Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Site Checks Your Browser's Fingerprint

Posted by EditorDavid on from the unique-identifiers dept.

"Does your web browser have a unique fingerprint? If so your web browser could be tracked across websites without techniques such as tracking cookies..." warns a new site created by the University of Adelaide and ACEMS, adding "the anonymization aspects of services such as Tor or VPNs could be negated if sites you visit track you using your browser fingerprint." AnonymousCube contacted Slashdot about their free browser fingerprinting test suite: On the site you can see what data can be used to track you and how unique your fingerprint is. The site includes new tests, such as detecting software such as Privacy Badger, via how social media buttons are disabled, and CSS only (no JavaScript or flash) tests to get screen size and installed fonts.
If you're serious about privacy, you might want to test the uniqueness of your browser's fingerprint.

17 of 104 comments (clear)

  1. "if you're serious about security" by Anonymous Coward · · Score: 5, Informative

    you've known that browser fingerprinting is real and beimg used for years.

    1. Re:"if you're serious about security" by Joce640k · · Score: 2

      Noscript works.

      Enabling noscript switches my browser from 'unique' to 'one in 24'.

      --
      No sig today...
  2. FTFY by QuietLagoon · · Score: 5, Funny

    ...If you're serious about privacy, you might want to test the uniqueness of your browser's fingerprint. ...

    If you're not serious about privacy, you might want to register your browser's fingerprint with that site. :)

  3. Old site also checks your browser's fingerprint by wonkey_monkey · · Score: 5, Informative

    https://panopticlick.eff.org/

    --
    systemd is Roko's Basilisk.
    1. Re:Old site also checks your browser's fingerprint by houstonbofh · · Score: 2

      That link is on the webpage of the test mentioned as well.

  4. Fingerprint Randomizer by crow · · Score: 4, Insightful

    People have talked about browser fingerprints for years, but I haven't heard any solid reports of sites making use of them. For example, news sites that limit you to a few free articles before paywalling you are easily viewed in a private window or with self-destructing cookies.

    If this becomes a real issue, then a browser extension that sanitizes and randomizes the fingerprint would defeat the process. Some aspects might be harder to sanitize or randomize than others, but with a bit of effort, fingerprints could be rendered useless.

    Maybe this should be the next extension offered by the EFF.

    1. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 3, Interesting

      > I haven't heard any solid reports of sites making use of them.

      I installed CanvasBlocker which has a setting to alert me every time the fingerprint is queried.

      So far I've noticed it on every page of github.com, the front page of pof.com, every page on medium.com, accounts.firefox.com - there are probably lots more, but I disable javascript by default so most sites don't even get a chance to fingerprint me.

      Canvasblocker randomizes on every page load. I think that makes you stand out more. I use task-specific profiles in firefox (e.g. banking profile, facebook profile, gmail profile, etc) and in most of those profiles I use Canvas Defender which lets you manually generate a new fingerprint and then keep it indefinitely but it doesn't warn you when a site is trying to take your fingerprint.

    2. Re:Fingerprint Randomizer by houstonbofh · · Score: 2

      But most of this fingerprinting is actually supported settings and are needed to display things correctly. Yes, you could set for least common denominator, but that means no video compression, and mp3 only audio.

    3. Re:Fingerprint Randomizer by Anonymous Coward · · Score: 4, Interesting

      > An extension that sets your fingerprint data to be the exact same as everyone else. That would be amusing.

      It would be ineffective unless a TON of people were using it. Until then it would just make you stand out more because they could easily recognize you as having that extension installed and then combined with all your other info (ip address, user agent, timezone, screen size, list of installed fonts, etc) you'd still be trackable.

      > For example, why does my browser expose monitor contrast level?

      It doesn't. YOU exposed it. When you filled out that captcha. The image in the captcha has a character that is invisible on low contrast monitors. So they discriminate your monitor contrast based on whether or not you typed in that character.

