New research by the Electronic Frontier Foundation (EFF) has found
that an overwhelming majority of web browsers have unique signatures --
creating identifiable "fingerprints" that could be used to track you as
you surf the Internet.
The findings were the result of an experiment EFF conducted with volunteers who visited http://panopticlick.eff.org/.
The website anonymously logged the configuration and version
information from each participant's operating system, browser, and
browser plug-ins -- information that websites routinely access each
time you visit -- and compared that information to a database of
configurations collected from almost a million other visitors. EFF
found that 84% of the configuration combinations were unique and
identifiable, creating unique and identifiable browser "fingerprints."
Browsers with Adobe Flash or Java plug-ins installed were 94% unique
and trackable.
"We took measures to keep participants in our experiment anonymous,
but most sites don't do that," said EFF Senior Staff Technologist Peter
Eckersley. "In fact, several companies are already selling products
that claim to use browser fingerprinting to help websites identify
users and their online activities. This experiment is an important
reality check, showing just how powerful these tracking mechanisms are."
EFF found that some browsers were less likely to contain unique
configurations, including those that block JavaScript, and some browser
plug-ins may be able to be configured to limit the information your
browser shares with the websites you visit. But overall, it is very
difficult to reconfigure your browser to make it less identifiable. The
best solution for web users may be to insist that new privacy
protections be built into the browsers themselves.
"Browser fingerprinting is a powerful technique, and fingerprints
must be considered alongside cookies and IP addresses when we discuss
web privacy and user trackability," said Eckersley. "We hope that
browser developers will work to reduce these privacy risks in future
versions of their code."
EFF's paper on Panopticlick will be formally presented at the
Privacy Enhancing Technologies Symposium (PETS 2010) in Berlin in July.
For the full white paper: How Unique is Your Web Browser?
More details on Pantopticlick.
More on online behavioral tracking.
Electronic Frontier Foundation