Tracking Browsers Without Cookies Or IP Addresses? 265
Peter Eckersley writes "The EFF has launched a research project called Panopticlick, to determine whether seemingly innocuous browser configuration information (like User Agent strings, plugin versions and fonts) may create unique fingerprints that allow web users to be tracked, even if they limit or delete cookies. Preliminary results indicate that the User Agent string alone has 10.5 bits of entropy, which means that for a typical Internet user, only one in about 1,500 (2 ^ 10.5) others will share their User Agent string.
If you visit Panopticlick, you can get a reading of how rare or unique your browser configuration is, as well as helping EFF to collect better data about this problem and how best to defend against it." I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others.
Thanks EFF. I never thought about that. (Score:5, Funny)
Re:I get this ... (Score:3, Funny)
in other news (Score:5, Funny)
Researches have found a way to track web sites based on the MySQL errors they produce when they're slashdotted.
Re:Thanks EFF. I never thought about that. (Score:5, Funny)
Psh. Real trackers use emotional demographics to Identify their users.
By tracking the various mouse movements on the page, and every key that might be entered, and the timing it takes between movements or keypresses, I can analyze that persons emotional relationship towards my web page. Some people might be angry, and thus have more spelling mistakes in their rage, or some people might be tender, loving, and caring, caressing the page softly and gently with their mouse.
Everyone has different habits and express their feelings towards web pages in different ways. I can easily tell who is visitting my site based on how they are visitting my site.
Two data points... (Score:4, Funny)
By subtly changing where the errors occur (and which ones are reported), they can correlate your slashdot post with the attempted page fetch...
Re:Thanks EFF. I never thought about that. (Score:3, Funny)
I got that too when I used Lynx.
Your browser fingerprint appears to be unique among the 4,655 tested so far.
Re:Results and flash cookies (Score:5, Funny)
Using NoScript tells them plenty of information.
You are either:
1) Aware of the security risk on the internet so you disabled javascript
2) You suffer from Paranoid Schizophrenia and don't want them controlling things
3) You have a serious aversion to adds
So the adds they should show you would go something like this in a jpg or animated gif (that is not a standard banner size).
Do you want that extra protection that you just can't get on your own? You need more information on how addvertisements and security threats work. Fallow this link to make sure you are informed. They are still watching you.
Sometimes they don't have to track you to figure out your habits
Little Bobby Tables in User Agent String (Score:5, Funny)
Lets see whose tracking what :P
Somebody write a firefox plugin that changes "Fingerprints" to "DropDB" statements