Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

How Unique Is Your Web Browser? (You're being tracked based on how unique your browser settings are)
Electronic Frontier Foundation ^

Posted on 06/04/2011 6:29:49 PM PDT by LibWhacker

Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and con figurtion information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test site, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample.

By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a figerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.

We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a trade o ff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- fingerprinting privacy technologies can be self- defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

(Excerpt) Read more at panopticlick.eff.org ...


TOPICS: Computers/Internet
KEYWORDS: browser; extremelyunique; fingerprinting; howunique; nearlyunique; prettyunique; privacy; somewhatunique; superunique; unique; uniquelyunique; veryunique
Navigation: use the links below to view more comments.
first previous 1-5051-69 last
To: Moose Burger

“I identified 23 relevant elements on ‘User Agent’ and ‘HTTP_ACCEPT Headers’ alone”

How many of these would you have to change to make your browser look different?

And if you changed them every so often you can’t be consistently identified.

I’m not enough of a conspiracy theorist to believe we are being tracked right now because the amount of info that would have to be stored is so vast it staggers the mind, but it is an interesting issue going forward.


51 posted on 06/05/2011 5:44:13 AM PDT by webstersII
[ Post Reply | Private Reply | To 31 | View Replies]

To: webstersII

I don’t think people change them themselves; things they install (plugins, extensions, etc) do.

“And if you changed them every so often you can’t be consistently identified.”

It sounds good. Maybe with some “random UA” plugin. If your browser is compatible enough the site optimizations for the browser you’re claiming to be won’t mess up the page too much. Maybe displaying an empty UA string would be enough, if lots of people do that, but some sites will think you’re a bot and maybe lock you out. There’s a chance that random UA will be adopted by bots, making this a moot point :P

HTTP_ACCEPT is another thing. It tells what HTTP features can you use. Randomizing it would degrade performance. Maybe there’s a subset of it that can be shuffled and won’t give trouble, but it’s a gamble.

“...to believe we are being tracked right now...” Well, we most probably aren’t, it’s just like fingerprints, we leave them averywhere.


52 posted on 06/05/2011 9:15:43 AM PDT by Moose Burger
[ Post Reply | Private Reply | To 51 | View Replies]

To: LibWhacker

I’m sorry I haven’t had time to experiment with it yet. I’ll try to play with it tonight and see if I can figure anything out.


53 posted on 06/05/2011 9:43:16 AM PDT by Oceander (The phrase "good enough for government work" is not meant as a compliment)
[ Post Reply | Private Reply | To 49 | View Replies]

To: Oceander

Okay, thanks. Don’t worry about if you don’t have time, though. Been there, done that, and any time you are able to give to it is greatly appreciated. I’ll keep looking at it and playing with it myself, and that sometimes lets me make headway on this sort of thing.


54 posted on 06/05/2011 10:53:02 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 53 | View Replies]

To: My hearts in London - Everett

Interesting that you would say that because I first learned about tracking unique browser fingerprints while reading a liberal website. They were all in a frenzy over it.

Libs always make fun of how dumb Republicans are. But Freepers should take heart; I read all the libs’ comments and Freepers are head and shoulders ahead of them in understanding the problem.


55 posted on 06/05/2011 11:06:55 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 50 | View Replies]

To: LibWhacker
Take the test here: https://panopticlick.eff.org/??

Your browser fingerprint appears to be unique among the 1,607,432 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 20.62 bits of identifying information.

56 posted on 06/05/2011 11:22:57 AM PDT by cynwoody
[ Post Reply | Private Reply | To 1 | View Replies]

To: webstersII

Oh, and to answer

“How many of these would you have to change to make your browser look different?”

Just one of them would be enough (using this definition of “unique”). All of them have to be the same for two browsers to be considered identical. That’s why it’s so easy to have a unique one.


57 posted on 06/05/2011 11:35:44 AM PDT by Moose Burger
[ Post Reply | Private Reply | To 51 | View Replies]

To: bunkerhill7
Buy a used computer trade-in from a repair shop. It usually has the original buyer`s administrator`s login defaults locked in and defaults to the original buyer`s email address and windows license info. All the upgrades are registered with the administrator.

Wouldn't help.

