Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Identifiable Are You On the Web?

Posted by timothy on from the your-unique-aroma dept.

An anonymous reader writes How identifiable are you on the web? This updated browser fingerprinting tool implements the current state of the art in browser fingerprinting techniques(including canvas fingerprinting) to show you how unique your browser is on the web. Good food for thought when three-letter agencies talk about "mere metadata."

8 of 160 comments (clear)

  1. Re:/.ed? by darkain · · Score: 5, Informative

    Agreed! Page isn't loading, that was fast as hell.

    For those looking for other resources tho, that DO load

    http://samy.pl/evercookie/

    https://panopticlick.eff.org/

  2. MEH by Jane+Q.+Public · · Score: 4, Informative

    First, the simplest of script blockers completely prevented the home page from loading at all.

    Second, when I allowed the site in my script blocker, it was slow as hell to load.

    But Third, and more to the point: EFF's Panopticlick has been around for a long time now, and it's far better.

  3. Re:I'm a special snowflake apparently. by arth1 · · Score: 4, Informative

    Fonts seems to be what does it. With many programs coming with extra/special fonts, it quickly narrows the users down based on what they have installed.

    Of course, for fonts that only come as part of a software package but install fonts as system fonts (why?), it also tells remote sites what you have installed, which is an additional privacy concern.

  4. Re: Identifiable enough that Google targets ads by networkzombie · · Score: 4, Informative

    Actually, no. Web surfing involves visiting a multitude of sites. Whitelisting would be painstakingly difficult, especially with the wife. Even whitelisting cookies is tedious, but cookies are what you should be whitelisting. After your accept all the cookies you need (bank, Slashdot, etc...) then block the rest. Simply visiting a web site is no reason to accept a cookie. If you can identify any sites to block (DoubleClick) then blacklisting is the way to go. We're not talking about a server here, it is a web browser. Imagine whitelisting 20 sites per hour while shopping for a pair of shoes.
    What I do is to identify what sites are serving me ads, surf those sites while capturing packets using your favorite tool (NetworkTrafficView from Nirsoft if using Windows is easy) and block those sites using your firewall (IPs) and/or hosts file (FQDNs). I haven't seen a DoubleClick ad in years. In Windows my hosts file looks like this:
    0.0.0.0 ad.doubleclick.net
    0.0.0.0 ad.uk.doubleclick.net
    0.0.0.0 ad.n2434.doubleclick.net
    0.0.0.0 doubleclick.net
    0.0.0.0 a.doubleclick.net
    The Slashdot filter made me cut quite a bit out, but you get the idea.
    This work has already been done and gets updated for you here: http://someonewhocares.org/hos...
    My Windows Firewall is more extensive. I block massive subnets in Russia, Ukraine, and China (ex. LACNIC Latin American and Caribbean 190.0.0.0/8). This is all for a laptop that leaves the house. For an in-home solution you should get a better router and block them at the gateway so your iPad is safe too. pfSense is very flexible, but DD-WRT can do some neat tricks.

  5. Re:I'm a special snowflake apparently. by Pieroxy · · Score: 4, Informative

    What are you talking about? Browsers don't send installed fonts list to anybody!

    The detection occurs when in CSS you specify font-family: XYZ. This is going to be displayed in the default font, unless the font XYZ is installed. By analyzing the width of the element you specified the font for (or drawing it into a canvas element) you can distinguish the cases where the font is installed from the case where the default font is used instead.

    Hard to circumvent...

    --
    Write boring code, not shiny code!
  6. Re:I'm a special snowflake apparently. by Pieroxy · · Score: 4, Informative

    This page will detect the fonts on your system without Java or Flash.

    --
    Write boring code, not shiny code!
  7. Re:Identifiable enough that Google targets ads by Runaway1956 · · Score: 3, Informative

    Apparently, Ghostery is pretty effective at blocking doubleclick. I do not get those personalized advertisements. The ONLY place where "ads" are even somewhat accurately aimed at me, is Amazon. If/when I clear cookies, and browse without signng in, their limited accuracy disappears.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  8. Re:I'm a special snowflake apparently. by Anonymous Coward · · Score: 2, Informative

    With noScript enabled, it show no fonts at all.
    None of the buttons work, either.
    Dunno what you're talking about.