Panopticlick

"How unique – and trackable – is your browser?"

To let a web site adapt the content to fit your needs a browser will make a number of configuration details available, what operating system you use (this shouldn't really matter, but that is a different story), which version browser you are using (for browser sniffing), what screen size you have (to let the site content better fit your screen), what fonts you have (to create fallbacks in case you are lacking the font the web site uses) and so on.

This is well and nice, but there is a problem. These configuration details don't usually change very often and there are so many combinations of these configurations that it is possible, even probable, that your personal settings may be globally unique. In other words nobody else will have the settings that your browser has, even if you haven't personalised it. In the words of this site, your browser will have a fingerprint. Where ever it is used it can be identified. …

Why would this matter? Browsing is strictly speaking never private. Every PC, phone, TV on the internet will have an IP number, and all you do on this machine will give that number to the web server, this is the address to which the site content will be sent. However this IP number usually changes over time, so unless you can go to your internet service provider with a search warrant, something usually only goverment agencies can do, in practice an IP number is a private matter between you and the web sites you visit.

But what if the web site owners could gather information about not only about what you are doing on their web site, but your whole browsing history (or rather the much smaller part of it that other web site owners are willing to divulge, after all most do respect your privacy). If you were anonymous on one such web site, gave your name on another, your address on a third, it would be the same as giving your name and address to all three of them.

This "browser fingerprint" will technically only reveal the machine/browser you are using, but it wouldn't take a too long to build up a personal profile and the machines you are using, whether that could be done before the machine profile changes is a different question.

Is this a big concern? It is a concern, but the amount of personal information revealed and shared this way is likely to be less, at least for the time being, than using Facebook. Few site owners would want to sell their user data, and as long as this is the case there is little user data to merge into a complete profile. Collaborating web sites can, with some premeditation, get the same or better information without the lack of precision of these fingerprints.

It shouldn't be ignored though, because this kind of browser profiles can, for a short while, be used post hoc. You can key users to the fingerprints and combine that with other user data even after the user has left the site.

More immediately, and more practically, it can be used on a single site to look for users operating under different usernames or anomymously. This could for instance help blocking repeat trolls and spammers, which is a pretty benevolent and beneficial use of such fingerprints.

What can be done about it? In short and in the long: Not so much. As machines and their software get more clever they will be better at identifying us and what we do. There is a strong commercial incentive to build up target profiles. If a company produces colourful scarves they will have a strong incentive to find the potential buyers, a political organisation would want to identify potential members or bellweather issues. But from there to having a full personal profile on any person, family, or group, with their full addresses, friends, interests, and history, to anyone willing to pay for it is still a long step, and hopefully a step too far.

Browser profiles are too ephemeral, as a quick guess they will on average be unchanged for less than a quarter of a year, and unindentifiable for less than a year. They are symptomatic of the issues in general. For historical reasons browsers give up more information than a web site needs to know, because they cannot know what they need to know, and there is always some web site somewhere that needs a particular piece of data.

To be truly anonymous a browser would not only have to give up the heads-up data but the entire programming environment. This kind of anonymous environments exist, but they don't work very well, and they cannot work very well.

So are you unique as well? It only takes two clicks to tell.

Join the Conversation

  1. “Your browser fingerprint appears to be unique among the 1,301,681 tested so far.”hmm need to control dom storage

  2. “Your browser fingerprint appears to be unique among the 1,363,401 tested so far.Currently, we estimate that your browser has a fingerprint that conveys at least 20.38 bits of identifying information.”

  3. Your browser fingerprint appears to be unique among the 1,363,457 tested so far.Currently, we estimate that your browser has a fingerprint that conveys at least 20.38 bits of identifying information.

  4. Your browser fingerprint appears to be unique among the 1,376,522 tested so far.Currently, we estimate that your browser has a fingerprint that conveys at least 20.39 bits of identifying information.Hmm

Comment

Your email address will not be published. Required fields are marked *