That's absolutely correct - I've used this fact to deny access to very specific computers, which are stable, rather than their IPs, which are unstable and subject to being proxy'd.

It's a tad unusual that they don't mention the concept of cookies in their article there.

I find this stat hard to believe. 84% of 1 million people had a 'unique' fingerprint? They mention using the UA and the "accept" header, what else... "accept-*" headers?

BoL did you go to the site? I was surprised to see that what made "me" unique was their enumeration of plugins and fonts that I have installed.

I didn't but now I'm surprised too. Aside from having en-GB in my UA, fonts and plugins gave me away too.

Are they just using javascript for all that detection?

Also, just wondering how they class it as unique. Surely someone has deleted their cookies and re-taken the test.

I was not surprised they could identify my tricked out Firefox browser as unique, but they even pegged my other browsers, that I considered to be "out-of-the-box" everyday setups.

If this were not from a well-reputed organization, I wouldn't have believed it when it said those browsers were uniquely identifiable.

Might be a good argument for spoofing the user agent -- that was where it really singled me out. (Or else, just keep fidgeting with your browser settings.)

Don't forget your browser also announces things like the font-types you have on your pc. These fingerprints are not just about the browser and its settings.

A small test with the browsers on my pc:
(All on W7 x64)

Every browser I have on my system (Opera, IE, FF, Safari and Chrome) gives the same result:
- unique and at least 19.94 bits of identifying information

Then the 'private' browsing modes:
Opera: one in 503,168 browsers; 18.94 bits of identifying information
FF 3.63 with torbutton: one in 503,196 browsers;18.94 bits of identifying information
Safari: still unique and at least 19.94 bits of identifying information
Chrome: one in 503,205 browsers; 18.94 bist of identifying information

Aparantly it doesn't matter what browser I'm using (non private-browsing) there is enough information to identify my browser.
Very impressive private browsing in Opera and Chrome, with there userbase ...

ps: these results are just for my system, you won't get exactly the same numbers.

I'm not sure how effective their tests really are. I apparently am unique - no others found.

Apparently my browser UA is unique: odd, since it's a standard FF "out of the box" that millions of people must use.

HTTP_ACCEPT - another "out of the box" setting I would expect to be very common, yet noted as unique.

For this one excercise I enabled cookies - I usually prohibit them - so I got a Yes which apparently no one else has.

Everything else said "No Javascript", which is usual and again I can't believe I'm unique in that, given the popularity of NoScript.

So based on that I should, in theory, match millions of other browsers, not the zero I was told.

There are many more headers that could have been checked but weren't: I block innumerable bots and hackers using various combinations of them.

The one thing they didn't pick up, which of course on a first visit they couldn't know, is that I have a fixed IP. Now that certainly identifies me within the limits of the two people and three computers at this location. :)

To be fair, I think their database was not working and probably the web site itself was stuffed: it just sat there loading at me most of the time. Out of five attempts to access the site I only got the home page twice and hence two (identical) "valid" tests from that - VERY slowly. This does not alter the fact that they do not seem to test all possible information and are completely fooled when JS is turned off.

Moral: turn off JS; turn off cookies.