View Full Version : How unique is your browser?

01-27-2010, 05:32 PM
Interesting stuff here (http://panopticlick.eff.org/).

Found on Boing Boing.

01-27-2010, 06:06 PM
Well, according to that, I'm unique!

01-27-2010, 07:34 PM
me 'appears to be unique' too :D ... or is it a bad thing? Now how to find out what all the things on that screen mean...

01-27-2010, 07:56 PM
I iz speshiul, and unik... apperently.

01-27-2010, 08:21 PM
What unique means is that your browser alone gives out enough information to track your identity. Between your loaded fonts, extensions, browser choice etc.... most people are identifying themselves, or at least their computer, everywhere they surf. For an eye opening result try the link above with and without javascript enabled.

I am not going to be so stupid as to enter the argument of what anyone might want to hide. Rather, I am going to suggest that people consider what level of privacy makes them comfortable empowered individuals.

01-27-2010, 08:24 PM
I have no idea what this means but:

Within our dataset of about ten thousand visitors, only one in 181 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 7.5 bits of identifying information.

I think being uinque is bad because it means sites can track you even if they don't know exactly who you are. It's kind of like driving a new Corvette through a run down neighborhood...they know you as "that guy in the vette". At least that's what I'm understanding them as trying to say.

01-28-2010, 04:27 AM
That was my take on it too but unique only among the sample tested which compared to internet users in total is tiny.

Not that I'm overly worried. If people want to track my movelements they can be my guest. I tend to visit only about 4 or 5 sites regularly.

I used to have Zone Alarm Pro which had an option to allow you to surf the web anonymously. I wonder if using that setting would affect the result?

01-28-2010, 11:31 AM
Not much, I suspect. Most of the information the browser is sending is necessary for it to function properly. For kicks, I tried it through an anonymizing proxy server and got only slightly better results: 1 in 18,000 rather than 1 in 110,000. And that was probably mostly due to the proxy shutting off cookies, which I usually have on.

Incidentally, the claim of "several hundred thousand visitors" is dishonest, since if the web browser is totally unique, they reveal that only ~110,000 browsers have been tested so far. I imagine that will go up over the next few days, but still…

01-28-2010, 02:27 PM
1 in 2,676 browsers have my fingerprint. Should I be scared? :S

Is that because I have the noScript plugin for Firefox?

01-28-2010, 03:36 PM
1 in 27,000 and again I am on latest FF with adblock and noscript too so I don't think that can be quite right tho I am on XPx64 which is pretty unusual I think and probably shows up in the user agent as windows V5.2. One in 181 is pretty good for anonymity but lets be fair you also send your IP which is pretty unique anyway without a proxy or TOR behind it. This thing with the number of 'bits' is a bit silly cos you cant change them in order to convey messages with it unless you had 27,000 different browsers to open connections with.

What they ought to do after this is to publish the most common ones so we can spoof the user agent string to match.

Also on boing the other day, did you catch that brilliant network analyzer from Berkley ? I was telling Jax about this in PM but you should all try this cos its brilliant but does convey lots of spoddy info thats a bit deep. You need to run full Java for it to work tho but in this case I think its worth it.


EDIT -- Hardyhar, spoofed my user agent string to XP 32 bit and its down to 1 in 1330 now. Hmm I might look through my web sites logfile and see the most common one in there and change it to that instead. :)

EDIT2 -- Down to 1250 with this: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
which I think is WinXP running Firefox with .net installed. I could get an IE one I guess but Id be too ashamed to broadcast it :D

To spoof UA in FF you put this "about:config" (no quotes) into the address bar, promise to be a good boy and get to the list of config items. Right click, create a new string called "general.useragent.override" in and then paste the user agent string above in as the text for it. Id stick to a proper one cos some web sites look at it and bin some of the scrapers or other weird stuff hitting it.

01-28-2010, 05:35 PM
Yep, go ahead, track me. Don't care, I'll tell ya where I go. Here,some BF2 forums, my Clan Forums, Warhammer Forums, and some comic strips.

Oh, and Porn, Can't forget the PORN! ;)

01-29-2010, 02:24 AM
The porn gets you down to 1:1.16

01-29-2010, 03:32 PM
Interesting stuff. I find using the list of installed fonts to track unique individuals online both clever and frightening. Something for us mappers to think about, as fonts are one of the tools of our trade...

02-01-2010, 05:20 PM
Well, while I don't really care if someone tracks me, I can't stand the idea that they might slow me down by a nano second. I pay good coin to have high speed Internet and I'd pitch a fit if anyone was leaching on my bandwidth. For that reason I don't broadcast my wireless information etc. It's funny though if I look out there in wireless air at least a couple of my neighbors are broadcasting.

Which brings up the point in this whole thing imo....most folks have no clue so they just run full generic with maybe a virus program running. That is the majority of net users and therefore pretty anonymous but for those who try to be safer (FF, NoScrip, Adblock, etc) they are clearly interested in tracking this group as well. It seems the anonymity of the web is gradually dying. Pretty soon you could be walking around with your real name tag and life story sticking out of the pocket of your online avatar.

The other thing about it that irritates: How long would you put up with someone walking around looking over your shoulder all day at everything you did? It probably wouldn't take long before you are ready to sock them in the face. It's just not right behavior. Now I can see it if they track certain words and phrases but it should only take a moment to realize someone not doing anything dangerous and move on.

Remember the old saying, "You don't get something for nothing." They want to know who you are because at the very least they want to try to sell you something. At the worst, ...

PS. Hehe, probably a good thing I don't do drugs or I'd be paranoid.

02-01-2010, 05:44 PM
Funny you should mention it, but a lot of 'privacy sensitive information' is on the net.
Do you keep a blog? how about a myspace, facebook or whatever clone of such type of site account?
A lot of people, teens and students in particular, maintain such pages.
Possible employers have been snooping the net for your name and/or nick for years now, do a search on your name / nickname for kicks, you might be (horribly unpleasantly) suprised with what you find.

As I don't do such stuff, my nick is predominantly highlighted in non-destructive ways (ie: no pictures of me drunk at parties or otherwise doing unappealing things..).
My real name shows up, but since it isn't me, I won't even count it as existing.
Browser anonimity is nice and all, but if the test says you use a unique profile, I'm putting my two cents on that they'd allready be able to distill close to all your personal information from it.

And I wholeheartedly agree, good thing I don't do drugs... if you know what goes on on the web, its scarier than plain borin' regular life =P

02-01-2010, 11:51 PM
I haven't tested on laptop (but I don't expect a large difference, if any) but I am unfortunately totally unique in both Opera (Primary Desktop browser) and FF which I use as my secondary/development browser.

The estimated fingerprint came out to be the same number, but the breakdown was not the same for the two browsers. For instance Fonts had a full 1 pt. difference (Opera having 1 point higher then FF), and that was unexpected. I expected Opera to be more unique then FF just because less people us Opera on Desktops then FF, but the thing that seems to make my browsers unique the most is fonts

02-02-2010, 08:19 AM
Lets get some perspective here. Because your browser is unique does not mean they can get at your personal details. All it means is that when you visit a suitably loaded web site then they can tell when you last visited it. Unless that website then transfers that info to another then a second web site cannot by uniqueness alone know what other websites you went to. The web site must also run some javascript to fetch the fonts and extensions used to build the uniqueness index which is not merely given out every time you visit a site. Disable javascript or use noscript and that whole lot is in the bin so your down to your basic user-agent string and some other small details to go on.

The 'they' in this discussion would only be significant if you went to a site and entered a lot of info into it - like google say. Otherwise I dont think it makes a lot of difference. If you use scroogle then thats out of the window too.

The reason fonts are significant is that your choice of downloaded fonts is pretty unique compared to the base browser which has millions of users shared over all the versions of each OS. Get no script and adblock - anybody who wants my adblock script is welcome - just say.

If you go onto WotC site then note they have a hit tracker script on their site which I block. This one does not but has google syndication ad revenue gathering which Arcana uses along with donations to fund the site.

I agree that if you do run a blog, facebook, myspace or other social networking site then do think about what you say and who you talk to as its most certainly all logged and profiled.