Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

How Unique Is Your Web Browser? (You're being tracked based on how unique your browser settings are)
Electronic Frontier Foundation ^

Posted on 06/04/2011 6:29:49 PM PDT by LibWhacker

Abstract. We investigate the degree to which modern web browsers are subject to "device fingerprinting" via the version and con figurtion information that they will transmit to websites upon request. We implemented one possible fingerprinting algorithm, and collected these fingerprints from a large sample of browsers that visited our test site, panopticlick.eff.org. We observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample.

By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a figerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.

We discuss what privacy threat browser fingerprinting poses in practice, and what countermeasures may be appropriate to prevent it. There is a trade o ff between protection against fingerprintability and certain kinds of debuggability, which in current browsers is weighted heavily against privacy. Paradoxically, anti- fingerprinting privacy technologies can be self- defeating if they are not used by a sufficient number of people; we show that some privacy measures currently fall victim to this paradox, but others do not.

(Excerpt) Read more at panopticlick.eff.org ...


TOPICS: Computers/Internet
KEYWORDS: browser; extremelyunique; fingerprinting; howunique; nearlyunique; prettyunique; privacy; somewhatunique; superunique; unique; uniquelyunique; veryunique
Navigation: use the links below to view more comments.
first 1-5051-69 next last
Take the test here: https://panopticlick.eff.org/??

Read the paper here: https://panopticlick.eff.org/browser-uniqueness.pdf

Criminy, I thought I was being smart running a boatload of privacy plugins, setting my browser up not to run scripts, accept cookies, nor generally, to give out much information at all about me or my computer.

But now, it turns out, that can be used against me; i.e., my computer is totally unique amongst 1.5 million browsers tested, and therefore, can be tracked across the web based upon this unique fingerprint! Or, as one wag has said, "What a cruel twist of fate, all my plugins designed to give me privacy are being used to identify me!"

1 posted on 06/04/2011 6:29:54 PM PDT by LibWhacker
[ Post Reply | Private Reply | View Replies]

To: LibWhacker

They can also track you by IP and location.


2 posted on 06/04/2011 6:35:28 PM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #3 Removed by Moderator

To: LibWhacker
"Your browser fingerprint appears to be unique among the 1,592,818 tested so far."

That's a problem.

4 posted on 06/04/2011 6:39:20 PM PDT by Paladin2
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
You can browse but you can't hide.
5 posted on 06/04/2011 6:39:40 PM PDT by JPG (Sarah Palin, driving the MSM crazy one day at a time.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

Same with me, except I had to allow their program to send data back.


6 posted on 06/04/2011 6:41:04 PM PDT by Paladin2
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

Mine to seems to be completely unique among the 1.56 million in their database.

So what are the odds that we BOTH have such unique settings?

One thing making mine unique was that I have Java plugins- but who does not?

I think these guys are BUILDING a database of browser characteristics, to use to track people.


7 posted on 06/04/2011 6:42:05 PM PDT by DBrow
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker; hiredhand; CodeToad; Swordmaker

In theory that makes sense.... Could indeed be a tell tale.

I do such to avoid the average bs malware etc...


8 posted on 06/04/2011 6:45:15 PM PDT by Squantos (Be polite. Be professional. But have a plan to kill everyone you meet)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

Now you need another plugin to protect all this info ...


9 posted on 06/04/2011 6:46:38 PM PDT by MetaThought
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
Photobucket
10 posted on 06/04/2011 6:46:46 PM PDT by SWAMPSNIPER (The Second Amendment, a matter of fact, not a matter of opinion)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2

I’m worse than you (1,593,093)and was doing the same thing.


11 posted on 06/04/2011 6:48:13 PM PDT by lmsii
[ Post Reply | Private Reply | To 4 | View Replies]

To: Paladin2; DBrow

Interesting... We all have similar but not identical uniqueness measures. How can that be? If they’ve tested 1.6M browsers and 100,000 of them share your fingerprint, would they tell you that you were unique among [the other] 1.5M? How exactly does that work? I’m not sure.


12 posted on 06/04/2011 6:53:21 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 4 | View Replies]

To: Paladin2

Nothing is something per se... That would only seem to apply to no such agency sorts who can breach your security if they want anyway.

Only way for two people to keep a secret is if one of em is dead.....supposedly....:o)


13 posted on 06/04/2011 6:53:36 PM PDT by Squantos (Be polite. Be professional. But have a plan to kill everyone you meet)
[ Post Reply | Private Reply | To 6 | View Replies]

To: MetaThought

LOL


14 posted on 06/04/2011 6:54:46 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 9 | View Replies]

To: JPG

Lol, boy, is that ever the truth!


