EFF Launches Panopticlick 2.0 (eff.org)

← Back to Stories (view on slashdot.org)

EFF Launches Panopticlick 2.0 (eff.org)

Posted by Soulskill on Friday December 18, 2015 @02:39AM from the onward-and-upward dept.

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.

5 of 63 comments (clear)

Min score:

Reason:

Sort:

interesting by Noah+Haders · 2015-12-18 02:55 · Score: 3, Interesting

2 interesting things about panopticlick: first, they report on browser fingerprinting, which is notoriously hard to defeat. second, they encourage users to allow ads from websites that purport to respect Do Not Track. there's no way to know if they actually respect it, and companies like google and facebook have been bald face liars in saying they respect it when they actually don't.
1. Re:interesting by Anonymous Coward · 2015-12-18 03:31 · Score: 3, Informative
  
  browser fingerprinting, which is notoriously hard to defeat.
  A large part of fingerprinting is done via javascript. Disable javascript and you remote their ability to query all kinds of things about your browser that they use for fingerprinting.
  It's not everything though. You still need to genericize your user agent string, and a few other things. But javascript queries are about 80-90% of what goes into fingerprinting.
2. Re:interesting by Peter+Eckersley · 2015-12-18 10:15 · Score: 3, Informative
  
  Well, our source code is available so you can check that we do not monitor what you do with your privacy :). But if you don't like Privacy Badger, try Disconnect, ublock, AdAway, AdBlock or Adblock Plus(though you'll need to manually subscribe to Easy Privacy for AB and ABP)!
  
  --
  Fixing copyright
doesn't work without javascript by Anonymous Coward · 2015-12-18 03:28 · Score: 4, Informative

The site doesn't work at all for me. Presumably, it requires javascript, which is exactly what nobody should be enabling by default. Javascript has been one of the largest exploit vectors of the modern web. It should at best be whitelisted on a very, very few sites such as trusted banking and finance sites. But absolutely not enabled in general - that's a big part of how people's systems end up severely jacked.
1. Re:doesn't work without javascript by Peter+Eckersley · 2015-12-18 10:08 · Score: 3, Informative
  
  Yes our simulation of third party tracking involves visiting three synthetic first party domains that share a third party tracker. That works if you have various types of blockers installed, or if JavaScript is disabled. But if you have a browser that both blocks JS and blocks redirects or blocks absolutely all loads of tracking domains (eg via an /etc/hosts blacklister like AdAway), the test won't work. Congratulations, you have pretty good protections in place :)
  We're going to provide a fingerprinting-only URL for Panopticlick 2 that works even for people with a NoScript + AdAway or NoScript + redirect blocking, will post a link on the site when it's ready.
  
  --
  Fixing copyright