    4. Re:Fingerprint Randomizer by Zocalo · · Score: 3, Interesting

      Or you could be a little selective and just reduce the number of things that help make your fingerprint unique. That's the biggest failing in these fingerprinting sites so far; they don't really help you figure out how to do that, and what the effects on your fingerprint's uniqueness might be if you did to help you decide whether it's worth the effort or not. What I'd like to see is each parameter have a way of telling me right there what the common value options for that parameter are, they effect on your fingerprint of setting it to that value, and some suggestions as to how to go about doing that, especially where it's something as simple as downloading the US-English version of a browser intead of the UK-English one.

      --
      UNIX? They're not even circumcised! Savages!
  5. Re:er, this is not a good idea by houstonbofh · · Score: 4, Informative

    It is a fork of https://panopticlick.eff.org/ and about the same thing with a few more tests. And I am unique on both.

  6. Re:On (Cron) FrontPage.Post.FireHose.getLatestTren by Fwipp · · Score: 4, Funny

    Pssh, like that can't be forged.

    -dk

  7. Re:Utility and deviance of the User Agent by NotAPK · · Score: 4, Informative

    "It is not just a refer. How about if it queries what fonts you support? Any of them not standard? How about media support? What java and flash are you on? What is your screen resolution? Browser window size if not full screen? There is a lot to catch..."

    HTTP is request based. The client asks for what it needs: the server does not push out what it thinks the client needs.

    Font support: the server has no need to know about my fonts. The CSS should suggest the preferred fonts, but if I don't have their preferred font installed then my browser will substitute. The server never needs to know this.

    Media: my browser will ask for the media it wants to display. If it can't display media it won't ask for it. If it asks for something complex, like a movie file (for example) and the file downloads and then it is unable to handle the file, then surely this should have been managed my correctly identifying the MIME type of the file. The browser can then terminate the download, knowing that it won't be able to play it. Yes, I appreciate codecs make this trickier than it has to be: HTML5 should have fixed this. Comments?

    Screen Resolution: none of the server's business.

    Window Size: again, none of the server's business. If your website is so crappy that it must autosize in some stupid [yes, there are **few** caveats] way then this should be done using local JavaScript.

    So, provided I haven't pissed everyone off: assuming all clients implement the HTTP standards correctly and uniformly, please remind me why the server needs to know anything about the client?

  8. Re:Utility and deviance of the User Agent by houstonbofh · · Score: 2

    Window Size: again, none of the server's business. If your website is so crappy that it must autosize in some stupid [yes, there are **few** caveats] way then this should be done using local JavaScript.

    This is now used in html5 websites extensively to decide if you will have a menu bar or a hidden menu. It is the desktop vs mobile for websites thing that Google actually looks for and grades you on. The rest is also very common in the "rich web experience" that is common now and most browsers support this. Go to the panopticon page and see. It will show your screen resolution.

  9. Re:EFF offered this years ago... by houstonbofh · · Score: 2

    Oh for fucks sake! It is the University of Adelaide and it is in the fucking summery! And the EFF website for the same thing is on their page! And a tiny bit of effort would tell you that they have overcome the measures put in place to block a lot of the old tracking, like no script.

    Did you have nothing to add other then FUD in your post?

  10. Re:well by arth1 · · Score: 2

    Fortunately or unfortunately, this site doesn't even work with non-graphical browsers with images enabled by default. They use a CAPTCHA that has no fallback method, so they just won't capture those who use browser that won't download the CAPTCHA by default.

    [...]

          a a a a a a a a a a a a a a a a a a

          Please type the letters from the image into the box below.

          CAPTCHA was incorrect. Please try again.

  11. Test More Than Once by DERoss · · Score: 3, Interesting

    Visit the test Web site more than once. If subsequent visits indicate that you remain unique -- that you are the only one out of all visits including your own prior visits -- then you are somewhat safe from tracking. Even better is when it reports inconsistent results from several visits within a short period of time. I did that, and the report was that I was unique twice relative to HTTP_ACCEPT Headers. Also, the Monitor Contrast Level was not the same for two consecutive visits.

    I get this result by installing the Secret Agent extension from https://www.dephormation.org.u.... Panopticlick has similar problems characterizing my browser. And various Web sites that attempt geolocation have me all over the globe.