15 posted on 06/04/2011 6:56:55 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 5 | View Replies]

To: SWAMPSNIPER

I was unique with 20.6 bits too. Hmmm.


16 posted on 06/04/2011 6:57:52 PM PDT by LostInBayport (When there are more people riding in the cart than there are pulling it, the cart stops moving...)
[ Post Reply | Private Reply | To 10 | View Replies]

To: LibWhacker

Looks like it comes from “Browser Plugin Details” which may include the order of when you added the plugins.


17 posted on 06/04/2011 6:58:05 PM PDT by Paladin2
[ Post Reply | Private Reply | To 12 | View Replies]

To: LostInBayport

ditto.


18 posted on 06/04/2011 7:04:03 PM PDT by ken21 (liberal + rino progressive media hate palin, bachman, cain...)
[ Post Reply | Private Reply | To 16 | View Replies]

To: LibWhacker

Buy a used computer trade-in from a repair shop. It usually has the original buyer`s administrator`s login defaults locked in and defaults to the original buyer`s email address and windows license info. All the upgrades are registered with the administrator.


19 posted on 06/04/2011 7:05:14 PM PDT by bunkerhill7
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
Weird.

Here's an easier way of tracking someone - the only way to defeat it is through an anonymizer portal:

Here's what I got:

Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 12.46 bits of identifying information.

20 posted on 06/04/2011 7:05:44 PM PDT by brityank (The more I learn about the Constitution, the more I realise this Government is UNconstitutional !!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

I got the same result as everyone else.

Also, an icon which I’ve never seen before on my computer showed up down in the lower right hand corner of the screen, next to the antivirus icon. Something to do with Java.


21 posted on 06/04/2011 7:10:15 PM PDT by IAMIUBU
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank
Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours.

Okay, that's useful information, thx. So what they are saying is that, perhaps, 400 to 600 computers share your fingerprint. A lot better than me!

22 posted on 06/04/2011 7:11:30 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 20 | View Replies]

To: driftdiver

A few weeks ago. I visited a site that offered certain tours in Europe. About a week later, I got a brochure from them in the mail - the U.S. mail.


23 posted on 06/04/2011 7:13:12 PM PDT by Krankor (Her voice was soft and cool, her eyes were clear and bright . But she's not there)
[ Post Reply | Private Reply | To 2 | View Replies]

To: brityank

“Currently, we estimate that your browser has a fingerprint that conveys 12.46 bits of identifying information.”

OK

So how do I go about becoming a 12 bitter instead of a 20 bitter?

Seriously, not trying to be funny.


24 posted on 06/04/2011 7:15:24 PM PDT by IAMIUBU
[ Post Reply | Private Reply | To 20 | View Replies]

To: IAMIUBU

I have a similar icon, but it’s because I’m running a plugin called NoScript.


25 posted on 06/04/2011 7:16:45 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 21 | View Replies]

To: DBrow
I think these guys are BUILDING a database of browser characteristics, to use to track people

That was my first thought.

26 posted on 06/04/2011 7:23:10 PM PDT by bgill (Kenyan Parliament - how could a man born in Kenya who is not even a native American become the POTUS)
[ Post Reply | Private Reply | To 7 | View Replies]

To: IAMIUBU
That seems to be covered, at least in part, here: https://panopticlick.eff.org/browser-uniqueness.pdf, beginning on page 14.
27 posted on 06/04/2011 7:26:31 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 24 | View Replies]

To: brityank

Most of that information is correct, but I doubt this one:

“Within our dataset of several million visitors, only one in 5,628 browsers have the same fingerprint as yours.”

I am running Xubuntu Linux and Firefox browser, but I tried the same view from an old Redhat Linux machine with Galeon Browser (Mozilla/Netscape derivative) and got exactly the same statement.


28 posted on 06/04/2011 7:27:33 PM PDT by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 20 | View Replies]

To: LibWhacker

Interesting; it seems that the two attributes - at least for the three browsers that I regularly use (FF4, Opera 11, IE9) - that are the most unique are (1) the browser plugin details that are sent in the HTTP headers, and (2) the number of system fonts sent in the HTTP headers.

Other than that, the user-agent string is the next most unique attribute, but it differs among the three; for FF4 it’s not that rare (guess that means a lot of folks switched to FF4 pretty quickly), for Opera it’s a more unique attribute - probably because a lot fewer people use Opera, and for IE9 it’s a very unique attribute, most likely because IE9 is so new and because IE users tend to be slower at upgrading - particularly enterprise users - than FF users or Opera users.

I think I might explore how to stop the browsers from sending out so much info on things that are relatively irrelevant, like system fonts.


29 posted on 06/04/2011 7:28:18 PM PDT by Oceander (The phrase "good enough for government work" is not meant as a compliment)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DBrow

“Your browser fingerprint appears to be unique among the 1,594,804 tested so far.”

I think you’re right.

Somebody just set us up the bomb.


30 posted on 06/04/2011 7:34:27 PM PDT by Salamander (I wear my sunglasses at night.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: DBrow

“So what are the odds that we BOTH have such unique settings?”

Quite large. I identified 23 relevant elements on ‘User Agent’ and ‘HTTP_ACCEPT Headers’ alone. If each of them were binary (has only two choices) there would be 2^23 different possible configurations, or 8,388,608, which is much more than the 1.56 million in the database. They’re not binary, there’s a lot more configurations than that. And that’s without taking the other five parameters. Collision chances don’t seem too high.


31 posted on 06/04/2011 7:37:14 PM PDT by Moose Burger
[ Post Reply | Private Reply | To 7 | View Replies]

To: Oceander
I think I might explore how to stop the browsers from sending out so much info on things that are relatively irrelevant, like system fonts.

Hi, Oceander... When you figure it out, and if it wouldn't be too much trouble, would you kindly summarize what you've found so that all Freepers can make the necessary changes? Again, only if you have the time. I know I sure haven't deciphered it yet and would greatly appreciate a nice, easy to understand primer. Thanks!

32 posted on 06/04/2011 7:45:19 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 29 | View Replies]

To: brityank
Lets rethink that, here is what it said for my old machine.

Browser Identity
Browser Characteristic bits of identifying information one in x browsers have this value value
User Agent 20.6+ 1594759 Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020809

33 posted on 06/04/2011 7:48:36 PM PDT by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Salamander

You have no chance to survive

Make Your Time


34 posted on 06/04/2011 7:51:03 PM PDT by smoothsailing
[ Post Reply | Private Reply | To 30 | View Replies]

To: brityank
Here is what it said about my newer Linux machine:

Browser Identity
Browser Characteristic bits of identifying information one in x browsers have this value value
User Agent 10.24 1207.64 Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1


35 posted on 06/04/2011 7:54:21 PM PDT by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 20 | View Replies]

To: brityank
Here is what the site says using Lynx text browser on the old Linux machine:
Panopticlick -- How Unique, and Trackable, Is Your Browser?

   Your  browser  fingerprint  appears  to  be unique among the 1,596,279
   tested so far.

   Currently,  we  estimate  that  your  browser  has  a fingerprint that
   conveys at least 20.61 bits of identifying information.

   The  measurements  we used to obtain this result are listed below. You
   can  read  more  about  our methodology, statistical results, and some
   defenses against fingerprinting in this article.

   Help  us  increase  our sample size: Email This Digg This Post this to
   Reddit  Share Panopticlick with delicious Share this on Facebook Tweet
   Panopticlick Dent Panopticlick 
   Browser Characteristic bits of identifying information one in x
   browsers have this value value
   User Agent

                                   20.61+

                                  1596279

   Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6b
   HTTP_ACCEPT Headers

36 posted on 06/04/2011 8:30:33 PM PDT by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 20 | View Replies]

To: LibWhacker
Your browser fingerprint appears to be unique among the 1,597,433 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 20.61 bits of identifying information.

I have no idea what the heck this means.

37 posted on 06/04/2011 9:02:52 PM PDT by Tainan (Cogito Ergo Conservitus.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

One in 320,000 with scrips off, one in 1.598 Million (unique) with scrips enabled for the Panopticlick site only. Panopticlick kept feeding me suspicious scripts, the latest Java release was going wild with detections.


38 posted on 06/04/2011 9:38:20 PM PDT by Iris7 ("Do not live lies!" ...Aleksandr Solzhenitsyn)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tainan

It’s just a measure of how much information your browser is handing off to any server on the internet it connects to. In this case, I think, ‘bits’ means ‘pieces,’ not bits as in “bytes and bits.” Twenty is not very good, according to EFF.


39 posted on 06/04/2011 9:55:37 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 37 | View Replies]

To: LibWhacker

Interesting, and from the look of it, pretty accurate.

One thing, though...

Using Google Chrome, I get the 1 in 1.5+ million

Using Microsoft IE 9, I get the 1 in 1.5+ million.

Using Firefox with noscript and AdBlock Plus, I get 1 in 17000.

Looks like I’m going back to my locked-down Firefox install.


40 posted on 06/04/2011 10:06:32 PM PDT by MediaMole
[ Post Reply | Private Reply | To 1 | View Replies]

To: smoothsailing

RATS!

Oh, woops...I mean CATS!

[stupid main screen not turn on]

;]


41 posted on 06/04/2011 10:28:52 PM PDT by Salamander (I wear my sunglasses at night.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: LibWhacker
Hi, Oceander... When you figure it out, and if it wouldn't be too much trouble, would you kindly summarize what you've found so that all Freepers can make the necessary changes? Again, only if you have the time. I know I sure haven't deciphered it yet and would greatly appreciate a nice, easy to understand primer. Thanks!

I did find an addon for Firefox that should give people some reasonable amount of control over the headers that FF sends out; according to the blog posts by the developer, it works with FF4.

I haven't done any experimentation with it yet, but it does seem to be a reasonably well-developed addon and will almost certainly allow you to modify the silly headers like the system fonts header, which shouldn't cause too much trouble with much of anything (I really cannot think of too many sites that are going to be checking that header to see if they can send you webpages with funky fonts in them).

Also according to the developer of this addon, right now Opera and Google Chrome don't expose the application programming interfaces needed to modify HTTP headers on the fly, although they might in the future.

IE I have no idea about right now; if I come across anything I'll post it up.
42 posted on 06/04/2011 10:52:56 PM PDT by Oceander (The phrase "good enough for government work" is not meant as a compliment)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Oceander
Thanks! Is that addon called HeaderControl? The most recent version I can find (v0.1.7) doesn't work with FF4. I at least want to get control of the font situation. From what you and others have said, that sounds like it is perhaps the most significant culprit in making our machines look so damned unique to all the snoops out there.
43 posted on 06/05/2011 12:23:49 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 42 | View Replies]

To: LibWhacker
Nope. It's another add-on called Modify Headers - nice, short, and to the point, if I do say so. According to the developer, it should be FF4 friendly.
44 posted on 06/05/2011 12:41:49 AM PDT by Oceander (The phrase "good enough for government work" is not meant as a compliment)
[ Post Reply | Private Reply | To 43 | View Replies]

To: Oceander

Oh, fantastic, thanks for that! I’m going to install it right away.


45 posted on 06/05/2011 12:50:09 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 44 | View Replies]

To: SWAMPSNIPER

How are fractions of bits possible?


46 posted on 06/05/2011 12:58:46 AM PDT by Fresh Wind ('People have got to know whether or not their President is a crook.' Richard M. Nixon)
[ Post Reply | Private Reply | To 10 | View Replies]

To: LibWhacker
There is something seriously not right about this test. The first time I ran the test, this was my result:
Within our dataset of several million visitors, only one in 533,751 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 19.03 bits of identifying information.

After taking the test several times, my score gets lower with each test.

This is the latest result:

Within our dataset of several million visitors, only one in 43,285 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 15.4 bits of identifying information.

Either their test is hinky or my browser (Opera) is shutting down identifying characteristics.
47 posted on 06/05/2011 1:00:09 AM PDT by jellybean (Bookmark http://altfreerepublic.freeforums.org/index.php for when FR is down)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jellybean
They mentioned that in the .PDF paper... Here's what I believe is going on: Let's say they have 3,000,000 entries in their fingerprint database. If you are one of six people who share your fingerprint, they'll report to you that "only one in 500,000 browsers have the same fingerprint as yours."

The next time you take the test, it will think of you as the seventh person to have visited the website with that fingerprint and will report that "only one in 428,571 browsers have the same fingerprint as yours." So, you'll appear to be less unique, that is, less identifiable from a uniqueness point of view. Less unique is good.

But you do not want to repeatedly take the test over and over again because, although that number will decrease each time, it will not be giving you accurate information after your first visit.

You should only re-take the test after you've made major changes in the headers that are handed off from your browser to servers, to see whether or not the changes you've made are actually beneficial from a privacy (uniqueness) point of view.

48 posted on 06/05/2011 1:49:55 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 47 | View Replies]

To: Oceander
Okay, I've installed it and read through all the instructions. But I'll be darned if I can figure out how to get it not to pass information about my fonts. Or about the install dates for my addons, e.g.

I did successfully work through the example the author gave and blocked headers related to the iPhone, which I do not own, lol.

Also, I wonder if a person blocks font information, will his online banking be screwed up from then on, for example, because servers will just send out some ugly default font from the old days, like 12-point Courier that'll totally screw up tables, etc?

49 posted on 06/05/2011 2:09:12 AM PDT by LibWhacker
[ Post Reply | Private Reply | To 44 | View Replies]

To: LibWhacker

Is it possible that we have similar uniqueness due to being FReepers? We have many threads here on FR on net security, etc. Also, I think that many people, liberal and conservative alike, who are net savvy tend to pay attention big time to tracking, net dangers, etc. moreso than casual net surfers.


50 posted on 06/05/2011 5:13:33 AM PDT by My hearts in London - Everett (You will try to nudge commies toward the truth, while they try to nudge you toward the cattle cars.)
[ Post Reply | Private Reply | To 12 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-69 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson