Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Electronic Frontier Foundation Java Security Your Rights Online

EFF Publishes Study On Browser Fingerprinting 80

Rubinstien writes "The Electronic Frontier Foundation investigated the degree to which modern web browsers are susceptible to 'device fingerprinting' via version and configuration information transmitted to websites. They implemented one possible algorithm, and collected data from a large sample of browsers visiting their Panopticlick test site, which we've discussed in the past. According to the PDF describing the study, browsers that supported Flash or Java on average supplied at least 18.8 bits of identifying information, and 94.2% of those browsers were uniquely identifiable in their sample. My own browser was uniquely identifiable from both the list of plugins and available fonts, among 1,557,962 browsers tested so far."
This discussion has been archived. No new comments can be posted.

EFF Publishes Study On Browser Fingerprinting

Comments Filter:
  • by AlexiaDeath ( 1616055 ) on Friday June 03, 2011 @08:59AM (#36330102)
    I visited that site several times with the same browser over several weeks, each time it was unique. Some plugin had updated, some font had been installed... So for tracking me it would be totally useless. The uniqueness it identifies is only valid for a session or two.
  • by mattdm ( 1931 ) on Friday June 03, 2011 @09:03AM (#36330124) Homepage

    "18.8" doesn't sound like a big number, until you consider what it stands for. Each bit of information halves your uniqueness. That means that you can be picked out of a crowd of 2^18.8 people -- 456,419. With an estimated two billion people on the internet today, that means you're down to being one in 4500. That's about the same as saying "My name is Matthew Miller and I live in the United States." Not particularly private!

    Another way to think of it is this: those two billion people represent 31 bits of uniqueness. Every bit of information revealed knocks off some of that. When you're down to one, you're positively identified. Your web browser is giving up at least 18.8 of those thirty for nothing, leaving you with just about 12.

  • Re:Winning (Score:5, Interesting)

    by CastrTroy ( 595695 ) on Friday June 03, 2011 @09:12AM (#36330204) Homepage
    I've always wondered about this stuff. If you're one of the 6 people on the internet who care about this stuff, and therefore block all their fingerprint methods, doesn't that make you somewhat unique? Wouldn't it make more sense to return a random list of fonts, a random user agent, and randomize all the other information they are fingerprinting you with to make it seem like you're a different person every time, rather than being one of only 6 people who have a very simple UserAgent string, with no extra stuff tacked on the end?

"I shall expect a chemical cure for psychopathic behavior by 10 A.M. tomorrow, or I'll have your guts for spaghetti." -- a comic panel by Cotham