Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tracking Browsers Without Cookies Or IP Addresses?

CmdrTaco posted more than 4 years ago | from the just-how-private-are-you dept.

Privacy 265

Peter Eckersley writes "The EFF has launched a research project called Panopticlick, to determine whether seemingly innocuous browser configuration information (like User Agent strings, plugin versions and fonts) may create unique fingerprints that allow web users to be tracked, even if they limit or delete cookies. Preliminary results indicate that the User Agent string alone has 10.5 bits of entropy, which means that for a typical Internet user, only one in about 1,500 (2 ^ 10.5) others will share their User Agent string. If you visit Panopticlick, you can get a reading of how rare or unique your browser configuration is, as well as helping EFF to collect better data about this problem and how best to defend against it." I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others.

Sorry! There are no comments related to the filter you selected.

Results and flash cookies (5, Informative)

sopssa (1498795) | more than 4 years ago | (#30919644)

I compared between IE, Firefox, Chrome and Opera. Both IE and Firefox were completely unique even with the user agent because of the .NET versions there. Opera and Chrome were quite genetic.

Plugins were also completely unique and really easy to detect in any other browser than IE8. Interestingly IE's plugin list was really small and not at all so unique. IE's top "warning" bar asked me if I want to run specific plugins (probably to detect them). System fonts were completely unique and looks like easy to detect.

Remember that this is info that for example Google gets all over the internet via Analytics - they don't even need those tracking cookies because your browser leaves so much unique data behind it that it doesn't matter. And so does every website owner.

Another thing people usually forget about when clearing cookies is that Flash has cookies too and they don't clear along. When have you last time cleared them? Probably never. You can use BleachBit" [sourceforge.net] to clear those along with other software, history and temp data.

Re:Results and flash cookies (4, Interesting)

Archangel Michael (180766) | more than 4 years ago | (#30919860)

And someone will create a Firefox Plugin in a few days that will randomize the variables being reported back, thus invalidating this.

I use a couple dozen different computers for things, and if they can "track" "ME" from that, all the better. Additionally, there are other people who use the same computers that I do, and if they can sniff out who is browsing at what time, all the more power to them. I also use three different browsers on the same computer to browse various sites as well, because of how they are rendered and the speed of rendering.

Now I also realize, that I'm not a "normal" case. Here's to being "odd" !

Re:Results and flash cookies (1)

Z00L00K (682162) | more than 4 years ago | (#30919998)

I wouldn't say that you are abnormal, but I foresee that browsers in the future will look into having stealth options to remove all identifiable information from the HTTP requests and randomize what can't easily be filtered out.

Of course - there are details that are a bit more tricky to fiddle with - like originating IP address.

Little Bobby Tables in User Agent String (5, Funny)

fibrewire (1132953) | more than 4 years ago | (#30920318)

Lets see whose tracking what :P

Somebody write a firefox plugin that changes "Fingerprints" to "DropDB" statements

Re:Results and flash cookies (2, Interesting)

Kijori (897770) | more than 4 years ago | (#30920336)

I use a couple dozen different computers for things, and if they can "track" "ME" from that, all the better. Additionally, there are other people who use the same computers that I do, and if they can sniff out who is browsing at what time, all the more power to them. I also use three different browsers on the same computer to browse various sites as well, because of how they are rendered and the speed of rendering.

Advertising companies don't need to be able to identify an individual in order for the data to be useful to them - if they can identify what sites the people that use your computer go to they can construct a demographic that is more useful to them than simply the average user of the site showing the adverts.

Put it this way: television companies can't tailor their adverts for specific viewers, but they still put significant effort into finding out information about those viewers. Why? Because the more precisely they can define the average viewer the more they can charge advertisers. Similarly, knowing the average user of your computer, while not as useful as knowing your exact tastes, is more than enough for them to want to track your computer's page views.

