Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Launches Panopticlick 2.0 (eff.org)

Posted by Soulskill on from the onward-and-upward dept.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

5 of 63 comments (clear)

  1. doesn't work without javascript by Anonymous Coward · · Score: 4, Informative

    The site doesn't work at all for me. Presumably, it requires javascript, which is exactly what nobody should be enabling by default. Javascript has been one of the largest exploit vectors of the modern web. It should at best be whitelisted on a very, very few sites such as trusted banking and finance sites. But absolutely not enabled in general - that's a big part of how people's systems end up severely jacked.

    1. Re:doesn't work without javascript by Anonymous Coward · · Score: 2, Informative

      Absolutely true. However, any site you're going to use for transactions is going to use it also. And they're the ones who are also tracking you with dozens of bots.
      So yes, you're safe from casual snarfing as you google stuff, but go to pull the trigger on a shopping cart and you're naked to ALL of them, unless xyz ghostery etc.

      Blocking javascript won't stop that but it IS the #1 step in securing your browser generally.

    2. Re:doesn't work without javascript by Peter+Eckersley · · Score: 3, Informative

      Yes our simulation of third party tracking involves visiting three synthetic first party domains that share a third party tracker. That works if you have various types of blockers installed, or if JavaScript is disabled. But if you have a browser that both blocks JS and blocks redirects or blocks absolutely all loads of tracking domains (eg via an /etc/hosts blacklister like AdAway), the test won't work. Congratulations, you have pretty good protections in place :)

      We're going to provide a fingerprinting-only URL for Panopticlick 2 that works even for people with a NoScript + AdAway or NoScript + redirect blocking, will post a link on the site when it's ready.

      --
      Fixing copyright
  2. Re:interesting by Anonymous Coward · · Score: 3, Informative

    browser fingerprinting, which is notoriously hard to defeat.

    A large part of fingerprinting is done via javascript. Disable javascript and you remote their ability to query all kinds of things about your browser that they use for fingerprinting.

    It's not everything though. You still need to genericize your user agent string, and a few other things. But javascript queries are about 80-90% of what goes into fingerprinting.

  3. Re:interesting by Peter+Eckersley · · Score: 3, Informative

    Well, our source code is available so you can check that we do not monitor what you do with your privacy :). But if you don't like Privacy Badger, try Disconnect, ublock, AdAway, AdBlock or Adblock Plus(though you'll need to manually subscribe to Easy Privacy for AB and ABP)!

    --
    Fixing copyright