Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Says Forget Cookies, Your Browser Has Fingerprints

Posted by CmdrTaco on from the you-are-not-unique dept.

alphadogg writes "Even without cookies, popular browsers such as Internet Explorer and Firefox give websites enough information to get a unique picture of their visitors about 94 percent of the time, according to research compiled over the past few months by the Electronic Frontier Foundation. [The Research] puts quantitative assessment on something that security gurus have known about for years, said Peter Eckersley, the EFF senior staff technologist who did the research. He found that configuration information — data on the type of browser, operating system, plugins, and even fonts installed — can be compiled by websites to create a unique portrait of most visitors. This means that most Internet users are a lot less anonymous than they believe, Eckersley said. 'Even if you turn off cookies and you use a proxy to hide your IP address, you could still be tracked,' he said."

7 of 175 comments (clear)

  1. Take some measures... by IYagami · · Score: 5, Informative

    From TFA:

    "There are some effective countermeasures, however. A uniquely identifiable IDG News Service Windows XP computer running Firefox could not be identified with the NoScript safe browsing extension turned on. Adding the Tor Internet anonymization software also works, Eckersley said."

  2. Original ./ article by Mouldy · · Score: 5, Informative

    For those who are interested

  3. Personally Identifiable Information by Coreigh · · Score: 5, Interesting

    I don't care if anyone tracks my preferences or shopping history. What I care about is; 'Is that information "Personally Identifiable"?' In other words its not that they know what I do, its do they know, specifically, who I am.

    I am all for research and marketing to tune products and advertising, but they don't need to know my name or various identifiers to do it.

    --



    "Waitress I need two more boat-drinks..."
    1. Re:Personally Identifiable Information by somersault · · Score: 5, Funny

      In other words its not that they know what I do, its do they know, specifically, who I am

      Bruce Wayne: It's not who I am underneath, but what I do that defines me.

      --
      which is totally what she said
  4. A Wikipedia Checkuser's opinion by Anonymous Coward · · Score: 5, Interesting

    We have a rather annoying vandal by the name of Grawp who likes to visit often and put penis pictures up on pages that little kids like to visit, among other things.

    He edits via proxies, while visiting people, open wifi spots, etc... and never figures out how we know it's him.

    Shame his laptop has the same fairly unique MSIE-and-toolbars useragent string.

  5. Re:damn. by Anonymous Coward · · Score: 5, Funny

    true,

    but you're still boned if you're the only furry in the office.

  6. Re:Don't worry by darthflo · · Score: 5, Informative

    That's just the User-Agent string. The actual fingerprint consists of that and a big bunch of other headers your browser sends out with each request. Language, preferred encoding, plugins; screen resolution, your installed fonts and so on.Changing your standard browser's user-agent to something like you quoted above is a surefire way to be even more unique.
    Check the panopticlick page for your details. Keep in mind their "bits of identifying information" only apply to a single header. A bit of work and identifying over all of these fields is easily done. Throw in a bit of extra work and users can be singled out even after they change one or two of 'em.
    Summing all the lines together, I can get some 70 bits of identifying info out of my (almost worst-case) setup: Ubuntu 9.10 running a snapshot of Opera 10.54 with a couple of extra fonts and a weird screen resolution.Cut away user-agent and plugins and we're still at some 35, more than IPv4 addresses out there.