Perhaps more worryingly, unless your browsing habits are very similar it wouldn't take much to separate the different users of the computer. If you know what sites every computer visits you could say, for example, that computers that visit Slashdot are unlikely to visit mypinkpony.com - and you could infer, with a relatively high degree of confidence, that if a computer visits both of these sites it is likely that it has multiple users. Then, when the computer visits techreport.com you can ignore all but the sites that were visited shortly before or after visiting Slashdot, while treating sites like mypinkpony.com as a sign that the user has changed. Is it perfect? No, but it will allow you to reduce the noise significantly and build a fairly accurate picture of what to try to sell you.

Re:Results and flash cookies (2, Interesting)

PYRILAMPES (609544) | more than 4 years ago | (#30920410)

How about a nice packet shaper for your router? Borrow a variable from another user, add it to your router and pass it on?

Re:Results and flash cookies (1)

pushing-robot (1037830) | more than 4 years ago | (#30920610)

Actually, Torbutton already anonymizes the user agent string and screen resolution and blocks browser plugins. I don't think it blocks fonts, so that still could be an issue.

But even without any anonymizing plugin, I tested my Mac and found it to be relatively untrackable—one in every few thousand computers matches it. It's not too surprising; Apple pushes Flash/Java/Quicktime updates, Safari stays up to date, and there are only a handful of Mac screen resolutons. Unless you've got some unusual system fonts, it would be hard to distinguish your Mac from any other.

And if you really wanted to ensure anonymity, there's always virtual machines.

Re:Results and flash cookies (4, Informative)

Ken D (100098) | more than 4 years ago | (#30920964)

You are misreading the statistics. If only one in a few thousand computers matches yours, then you are very trackable. Your computer sticks out in a crowd. You want to be as close to 1:1 as you can get, as in, my computer looks like every other computer.

Re:Results and flash cookies (1)

bill_mcgonigle (4333) | more than 4 years ago | (#30920686)

And someone will create a Firefox Plugin in a few days that will randomize the variables being reported back, thus invalidating this.

There are still many unique variables for a given HTTP connection, even if only looking at the times and orders of connection requests. Not to mention cache effects or URL tracking tricks.

You can be anonymous but you can't be ambiguous, if you use sites which use data mining techniques to identify their visitors (and you don't know who those are).

Re:Results and flash cookies (2, Informative)

Lumpy (12016) | more than 4 years ago | (#30920732)

https://addons.mozilla.org/en-US/firefox/addon/6581 [mozilla.org]

too late, they beat you to it.

Re:Results and flash cookies (1)

Lumpy (12016) | more than 4 years ago | (#30920780)

Dang slashdot. It ate this and I did not see it as a response for 10 minutes so I figured it did not post... Sorry about the dupe.

Re:Results and flash cookies (1)

GradiusCVK (1017360) | more than 4 years ago | (#30921054)

Don't you see? Now all they have to do is find the usage patterns they can't quite figure out and they'll know it's all you.

Re:Results and flash cookies (1)

sopssa (1498795) | more than 4 years ago | (#30919876)

One extra thing I noticed also. If you disable javascript they weren't able to get any other info than user agent and http_accept strings.

So NoScript is good to use. Also in Opera you can do this by disabling global javascript and enabling it on per site basis.

Re:Results and flash cookies (4, Funny)

KevMar (471257) | more than 4 years ago | (#30920200)

Using NoScript tells them plenty of information.

You are either:
1) Aware of the security risk on the internet so you disabled javascript
2) You suffer from Paranoid Schizophrenia and don't want them controlling things
3) You have a serious aversion to adds

So the adds they should show you would go something like this in a jpg or animated gif (that is not a standard banner size).

Do you want that extra protection that you just can't get on your own? You need more information on how addvertisements and security threats work. Fallow this link to make sure you are informed. They are still watching you.

Sometimes they don't have to track you to figure out your habits

Re:Results and flash cookies (2, Interesting)

SydShamino (547793) | more than 4 years ago | (#30920292)

With javascript disabled my profile was a mere one in 143, but when I enabled javascript and let them run it again, I became a unique flower.

While having javascript disabled does bin me somewhat (perhaps to 1-2%), telling them about my LabVIEW 8.6 Plugin for Netscape 32 and my Mentor Graphics Veribest Gerber 0 fonts made me completely unique.

So yeah, javascript disabled totally helps.