The purpose of the fingerprinting is not to identify you, as in name and address and SSN, but to track you as you go from site to site, where each site is using a common ad server, such as doubleclick. If the ad server knows your recent browsing history, it can hit you with ads customized to your apparent interests. They don't know who you are (although some cross checking might reveal your identity in some cases), but they want to know if you are the same you that they've seen before.

They used to use cookies to track to track users from site to site. But cookies can be readily deleted. Fingerprinting is thus probably a more robust method.

58 posted on 06/05/2011 11:42:43 AM PDT by cynwoody
[ Post Reply | Private Reply | To 19 | View Replies]

To: Moose Burger
Just one of them would be enough (using this definition of “unique”). All of them have to be the same for two browsers to be considered identical. That’s why it’s so easy to have a unique one.

I can change my fingerprint just by dragging the window to the other monitor, since my monitors have different resolutions, and screen resolution is part of the fingerprint.

But I highly doubt any outfit who is actually using this technique as a cookie replacement is going for exact matches. They've probably defined some sort of similarity function, and they consider anybody who scores above some threshold to be the same person. That's plenty good enough for their purpose, which is to sharpen up ad delivery and deliver improved audience analytics to their clients. A few false positives or false negatives wouldn't matter.

59 posted on 06/05/2011 11:50:20 AM PDT by cynwoody
[ Post Reply | Private Reply | To 57 | View Replies]

To: cynwoody

“But I highly doubt any outfit who is actually using this technique as a cookie replacement is going for exact matches.”

That’s right. I think the panopticlick.eff.org metric is not really very good; that’s why I said “using this definition”. Bad (?) news are, the real uniqueness is much higher when taking “ambiental”/temporal continuity contexts in consideration. I question the “bad” because, well, it’s impossible to do anything in the world without leaving some kind of print. There’s a limit where the paranoia can be useful.


60 posted on 06/05/2011 11:57:44 AM PDT by Moose Burger
[ Post Reply | Private Reply | To 59 | View Replies]

To: LibWhacker

WOW! Uniquely identifiable as the only one out of 1.6 million tested!

I have plugins for my Wacom tablet, for Silverlight, Flash, and a bunch of nice fonts I’ve got installed.

Quite an eye-opener!

Ed


61 posted on 06/05/2011 12:09:59 PM PDT by Sir_Ed
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

Sorry for the delay on this one--I was busy this weekend :)

62 posted on 06/06/2011 5:27:52 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #63 Removed by Moderator

To: LibWhacker
Interesting.

I originally ran the test with my NoScript turned on, and it returned a 1 in ~600,000. When I turned it off, I was 1 in 1.6M.

64 posted on 06/06/2011 5:32:38 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

There is no privacy on the web.


65 posted on 06/06/2011 7:52:48 AM PDT by Tribune7 (We're flat broke, but he thinks these solar shingles and really fast trains will magically save us.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: lmsii

1,610,258

I suspect the number tends to reflect your lack of interest in being a follower.

You have to admit, being unique among 1.5 million sampled is pretty cool.


66 posted on 06/06/2011 8:25:40 AM PDT by stylin_geek (Never underestimate the power of government to distort markets)
[ Post Reply | Private Reply | To 11 | View Replies]

To: LibWhacker
Within our dataset of several million visitors, only one in 57,512 browsers have the same fingerprint as yours.Great, just great...
67 posted on 06/06/2011 8:58:40 AM PDT by GOPJ (‘Simple way to understand the importance of private property: Have you ever washed a rental car?’)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
...first learned about tracking unique browser fingerprints while reading a liberal website. They were all in a frenzy over it. Libs always make fun of how dumb Republicans are. But Freepers should take heart; I read all the libs’ comments and Freepers are head and shoulders ahead of them in understanding the problem.

Would've been my first guess...

68 posted on 06/06/2011 9:12:26 AM PDT by GOPJ (‘Simple way to understand the importance of private property: Have you ever washed a rental car?’)
[ Post Reply | Private Reply | To 55 | View Replies]

To: DBrow

Your browser fingerprint appears to be unique among the 1,611,607 tested so far.


69 posted on 06/07/2011 2:55:30 AM PDT by publana (Beware the olive branch extended by a Dem for it disguises a clenched fist.)
[ Post Reply | Private Reply | To 7 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-5051-69 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson