Tracking Browsers Without Cookies Or IP Addresses?

← Back to Stories (view on slashdot.org)

Tracking Browsers Without Cookies Or IP Addresses?

Posted by CmdrTaco on Wednesday January 27, 2010 @05:23AM from the just-how-private-are-you dept.

Peter Eckersley writes "The EFF has launched a research project called Panopticlick, to determine whether seemingly innocuous browser configuration information (like User Agent strings, plugin versions and fonts) may create unique fingerprints that allow web users to be tracked, even if they limit or delete cookies. Preliminary results indicate that the User Agent string alone has 10.5 bits of entropy, which means that for a typical Internet user, only one in about 1,500 (2 ^ 10.5) others will share their User Agent string. If you visit Panopticlick, you can get a reading of how rare or unique your browser configuration is, as well as helping EFF to collect better data about this problem and how best to defend against it." I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others.

6 of 265 comments (clear)

Min score:

Reason:

Sort:

LOL by C_Kode · 2010-01-27 05:39 · Score: 3, Insightful

The site says Only anonymous data will be collected by this site. Yet they are collecting data to see how un-anonymous you actually really are! :)
Re:Results and flash cookies by Mister+Whirly · 2010-01-27 06:56 · Score: 1, Insightful

Wouldn't randomizing this every time make you more unique and hence more trackable? They should make an addon that makes every browser have an identical user agent that does not ever change, no matter what you do to your browser.

--
"But this one goes to 11!"
Compiling Firefox by J'raxis · 2010-01-27 07:21 · Score: 4, Insightful

I noticed this years ago, when I noticed that compiling Firefox puts the exact date and time in your user-agent. The user-agent also contains the usual things like the OS, architecture, &c.. So how likely is it that someone else with the exact same system configuration and compiled the exact same version of Firefox at the same time? Probably zero.

--
Liberty in your lifetime
Re:Results and flash cookies by Mister+Whirly · 2010-01-27 11:13 · Score: 2, Insightful

We were talking about the user agent of a browser as an identifier, not IP addresses or anything else. My point was that if every user agent reported the same thing, no matter the actual configurations or variances of the browser may be, it would be much harder to identify individuals out of the group. So I hardly made a foolish statement. Just because you didn't understand it does not make me foolish.

--
"But this one goes to 11!"
Re:More Unique, Less trackable by Mister+Whirly · 2010-01-27 13:19 · Score: 2, Insightful

If everybody was using it, yes. But if you keep seeing a unique agent string coming from the same IP range over and over, it would be easier to track, to a degree. There are a lot of variables, but if you didn't have a lot of traffic it could make it easier to identify an individual user.

--
"But this one goes to 11!"
I claim prior art! by fph+il+quozientatore · 2010-01-27 23:27 · Score: 2, Insightful

I claim prior art!

--
My first program:
Hell Segmentation fault