Re:Results and flash cookies (0)

Anonymous Coward | more than 4 years ago | (#30920840)

I was unique even with js disabled, iceweasel user..

Re:Results and flash cookies (0)

Anonymous Coward | more than 4 years ago | (#30921118)

4. It makes browsing at least a entire order of magnitude faster, even moreso on my netbook.

(You forgot a big one here.)

Re:Results and flash cookies (1)

Zerth (26112) | more than 4 years ago | (#30921286)

Anyone using the screen size characteristic can be fooled merely by moving my browser to another monitor(mine aren't identical).

Thanks EFF. I never thought about that. (5, Funny)

cornicefire (610241) | more than 4 years ago | (#30919692)

I'm glad they gave me some new ideas for tracking.

Re:Thanks EFF. I never thought about that. (4, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#30919838)

Psh. Real trackers use emotional demographics to Identify their users.

By tracking the various mouse movements on the page, and every key that might be entered, and the timing it takes between movements or keypresses, I can analyze that persons emotional relationship towards my web page. Some people might be angry, and thus have more spelling mistakes in their rage, or some people might be tender, loving, and caring, caressing the page softly and gently with their mouse.

Everyone has different habits and express their feelings towards web pages in different ways. I can easily tell who is visitting my site based on how they are visitting my site.

Re:Thanks EFF. I never thought about that. (1)

tbcpp (797625) | more than 4 years ago | (#30920378)

I'm an emotional demographic you insensitive clod!

Re:Thanks EFF. I never thought about that. (0)

Anonymous Coward | more than 4 years ago | (#30921168)

Funnily enough, this is actually quite a good way of tracking people.
Some people have very specific interaction profiles with computers.
With a decent algorithm, your interactions could be profiled.
And even if a person eventually was made aware of such techniques and erased all cookies with whatever tracking site, it could probably find them again pretty easily via the interaction profile.

That combined with the IDing from EFF demo could probably work even more efficiently in determining uniqueness.

And this is even better to do now due to JavaScript being significantly faster than it was a few years back.

The only other way to escape would be blocking JavaScript from them.

Re:Thanks EFF. I never thought about that. (1)

Talderas (1212466) | more than 4 years ago | (#30920028)

Your browser fingerprint appears to be unique among the 3,396 tested so far.

Fuck.

Re:Thanks EFF. I never thought about that. (2, Funny)

Volante3192 (953645) | more than 4 years ago | (#30920116)

I got that too when I used Lynx.

Your browser fingerprint appears to be unique among the 4,655 tested so far.

Re:Thanks EFF. I never thought about that. (1)

Talderas (1212466) | more than 4 years ago | (#30921152)

What I find disturbing is that its two categories which my browse is showing up unique in. Browser Plugins and System Fonts. It's the System Fonts uniqueness that has me perplexed.

Re:Thanks EFF. I never thought about that. (1)

FrankSchwab (675585) | more than 4 years ago | (#30920256)

I got:

"Your browser fingerprint appears to be unique among the 6,335 tested so far."

So, in the last 15 minutes, they appear to have had roughly 1000 new visitors.

Sounds like they're collecting some new information.

Re:Thanks EFF. I never thought about that. (1)

AnotherUsername (966110) | more than 4 years ago | (#30920810)

I got:
"Your browser fingerprint appears to be unique among the 11,342 tested so far."

Re:Thanks EFF. I never thought about that. (1)

RKThoadan (89437) | more than 4 years ago | (#30920822)

Chrome: Your browser fingerprint appears to be unique among the 10,511 tested so far.
IE6: Your browser fingerprint appears to be unique among the 11,542 tested so far.
Firefox: Your browser fingerprint appears to be unique among the 11,788 tested so far.

Boy do I feel special. I'm surprised IE6 came back unique. It looks like it was .NET's fault.

Re:Thanks EFF. I never thought about that. (1)

element-o.p. (939033) | more than 4 years ago | (#30920994)

My Gentoo box: "Your browser fingerprint appears to be unique among the 12,564 tested so far."

My Ubuntu box: "Your browser fingerprint appears to be unique among the 13,730 tested so far."

My Mac: "Your browser fingerprint appears to be unique among the 13,337 tested so far."

I didn't realize I was so unusual ;)

Re:Thanks EFF. I never thought about that. (1)

element-o.p. (939033) | more than 4 years ago | (#30921202)

Tried it again from a Windows Virtual Machine, and got..."Within our dataset of about ten thousand visitors, only one in 154 browsers have the same fingerprint as yours."

Go figure...Mozilla on WinXP is more anonymous than Mozilla on Gentoo or Ubuntu and more anonymous than Safari on Mac ;)

Shows who your true friends are. Thank Microsoft. (2, Informative)

Anonymous Coward | more than 4 years ago | (#30920586)

There is an option for privacy enhanced web browsing: IE compatibility test virtualization images. [microsoft.com] A very common OS packaged with a vanilla install of a very common browser, neatly resettable in a virtual machine. Thank you, Microsoft.

Re:Thanks EFF. I never thought about that. (1)

Fartypants (120104) | more than 4 years ago | (#30920614)

Well, the EFF gives a shout out to browserspy.dk for the font detection code and to breadcrumbs [isecpartners.com] for supercookie help, so I think it's safe to say those guys had thought of this idea. Good to see that the EFF is still relying on tried and true methods of tracking, though. The Panopticlick site drops a session ID cookie to track users.

I get this ... (1)

BlueTrin (683373) | more than 4 years ago | (#30919726)

Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'db' (4) in /www/panopticlick.eff.org/docs/config/db.inc.php on line 3

Warning: mysql_select_db() [function.mysql-select-db]: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /www/panopticlick.eff.org/docs/config/db.inc.php on line 4

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /www/panopticlick.eff.org/docs/config/db.inc.php on line 4

Has the site been just slashdotted ?

Re:I get this ... (2, Funny)

Sta7ic (819090) | more than 4 years ago | (#30919768)

Hey, more than I got. I hope the EFF can retrieve all the "research data" they're collecting from the servers that must be melting into slag...

Re:I get this ... (0)

Anonymous Coward | more than 4 years ago | (#30919890)

Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 173 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 191 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 238 Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 241

Re:I get this ... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30919892)

I'm going to send this link to my boss, now that MySQL has crapped its pants.

For the past few months we've been trying to get him to allow us to move some of our databases over to PostgreSQL, from Oracle. But he's been reading some white papers and crap like that about how MySQL is supposedly better.

As an experienced DBA, I know that isn't true by a longshot. And as the Slashdotting of this site shows, MySQL is an inferior database unable to handle real-world loads. Hopefully my boss will come to realize this, too.

Thanks, EFF. You may have just helped the world avoid another MySQL deployment.

Two data points... (3, Funny)

sabt-pestnu (967671) | more than 4 years ago | (#30919954)

By subtly changing where the errors occur (and which ones are reported), they can correlate your slashdot post with the attempted page fetch...

The site is down already? Thanks, MySQL. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30919748)


Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'db' (4) in /www/panopticlick.eff.org/docs/config/db.inc.php on line 3

Warning: mysql_select_db() [function.mysql-select-db]: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) in /www/panopticlick.eff.org/docs/config/db.inc.php on line 4

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /www/panopticlick.eff.org/docs/config/db.inc.php on line 4

Well, I suppose that's what you get for using a shitty database like MySQL.

Dell Default Image (1)

JohnHegarty (453016) | more than 4 years ago | (#30919766)

Unless you are one of the 100,000 using any particular Dell/HP/Apple default install on your pc.

2 ^ 10.5 is lost of combinations , but is bet there are lots of spikes on some.

Re:Dell Default Image (1)

petermgreen (876956) | more than 4 years ago | (#30920034)

Further a lot of the information is stuff that is likely to change over time with the installation of browser updates, OS updates, some new apps (if they bring fonts with them)

Though apparently my user agent ( "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)" ) is unique among those tested so far :/

Re:Dell Default Image (0)

Anonymous Coward | more than 4 years ago | (#30920070)

Ahh nice to know your user agent! It is will no longer be unique, since I just copied it.

Re:Dell Default Image (0)

Anonymous Coward | more than 4 years ago | (#30920858)

Not anymore, just updated my UA (thanks!).

