’ means ‘pieces,’ not bits as in “bytes and bits.” Twenty is not very good, according to EFF.
To: LibWhacker
Interesting, and from the look of it, pretty accurate.
One thing, though...
Using Google Chrome, I get the 1 in 1.5+ million
Using Microsoft IE 9, I get the 1 in 1.5+ million.
Using Firefox with noscript and AdBlock Plus, I get 1 in 17000.
Looks like I’m going back to my locked-down Firefox install.
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-69 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson