Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Browsers Without Cookies Or IP Addresses?

Posted by CmdrTaco on from the just-how-private-are-you dept.

Peter Eckersley writes "The EFF has launched a research project called Panopticlick, to determine whether seemingly innocuous browser configuration information (like User Agent strings, plugin versions and fonts) may create unique fingerprints that allow web users to be tracked, even if they limit or delete cookies. Preliminary results indicate that the User Agent string alone has 10.5 bits of entropy, which means that for a typical Internet user, only one in about 1,500 (2 ^ 10.5) others will share their User Agent string. If you visit Panopticlick, you can get a reading of how rare or unique your browser configuration is, as well as helping EFF to collect better data about this problem and how best to defend against it." I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others.

5 of 265 comments (clear)

  1. Results and flash cookies by sopssa · · Score: 5, Informative

    I compared between IE, Firefox, Chrome and Opera. Both IE and Firefox were completely unique even with the user agent because of the .NET versions there. Opera and Chrome were quite genetic.

    Plugins were also completely unique and really easy to detect in any other browser than IE8. Interestingly IE's plugin list was really small and not at all so unique. IE's top "warning" bar asked me if I want to run specific plugins (probably to detect them). System fonts were completely unique and looks like easy to detect.

    Remember that this is info that for example Google gets all over the internet via Analytics - they don't even need those tracking cookies because your browser leaves so much unique data behind it that it doesn't matter. And so does every website owner.

    Another thing people usually forget about when clearing cookies is that Flash has cookies too and they don't clear along. When have you last time cleared them? Probably never. You can use BleachBit" to clear those along with other software, history and temp data.

  2. Thanks EFF. I never thought about that. by cornicefire · · Score: 5, Funny

    I'm glad they gave me some new ideas for tracking.

  3. Already being done by QuietLagoon · · Score: 5, Informative

    in the market research industry.

  4. Little Bobby Tables in User Agent String by fibrewire · · Score: 5, Funny

    Lets see whose tracking what :P

    Somebody write a firefox plugin that changes "Fingerprints" to "DropDB" statements

    1. Re:Little Bobby Tables in User Agent String by thms · · Score: 5, Informative

      The quick manual way:

      1) Type "about:config" in the addressbar, if you haven't been there before you must confirm that you are actually a geek.
      2) Filter for "useragent", then append whatever you want to the general.useragent.extra.firefoxComment key.
      3) Help -> About shows your current user agent, btw.
      4) Wait for lawsuits? Or Profit? I forgot...