Re:Dell Default Image (1)

clone53421 (1310749) | more than 4 years ago | (#30920978)

That’s what I figured, on my PC at work, but I was wrong. (When I get home, I’ll have to try it there.)

My fonts – the default ones installed on the PC – are shared by only 1 in about 3,200 visitors.

The IE user agent string, with its .NET information, said that only 1 in 4,200 browsers shares it.

Using the version of IE installed on the PC (version 7), my particular combination of Java, Flash, and WindowsMediaplayer was unique (amongst about 13,000 visitors so far).

Using Firefox, on the other hand, I share my user agent string with a whopping 4.2% of the visitors (about 1 in 25), although my browser plugins are still unique...

In fact, even my screen resolution (1600x900x32) is only shared by about 1 in 400 visitors. (Surprising, slightly, since the trend has been more and more toward using 16:9 displays.)

Slashdotted already... (0, Offtopic)

ThatFunkyMunki (908716) | more than 4 years ago | (#30919774)

You'd think that the EFF would know how to run a website that doesn't shit itself as soon as it hits slashdot...

in other news (4, Funny)

Lord Ender (156273) | more than 4 years ago | (#30919804)

Researches have found a way to track web sites based on the MySQL errors they produce when they're slashdotted.

Re:in other news (1)

kevin_j_morse (1282350) | more than 4 years ago | (#30919924)

And it only took 20 minutes...

Nice name (0, Offtopic)

hodet (620484) | more than 4 years ago | (#30919812)

Panoti, panoptip...panopticlick. Sounds like some 0.01 app available in a deb repository.

Panopticlick 0.01

Division by zero (0)

Anonymous Coward | more than 4 years ago | (#30919820)

>"Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /www/panopticlick.eff.org/docs/common.inc.php on line 163

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /www/panopticlick.eff.org/docs/common.inc.php on line 163

Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 173

Within our dataset of visitors, one in 0 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys INF bits of identifying information."

Now that's an unique fingerprint.

Re:Division by zero (0)

Anonymous Coward | more than 4 years ago | (#30919852)

Warning: Division by zero in /www/panopticlick.eff.org/docs/common.inc.php on line 173

OH SHI-

Wait... where's the kaboom? There was supposed to be an earth-shattering kaboom.

All bow before Taco (-1, Offtopic)

Gothmolly (148874) | more than 4 years ago | (#30919828)

The mighty webmeister, who invented looking at web server logs. Navel-gaze much?

LOL (3, Insightful)

C_Kode (102755) | more than 4 years ago | (#30919908)

The site says Only anonymous data will be collected by this site. Yet they are collecting data to see how un-anonymous you actually really are! :)

Re:LOL (1)

Amouth (879122) | more than 4 years ago | (#30920120)

which means we grab each part of the finger prints and see how unique they are to our data set BUT we don't keep them together with each other. if you notice they give a rating to you based on each of the areas and your over all is the highest unique..

Re:LOL (1)

clone53421 (1310749) | more than 4 years ago | (#30921104)

True... and since you can revisit the page to see your updated stats, and it remembers you’ve been there, I can only assume it uses a cookie (they could track via IP, but I wouldn’t consider that anonymous and I don’t think anyone else with any sense would either). Looking at my cookies, I have a PHPSESSID, so apparently that is how they’re avoiding double-counting.

It seems to me, though, that users without cookies would be re-counted every time they visited, or perhaps it would not count them at all, but just display the results without saving them.

Old news (0)

Anonymous Coward | more than 4 years ago | (#30919922)

This is nothing new. RSA has been using this to detect fraud for quite a while now.

Cookies, Plugins, User Agents, Timezone, Browser, detectable browser settings, etc.

They easily make up a very accurate fraud detection system.

Hmm (1)

Jonas Buyl (1425319) | more than 4 years ago | (#30919970)

I think nobody guessed anyone would care about visiting a website of a non-profit organization?

user agent guessing site (1)

allo (1728082) | more than 4 years ago | (#30919982)

http://laxu.de/useragent.php [laxu.de] test it ... a bit out of date (thinks arora is googlebot), but its still working good for the most common browsers.

Suggestion for more generic User Agent String (1)

Tekfactory (937086) | more than 4 years ago | (#30919994)

We are all V

or

We are all Zero

Choice will of course depend on if you are a V for Vendetta or Code Geass fan. It will aso decide which mask you should wear when the revolution comes.

We could also use;

Ninjas (should Ninjas be blank?)

Pirates

IPv6 will make this obsolete (3, Interesting)

Fanro (130986) | more than 4 years ago | (#30920050)

Once we get IPv6 everywhere, most ISPs will simply assign each user a fixed subnet, since that is so much easier and more efficient than keeping track of dynamic assignements. Same for large networks that currently use NAT.

So the vast mayority of users will have a unique non-changeable ID, making cookies or this kind of tracking obsolete.

Re:IPv6 will make this obsolete (1)

ericfitz (59316) | more than 4 years ago | (#30921076)

IP addresses (even IPv6) are addresses, not phone numbers. The address identifies the place where the packets are supposed to go, not the person to whom they're supposed to go.

IPv6 was designed to be hierarchical to address some of the shortcomings of the IPv4 allocation process, which requires backbone routers to maintain and exchange large routing lists.

Personal subnets won't be implemented because people move around; it's not to change the global routing infrastructure every time you go to work.

Now it might be the case that broadband ISPs assign networks to their customers; this would not happen with wireless or dial-up though. It's a reasonable assumption that the customer end of a broadband connection won't move geographically.

Re:IPv6 will make this obsolete (1)

Abcd1234 (188840) | more than 4 years ago | (#30921282)

Once we get IPv6 everywhere, most ISPs will simply assign each user a fixed subnet, since that is so much easier and more efficient than keeping track of dynamic assignements.

Not necessarily. Unless the user explicitly asks for a routable /48 or /56, I'll bet most ISPs just give each user a /64 and have them autoconfigure, in which case there's always the Privacy Extensions for Stateless Address Autoconfiguration [ietf.org] option.

Lynx apparently more popular than I thought (3, Informative)

Volante3192 (953645) | more than 4 years ago | (#30920054)

Browser Characteristic : User Agent
bits of identifying information : 11.09+
one in x browsers have this value : 2183
value : Lynx/2.8.5rel.1 libwww-FM/2.14FM SSL-MM/1.4.1 OpenSSL/0.9.7d-dev

(Course, i'm also two minor releases behind...but still, 1 per 2000 is more common than I would've guessed)

Re:Lynx apparently more popular than I thought (1)

Quince alPillan (677281) | more than 4 years ago | (#30920146)

Some Slashdotters browse Slashdot at work on Lynx because it looks like a terminal to the PHB walking by.

Re:Lynx apparently more popular than I thought (1)

greed (112493) | more than 4 years ago | (#30921014)

It also means we can browse over SSH to our home machines in case we want to check something that might be NSFW and don't want to risk any lag between "oops" and Cmd-W. I hate open concept offices.

Re:Lynx apparently more popular than I thought (1)

Volante3192 (953645) | more than 4 years ago | (#30920150)

Hrm...apparently I missed part of the page when I saw that. It's likely that there were only 2183 browsers cataloged at the time.

Oops. Mea culpa.

Re:Lynx apparently more popular than I thought (1)

Waynelson (1068550) | more than 4 years ago | (#30920186)

That might actually be their current data pool right now though. Try hitting it again and see if it cuts that number in half.

Re:Lynx apparently more popular than I thought (1)

Volante3192 (953645) | more than 4 years ago | (#30920290)

Yeah, looks like someone else has the same User Agent string (1 of 3309 now), and two others have the same HTTP ACCEPT headers (1 of 2206, 'text/html, text/plain, text/sgml, */*;q=0.01 gzip, compress en'), but I'm still unique out of 6618.

Reloading does cut the numbers in half (0)

Anonymous Coward | more than 4 years ago | (#30920354)

And further reloading is a good way to make your browser readings more popular and thus less unique ;-)

Woah fonts (0)

Anonymous Coward | more than 4 years ago | (#30920076)

As a graphic designer, suppressing the font list would help. Why is it even needed?

