EFF: Browsers can leave a unique trail on the Web

The Electronic Frontier Foundation has created an on-line tool that details the wealth of information a Web browser reveals, which can pose privacy concerns when used to profile users.

The EFF's Panopticlick tool takes just a few seconds to pluck out information that a Web browser divulges when visiting a Web site, such as a user's operating system, version numbers for plug-ins, system fonts and even screen size, color and depth.

Taken together, that information is a unique fingerprint for a particular PC, which could be used to repeatedly identify a particular visitor a Web site, the EFF said.

The EFF, which has campaigned against intrusive on-line advertising systems, warns that advertising companies are already using digital fingerprinting techniques, wrote Peter Eckersley, an EFF staff technologist, on the organization's blog.

"They develop these methods in secret, and don't always tell the world what they've found," Eckersley wrote. "But this experiment will give us more insight into the privacy risk posed by browser fingerprinting and help web users to protect themselves."

Panopticlick anonymously records a visitor's system configuration and then compares it to a database of five million other configurations. On Friday, the Panopticlick Web site said it had collected 188,394 browser fingerprints so far.

Users are mistaken if they think that merely disabling cookies -- small text files stored in browsers that allow Web sites to recognize repeat visitors among other functions -- will protect their privacy.

In a separate blog post, Eckersley wrote that the user-agent string of a browser reveals the computer's operating system, precise version number of the browser and kind of browser used. Only about one in 1,500 Web surfers have the same user-agent string, Eckersley wrote.

A user-agent string along isn't quite enough information to track somebody but "in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the user-agent string becomes a real privacy problem," Eckersley wrote.

To stay more anonymous, the EFF recommended using a common browser, such as the latest version of Firefox running a recent version of Microsoft's Windows operating system. Turning off JavaScript is another option, since that is how Web sites detect plugins and fonts, but that also can hamper how well Web sites work.

Another option is to use a mobile browser, the EFF said.

"Current versions of the iPhone, Android and Blackberries do not vary much with respect to plugins, installed fonts or screen size," the EFF said.

"This situation may well change in the future, but until it does, most of these devices are far less fingerprintable than any sort of desktop PC."

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark