Using these to track your visitors?
|The vast majority of people surfing the web leave behind digital fingerprints that can be used to uniquely identify them, research released Monday by the Electronic Frontier Foundation suggests. |
That's absolutely correct - I've used this fact to deny access to very specific computers, which are stable, rather than their IPs, which are unstable and subject to being proxy'd.
|brotherhood of LAN|
It's a tad unusual that they don't mention the concept of cookies in their article there.
I find this stat hard to believe. 84% of 1 million people had a 'unique' fingerprint? They mention using the UA and the "accept" header, what else... "accept-*" headers?
BoL did you go to the site? I was surprised to see that what made "me" unique was their enumeration of plugins and fonts that I have installed.
|brotherhood of LAN|
I didn't but now I'm surprised too. Aside from having en-GB in my UA, fonts and plugins gave me away too.
Also, just wondering how they class it as unique. Surely someone has deleted their cookies and re-taken the test.
I was not surprised they could identify my tricked out Firefox browser as unique, but they even pegged my other browsers, that I considered to be "out-of-the-box" everyday setups.
If this were not from a well-reputed organization, I wouldn't have believed it when it said those browsers were uniquely identifiable.
Might be a good argument for spoofing the user agent -- that was where it really singled me out. (Or else, just keep fidgeting with your browser settings.)
Don't forget your browser also announces things like the font-types you have on your pc. These fingerprints are not just about the browser and its settings.
A small test with the browsers on my pc:
(All on W7 x64)
Every browser I have on my system (Opera, IE, FF, Safari and Chrome) gives the same result:
- unique and at least 19.94 bits of identifying information
Then the 'private' browsing modes:
Opera: one in 503,168 browsers; 18.94 bits of identifying information
FF 3.63 with torbutton: one in 503,196 browsers;18.94 bits of identifying information
Safari: still unique and at least 19.94 bits of identifying information
Chrome: one in 503,205 browsers; 18.94 bist of identifying information
Aparantly it doesn't matter what browser I'm using (non private-browsing) there is enough information to identify my browser.
Very impressive private browsing in Opera and Chrome, with there userbase ...
ps: these results are just for my system, you won't get exactly the same numbers.
I'm not sure how effective their tests really are. I apparently am unique - no others found.
Apparently my browser UA is unique: odd, since it's a standard FF "out of the box" that millions of people must use.
HTTP_ACCEPT - another "out of the box" setting I would expect to be very common, yet noted as unique.
For this one excercise I enabled cookies - I usually prohibit them - so I got a Yes which apparently no one else has.
So based on that I should, in theory, match millions of other browsers, not the zero I was told.
There are many more headers that could have been checked but weren't: I block innumerable bots and hackers using various combinations of them.
The one thing they didn't pick up, which of course on a first visit they couldn't know, is that I have a fixed IP. Now that certainly identifies me within the limits of the two people and three computers at this location. :)
To be fair, I think their database was not working and probably the web site itself was stuffed: it just sat there loading at me most of the time. Out of five attempts to access the site I only got the home page twice and hence two (identical) "valid" tests from that - VERY slowly. This does not alter the fact that they do not seem to test all possible information and are completely fooled when JS is turned off.
Moral: turn off JS; turn off cookies.