Re:Woah fonts (1)

Kazoo the Clown (644526) | more than 4 years ago | (#30921110)

As a graphic designer, suppressing the font list would help. Why is it even needed?

Or perhaps more interesting, can I somehow use a huge font list to mount a buffer overflow attack against such monitoring programs?

I'm unique! (1)

eddy (18759) | more than 4 years ago | (#30920096)

Woho!

"Your browser fingerprint appears to be unique among the 3,026 tested so far."

3026 is a super small sample though.

Re:I'm unique! (1)

eddy (18759) | more than 4 years ago | (#30920196)

Sample is growing fast. In the minutes since that post...

"Your browser fingerprint appears to be unique among the 5,747 tested so far."

Re:I'm unique! (1)

Maestro485 (1166937) | more than 4 years ago | (#30920512)

Me too, but it's up to 8223 in the half hour since you posted. The sample is growing pretty quick.

Re:I'm unique! (1)

backbyter (896397) | more than 4 years ago | (#30920928)

And I'm unique at 12,107!

Needs some more work. (1)

the_other_chewey (1119125) | more than 4 years ago | (#30920110)

It doesn't seem to work that well. I know for sure that my browser's UA string is globally unique - and am still
told that one in 4316 browsers will have that UA string.

Unique Browser (1)

RedTeflon (1695836) | more than 4 years ago | (#30920206)

Your browser fingerprint appears to be unique among the 5,465 tested so far.
Oh my browser is unique just like me.

I'm unique! Not so fast... (1)

cvtan (752695) | more than 4 years ago | (#30920214)

The web site says I am unique (well I knew that). I'm still running WIN7 RC.. Maybe I should change the ver to WIN98ME. Then I would be unique and certifiable.

Interestingly enough, (1)

Minwee (522556) | more than 4 years ago | (#30920220)

roughly one in five browsers has javascript disabled.

Then again, that's probably artificially high based on what circles this story has been circulating in.

I'm twice unique! (1)

chrysrobyn (106763) | more than 4 years ago | (#30920294)

My desktop environment is so far unique over 2,357 samples, and my iPod Touch is unique over 2,239 samples. Interesting. I know I have some interesting pieces to my desktop, but 1/2357 surprised me. My iPod Touch being unique, on the other hand, just tells me more about who they've sampled so far than about the uniqueness of the test.

Re:I'm twice unique! (0)

Anonymous Coward | more than 4 years ago | (#30920868)

Heh. My N900's user agent string occurs in 1 of 11304 cases, out of a sample of 11304.

Interestingly, my FF 3.5 on Win7 x64 user agent string is less usual than my two Ubuntu laptops, 1/60 for Win7 but only about 1/47 for Ubuntu. I guess that sort of thing happens when you get linked from Slashdot. Or everyone is using IE8 on Win7...

Plugin to thwart this? (1)

cormander (1273812) | more than 4 years ago | (#30920320)

Write a browser plug-in that randomly mangles these bits of information into to other valid values before passing them to the website, in known "good" combination. You'll start to look like other random people on each request.

Targeted advertisers - here I am! (1)

log0n (18224) | more than 4 years ago | (#30920324)

Your browser fingerprint appears to be unique among the 6,764 tested so far.

Tested (1)

Rikiji7 (1182159) | more than 4 years ago | (#30920348)

Your browser fingerprint appears to be unique among the 7,335 tested so far.

Fonts as identifier (0)

Anonymous Coward | more than 4 years ago | (#30920438)

Those people who have tons of fonts installed because they design logos and banners and stuff will have the most unique fingerprint of them all, because not all designers install the same font packs.

That and everyone who has a font of their handwriting on their computer, made with Fontifier or whatnot. They'll have unique fingerprints too, unless they distribute the font to friends or family.

I have my handwriting as a font. I'm going to be a unique browser fingerprint for as long as this test is carried out. I guarantee it.

UA strings put unnecessary stuff in them (1)

linebackn (131821) | more than 4 years ago | (#30920444)

I look at user agents from time to time, and it blows my mind how much stuff some programs are permitted to put in there. It seems like every toolbar, add-on, and browser re-branding these days wants to put itself in you user agent.

