Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Launches Panopticlick 2.0 (eff.org)

Posted by Soulskill on from the onward-and-upward dept.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

10 of 63 comments (clear)

  1. interesting by Noah+Haders · · Score: 3, Interesting

    2 interesting things about panopticlick: first, they report on browser fingerprinting, which is notoriously hard to defeat. second, they encourage users to allow ads from websites that purport to respect Do Not Track. there's no way to know if they actually respect it, and companies like google and facebook have been bald face liars in saying they respect it when they actually don't.

    1. Re:interesting by Anonymous Coward · · Score: 3, Informative

      browser fingerprinting, which is notoriously hard to defeat.

      A large part of fingerprinting is done via javascript. Disable javascript and you remote their ability to query all kinds of things about your browser that they use for fingerprinting.

      It's not everything though. You still need to genericize your user agent string, and a few other things. But javascript queries are about 80-90% of what goes into fingerprinting.

    2. Re:interesting by bluefoxlucid · · Score: 2

      They want you to install their EFF extension so they can monitor your privacy.

      --
      Support my political activism on Patreon.
    3. Re:interesting by buchner.johannes · · Score: 2

      2 interesting things about panopticlick: first, they report on browser fingerprinting, which is notoriously hard to defeat.

      Would it help to add some randomisation into the properties? Quick googling suggests it might be a solution, and there are some plugins: https://addons.mozilla.org/en-... https://www.dephormation.org.u... https://addons.mozilla.org/en-...

      You would have to not only change the random agent though (which may hide the fact you are running Linux or 64bi-vs-32bit). The plugin string is also pretty damning -- which version of Flash you have (and additional plugins, etc). For any GNOME user, the gnome Firefox plugin is a give-away.
      It would be useful if there was a extension that shows plugins to a site only on request (the gnome plugin is only important for extensions.gnome.org), Flash may be only important for a few websites of your choosing. That does not exist at the moment.

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    4. Re:interesting by Peter+Eckersley · · Score: 3, Informative

      Well, our source code is available so you can check that we do not monitor what you do with your privacy :). But if you don't like Privacy Badger, try Disconnect, ublock, AdAway, AdBlock or Adblock Plus(though you'll need to manually subscribe to Easy Privacy for AB and ABP)!

      --
      Fixing copyright
    5. Re:interesting by G00F · · Score: 2

      You're both right. Returning fingerprints that are not as unique and changing. But then you still have cookies and your IP.

      But I'm conflicted, as data like User Agent (OS info) and the window/screen sizes are very useful, and making them useless hurts those creating the sites.

      EFF's tool also shows so many bits of information, even getting rid of a dozen wont change much. I would assume trackers would take into consideration browser version changing and methods to track that can also over come random.

      --
      The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
  2. doesn't work without javascript by Anonymous Coward · · Score: 4, Informative

    The site doesn't work at all for me. Presumably, it requires javascript, which is exactly what nobody should be enabling by default. Javascript has been one of the largest exploit vectors of the modern web. It should at best be whitelisted on a very, very few sites such as trusted banking and finance sites. But absolutely not enabled in general - that's a big part of how people's systems end up severely jacked.

    1. Re:doesn't work without javascript by Anonymous Coward · · Score: 2, Informative

      Absolutely true. However, any site you're going to use for transactions is going to use it also. And they're the ones who are also tracking you with dozens of bots.
      So yes, you're safe from casual snarfing as you google stuff, but go to pull the trigger on a shopping cart and you're naked to ALL of them, unless xyz ghostery etc.

      Blocking javascript won't stop that but it IS the #1 step in securing your browser generally.

    2. Re:doesn't work without javascript by Peter+Eckersley · · Score: 3, Informative

      Yes our simulation of third party tracking involves visiting three synthetic first party domains that share a third party tracker. That works if you have various types of blockers installed, or if JavaScript is disabled. But if you have a browser that both blocks JS and blocks redirects or blocks absolutely all loads of tracking domains (eg via an /etc/hosts blacklister like AdAway), the test won't work. Congratulations, you have pretty good protections in place :)

      We're going to provide a fingerprinting-only URL for Panopticlick 2 that works even for people with a NoScript + AdAway or NoScript + redirect blocking, will post a link on the site when it's ready.

      --
      Fixing copyright
  3. Separate browser use by Kludge · · Score: 2

    Use different browsers for different web sites. I use firefox, seamonkey, chromium, konqueror, each one for a different kind of browsing (banking & bill payments vs. shopping vs. videos, etc.) At most they can figure out only a quarter of what I do online.