Skip to comments.How Unique Is Your Web Browser? (You're being tracked based on how unique your browser settings are)
Posted on 06/04/2011 6:29:49 PM PDT by LibWhacker
Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and con figurtion information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test site, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample.
By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a figerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.
We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a trade off between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- fingerprinting privacy technologies can be self- defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.
(Excerpt) Read more at panopticlick.eff.org ...
“I identified 23 relevant elements on User Agent and HTTP_ACCEPT Headers alone”
How many of these would you have to change to make your browser look different?
And if you changed them every so often you can’t be consistently identified.
I’m not enough of a conspiracy theorist to believe we are being tracked right now because the amount of info that would have to be stored is so vast it staggers the mind, but it is an interesting issue going forward.
I don’t think people change them themselves; things they install (plugins, extensions, etc) do.
“And if you changed them every so often you cant be consistently identified.”
It sounds good. Maybe with some “random UA” plugin. If your browser is compatible enough the site optimizations for the browser you’re claiming to be won’t mess up the page too much. Maybe displaying an empty UA string would be enough, if lots of people do that, but some sites will think you’re a bot and maybe lock you out. There’s a chance that random UA will be adopted by bots, making this a moot point :P
HTTP_ACCEPT is another thing. It tells what HTTP features can you use. Randomizing it would degrade performance. Maybe there’s a subset of it that can be shuffled and won’t give trouble, but it’s a gamble.
“...to believe we are being tracked right now...” Well, we most probably aren’t, it’s just like fingerprints, we leave them averywhere.
I’m sorry I haven’t had time to experiment with it yet. I’ll try to play with it tonight and see if I can figure anything out.
Okay, thanks. Don’t worry about if you don’t have time, though. Been there, done that, and any time you are able to give to it is greatly appreciated. I’ll keep looking at it and playing with it myself, and that sometimes lets me make headway on this sort of thing.
Interesting that you would say that because I first learned about tracking unique browser fingerprints while reading a liberal website. They were all in a frenzy over it.
Libs always make fun of how dumb Republicans are. But Freepers should take heart; I read all the libs’ comments and Freepers are head and shoulders ahead of them in understanding the problem.
Your browser fingerprint appears to be unique among the 1,607,432 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 20.62 bits of identifying information.
Oh, and to answer
“How many of these would you have to change to make your browser look different?”
Just one of them would be enough (using this definition of “unique”). All of them have to be the same for two browsers to be considered identical. That’s why it’s so easy to have a unique one.
The purpose of the fingerprinting is not to identify you, as in name and address and SSN, but to track you as you go from site to site, where each site is using a common ad server, such as doubleclick. If the ad server knows your recent browsing history, it can hit you with ads customized to your apparent interests. They don't know who you are (although some cross checking might reveal your identity in some cases), but they want to know if you are the same you that they've seen before.
I can change my fingerprint just by dragging the window to the other monitor, since my monitors have different resolutions, and screen resolution is part of the fingerprint.
But I highly doubt any outfit who is actually using this technique as a cookie replacement is going for exact matches. They've probably defined some sort of similarity function, and they consider anybody who scores above some threshold to be the same person. That's plenty good enough for their purpose, which is to sharpen up ad delivery and deliver improved audience analytics to their clients. A few false positives or false negatives wouldn't matter.
“But I highly doubt any outfit who is actually using this technique as a cookie replacement is going for exact matches.”
That’s right. I think the panopticlick.eff.org metric is not really very good; that’s why I said “using this definition”. Bad (?) news are, the real uniqueness is much higher when taking “ambiental”/temporal continuity contexts in consideration. I question the “bad” because, well, it’s impossible to do anything in the world without leaving some kind of print. There’s a limit where the paranoia can be useful.
WOW! Uniquely identifiable as the only one out of 1.6 million tested!
I have plugins for my Wacom tablet, for Silverlight, Flash, and a bunch of nice fonts I’ve got installed.
Quite an eye-opener!
Sorry for the delay on this one--I was busy this weekend :)
I originally ran the test with my NoScript turned on, and it returned a 1 in ~600,000. When I turned it off, I was 1 in 1.6M.
There is no privacy on the web.
I suspect the number tends to reflect your lack of interest in being a follower.
You have to admit, being unique among 1.5 million sampled is pretty cool.
Would've been my first guess...
Your browser fingerprint appears to be unique among the 1,611,607 tested so far.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.