I wonder what the longest non-fake user agent is these days? I recall there was a problem a while back on the Mozillazine forums because it records user agent strings for support purposes, but only allocated so many characters. Thanks to some new toolbars and such some people couldn't post because their user agent string was to long.

I don't think people realize that what some programs can add to their user agent sting can potentially be a privacy issue.

Really, even with a most basic user agent string there is, arguably, still information that probably doesn't need to be there any more. Do web sites really need to know your specific Windows version? CPU Type? Rendering engine version? Browser minor revision? And what is with all the MS .Net verison info anyway? It just seems like a lot of detail.

HAHA - Does not mask out same IP so keep clicking (0)

Anonymous Coward | more than 4 years ago | (#30920448)

Each click halves the "uniqueness" so while I started as unique among the 2500 captures and 12.5 bits of id, after 10 clicks I was about 1 in 40 and about 5 bits.

Wrong summary (1)

trold (242154) | more than 4 years ago | (#30920460)

Revealing 10.5 bits of information about yourself will place you in one of roughly 1500 groups, not in a group of size 1500. With more than 1.5 billion internet users, you are "identified" as being in a group of 1 million.

Anyone NOT (1)

mrwolf007 (1116997) | more than 4 years ago | (#30920542)

unique so far?

Re:Anyone NOT (1)

Volante3192 (953645) | more than 4 years ago | (#30921074)

My FF3.6 at home is 1 of 262.

EFF's browser test isn't a browser test (1)

isa-kuruption (317695) | more than 4 years ago | (#30920606)

When I went to their site to find out how "unique" I was, the site launched a java applet. This isn't tracking browsers at this point, it's tracking JVM's too. If you're allowed to have the browser launch a third party application, then might as well launch an .exe that scours your hard drive and does an HTTP call back to the EFF.... at that point, might as well just say every system is unique.

Plugins List (1)

gknoy (899301) | more than 4 years ago | (#30920648)

I did not realize that my plugins list was the largest source of fingerprint data. I didn't even know it was listed.

I imagine many people use Opera at my screen resolution, but I'd be interested in seeing how many people shared my particular combo of data (aside from the plugins list).

NoScript (1)

mewsenews (251487) | more than 4 years ago | (#30920652)

With javascript disabled, they said my browser was 1 in 140.

With javascript enabled, they said my browser was unique among all browsers seen so far.

NoScript is so great.

Re:NoScript (1)

spune (715782) | more than 4 years ago | (#30921072)

Curious; when I have javascript enabled (NoScript off) I'm only 1 in 6000 but it gives me unique when it's disabled.

This is scary (2, Interesting)

whatajoke (1625715) | more than 4 years ago | (#30920660)

Your browser fingerprint appears to be unique among the 10,808 tested so far.
I just realised that the fact that I turn off all my plugins(and java) and have multiple languages enabled, probably gives a completely unique fingerprint to automated stalkers like google.

Fresh Install (0)

Anonymous Coward | more than 4 years ago | (#30920750)

Fresh install of Firefox for windows from getfirefox.com rendered me unique out of 9608. A fresh install in wine, that is.

Snowflake (0)

Anonymous Coward | more than 4 years ago | (#30921016)

Panopticlick says I am a unique snowflake, but here on slashdot, I'm just an AC.

Firesomething (1)

nevermore94 (789194) | more than 4 years ago | (#30921046)

Funny thing is, my browser is unique every time I go there, thanks to Firesomething.

Mr Taco (1)

Vlijmen Fileer (120268) | more than 4 years ago | (#30921070)

"I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others."

Mr Taco must have laughed the laugh of a naive person.

These people made a /statement/, /trading/ this little aspect of their privacy in the process. Seeing they were at least smart enough to see there is a thorny privacy issue with the user agent string, it's also logical to assume they were very much aware of this trade.

Ubuntu LiveCD (0)

Anonymous Coward | more than 4 years ago | (#30921180)

From the Ubuntu Live CD, I'm unique among 14998 people.

This is an unmodified Live CD running default everything.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?