homepage Welcome to WebmasterWorld Guest from 54.205.144.54
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
Browser Fingerprints
Using these to track your visitors?
tangor




msg:4134270
 9:32 pm on May 17, 2010 (gmt 0)

The vast majority of people surfing the web leave behind digital fingerprints that can be used to uniquely identify them, research released Monday by the Electronic Frontier Foundation suggests.

Using a website that compares visitors' browser configurations to a database of almost 1 million other users, EFF researchers found that 84 percent of visitors used setting combinations that were unique. When The Register visited the site using Firefox, it received a message that read: "Your browser fingerprint appears to be unique among the 837,411 tested so far." Turning off javascript with the NoScript plugin didn't change the result.

[theregister.co.uk...]

 

helleborine




msg:4134360
 11:39 pm on May 17, 2010 (gmt 0)

That's absolutely correct - I've used this fact to deny access to very specific computers, which are stable, rather than their IPs, which are unstable and subject to being proxy'd.

brotherhood of LAN




msg:4134419
 1:58 am on May 18, 2010 (gmt 0)

It's a tad unusual that they don't mention the concept of cookies in their article there.

I find this stat hard to believe. 84% of 1 million people had a 'unique' fingerprint? They mention using the UA and the "accept" header, what else... "accept-*" headers?

caribguy




msg:4134495
 5:46 am on May 18, 2010 (gmt 0)

BoL did you go to the site? I was surprised to see that what made "me" unique was their enumeration of plugins and fonts that I have installed.

brotherhood of LAN




msg:4134506
 6:14 am on May 18, 2010 (gmt 0)

I didn't but now I'm surprised too. Aside from having en-GB in my UA, fonts and plugins gave me away too.

Are they just using javascript for all that detection?

Also, just wondering how they class it as unique. Surely someone has deleted their cookies and re-taken the test.

timster




msg:4135325
 2:39 pm on May 19, 2010 (gmt 0)

I was not surprised they could identify my tricked out Firefox browser as unique, but they even pegged my other browsers, that I considered to be "out-of-the-box" everyday setups.

If this were not from a well-reputed organization, I wouldn't have believed it when it said those browsers were uniquely identifiable.

Might be a good argument for spoofing the user agent -- that was where it really singled me out. (Or else, just keep fidgeting with your browser settings.)

ssgjcl




msg:4135909
 2:27 pm on May 20, 2010 (gmt 0)

Don't forget your browser also announces things like the font-types you have on your pc. These fingerprints are not just about the browser and its settings.

ssgjcl




msg:4136058
 5:34 pm on May 20, 2010 (gmt 0)

A small test with the browsers on my pc:
(All on W7 x64)

Every browser I have on my system (Opera, IE, FF, Safari and Chrome) gives the same result:
- unique and at least 19.94 bits of identifying information

Then the 'private' browsing modes:
Opera: one in 503,168 browsers; 18.94 bits of identifying information
FF 3.63 with torbutton: one in 503,196 browsers;18.94 bits of identifying information
Safari: still unique and at least 19.94 bits of identifying information
Chrome: one in 503,205 browsers; 18.94 bist of identifying information

Aparantly it doesn't matter what browser I'm using (non private-browsing) there is enough information to identify my browser.
Very impressive private browsing in Opera and Chrome, with there userbase ...

ps: these results are just for my system, you won't get exactly the same numbers.

dstiles




msg:4137170
 10:29 pm on May 22, 2010 (gmt 0)

I'm not sure how effective their tests really are. I apparently am unique - no others found.

Apparently my browser UA is unique: odd, since it's a standard FF "out of the box" that millions of people must use.

HTTP_ACCEPT - another "out of the box" setting I would expect to be very common, yet noted as unique.

For this one excercise I enabled cookies - I usually prohibit them - so I got a Yes which apparently no one else has.

Everything else said "No Javascript", which is usual and again I can't believe I'm unique in that, given the popularity of NoScript.

So based on that I should, in theory, match millions of other browsers, not the zero I was told.

There are many more headers that could have been checked but weren't: I block innumerable bots and hackers using various combinations of them.

The one thing they didn't pick up, which of course on a first visit they couldn't know, is that I have a fixed IP. Now that certainly identifies me within the limits of the two people and three computers at this location. :)

To be fair, I think their database was not working and probably the web site itself was stuffed: it just sat there loading at me most of the time. Out of five attempts to access the site I only got the home page twice and hence two (identical) "valid" tests from that - VERY slowly. This does not alter the fact that they do not seem to test all possible information and are completely fooled when JS is turned off.

Moral: turn off JS; turn off cookies.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved