Welcome to WebmasterWorld Guest from 23.20.221.93

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Browser Fingerprints

Using these to track your visitors?

     
9:32 pm on May 17, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6964
votes: 385


The vast majority of people surfing the web leave behind digital fingerprints that can be used to uniquely identify them, research released Monday by the Electronic Frontier Foundation suggests.

Using a website that compares visitors' browser configurations to a database of almost 1 million other users, EFF researchers found that 84 percent of visitors used setting combinations that were unique. When The Register visited the site using Firefox, it received a message that read: "Your browser fingerprint appears to be unique among the 837,411 tested so far." Turning off javascript with the NoScript plugin didn't change the result.

[theregister.co.uk...]
11:39 pm on May 17, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 8, 2004
posts:527
votes: 0


That's absolutely correct - I've used this fact to deny access to very specific computers, which are stable, rather than their IPs, which are unstable and subject to being proxy'd.
1:58 am on May 18, 2010 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4843
votes: 2


It's a tad unusual that they don't mention the concept of cookies in their article there.

I find this stat hard to believe. 84% of 1 million people had a 'unique' fingerprint? They mention using the UA and the "accept" header, what else... "accept-*" headers?
5:46 am on May 18, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 16, 2007
posts:846
votes: 0


BoL did you go to the site? I was surprised to see that what made "me" unique was their enumeration of plugins and fonts that I have installed.
6:14 am on May 18, 2010 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4843
votes: 2


I didn't but now I'm surprised too. Aside from having en-GB in my UA, fonts and plugins gave me away too.

Are they just using javascript for all that detection?

Also, just wondering how they class it as unique. Surely someone has deleted their cookies and re-taken the test.
2:39 pm on May 19, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 1, 2003
posts:815
votes: 0


I was not surprised they could identify my tricked out Firefox browser as unique, but they even pegged my other browsers, that I considered to be "out-of-the-box" everyday setups.

If this were not from a well-reputed organization, I wouldn't have believed it when it said those browsers were uniquely identifiable.

Might be a good argument for spoofing the user agent -- that was where it really singled me out. (Or else, just keep fidgeting with your browser settings.)
2:27 pm on May 20, 2010 (gmt 0)

New User

5+ Year Member

joined:May 20, 2010
posts:6
votes: 0


Don't forget your browser also announces things like the font-types you have on your pc. These fingerprints are not just about the browser and its settings.
5:34 pm on May 20, 2010 (gmt 0)

New User

5+ Year Member

joined:May 20, 2010
posts:6
votes: 0


A small test with the browsers on my pc:
(All on W7 x64)

Every browser I have on my system (Opera, IE, FF, Safari and Chrome) gives the same result:
- unique and at least 19.94 bits of identifying information

Then the 'private' browsing modes:
Opera: one in 503,168 browsers; 18.94 bits of identifying information
FF 3.63 with torbutton: one in 503,196 browsers;18.94 bits of identifying information
Safari: still unique and at least 19.94 bits of identifying information
Chrome: one in 503,205 browsers; 18.94 bist of identifying information

Aparantly it doesn't matter what browser I'm using (non private-browsing) there is enough information to identify my browser.
Very impressive private browsing in Opera and Chrome, with there userbase ...

ps: these results are just for my system, you won't get exactly the same numbers.
10:29 pm on May 22, 2010 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts: 3121
votes: 3


I'm not sure how effective their tests really are. I apparently am unique - no others found.

Apparently my browser UA is unique: odd, since it's a standard FF "out of the box" that millions of people must use.

HTTP_ACCEPT - another "out of the box" setting I would expect to be very common, yet noted as unique.

For this one excercise I enabled cookies - I usually prohibit them - so I got a Yes which apparently no one else has.

Everything else said "No Javascript", which is usual and again I can't believe I'm unique in that, given the popularity of NoScript.

So based on that I should, in theory, match millions of other browsers, not the zero I was told.

There are many more headers that could have been checked but weren't: I block innumerable bots and hackers using various combinations of them.

The one thing they didn't pick up, which of course on a first visit they couldn't know, is that I have a fixed IP. Now that certainly identifies me within the limits of the two people and three computers at this location. :)

To be fair, I think their database was not working and probably the web site itself was stuffed: it just sat there loading at me most of the time. Out of five attempts to access the site I only got the home page twice and hence two (identical) "valid" tests from that - VERY slowly. This does not alter the fact that they do not seem to test all possible information and are completely fooled when JS is turned off.

Moral: turn off JS; turn off cookies.