Home

It seems my web browser is unique

This discussion is closed: you can't post new comments.
Thu, 2010-01-28 15:35 — Friedel

I read yesterday about Panopticlick which tries to determine how easily web users can be traced without the use of web cookies. It collects information sent by the browser in the HTTP protocol, and things that can be collected by means of JavaScript, Flash and Java. The website reports that my web browser is unique in the pool of browsers that visited Panopticlick.

The interesting/worrying thing is that most of the fields could identify uniquely me on their own. Nobody else uses the same language combination for HTTP's Accept-Lang (the list of languages that I prefer). Nobody else uses the same version of Firefox in Afrikaans on my Linux distribution.

I won't go into why this is good or bad, but it is interesting to know that if I had reason to not want to be identified, I can't use Firefox in Afrikaans any more, and I can't indicate my preferred language to web sites. I realise that plugins can probably improve the matter, but if this is seen as a danger, it is probably a danger for more people than the number of people who would know about NoScript or TorButton.

Should we perhaps think afresh about how much information is sent by web browsers? At least I now feel a little bit more special...

Comments

Thu, 2010-01-28 16:03 — danw (not verified)

It's partly that their

It's partly that their database isn't very full yet. I got the same "unique" response running Firefox in English on Fedora.

Thu, 2010-01-28 16:35 — oliver (not verified)

Hmm... clicking Test Me made

Hmm... clicking Test Me made Firefox hang (apparently the Java plugin froze the whole browser) and in Konqueror it stays at a Please wait... page. Well at least in Dillo it works; but so far it's not very impressive.

Thu, 2010-01-28 17:41 — Dmitrijs (not verified)

I call BS

It's very probability based. By changing anyone of those values I become "unique" again with no track connected to the previous record.

Thu, 2010-01-28 18:14 — patrix (not verified)

small sample

I got the same "unique" result. Given that they only have about 100'000 users in their database this is probably to be expected...

Fri, 2010-01-29 01:13 — Sidet (not verified)

Same story here(using Ubuntu

Same story here(using Ubuntu and Firefox). But I installed User Agent switcher addon for Firefox and changed it to IE6.0 then I was no longer so unique:-d Guess there will pop up a new add-ons soon that will deal with this.

Fri, 2010-01-29 09:18 — Anoniem (not verified)

Not surprised by the System

Not surprised by the System Font list being unique, it has a number of free software fonts in it that are unpackaged in Ubuntu, and one is quite obscure. I didn't know that list was available to any website though; one of the plugins? Java? MoonLight? Flash is blocked by FlashBlock.

Browser Plugin Details and HTTP_ACCEPT Headers (en, ja and nl are in there) are both unique for now, but I can see that changing. Still, 1 in 176,494 narrows it down quite a bit.

Fri, 2010-01-29 10:09 — tuXXX (not verified)

Anonymous

Yes, if you want to be anonymous, you have to be careful about the HTTP header sent, privoxy might help here.
In addition you will want to disable java and flash too, because they could send unneeded information without you knowing. I think that javascript should be disabled too, because the other end could guess your browser just by executing javascript.
Tor or an HTTP proxy might be useful in the end too, because a passive network fingerprinter like p0f could guess your OS if you're connected directly.

Thu, 2010-02-04 11:53 — Friedel

Re: Anonymous

I realise that improvements can be made to the headers, but my point is that I might need to select between getting websites in my preferred languages, or privacy. It is a rather raw deal.

Thu, 2010-02-04 08:25 — Anoniem (not verified)

It is quite shocking that any

It is quite shocking that any site one visits can snoop a list of visitor's fonts.

Having browser only send a generic list of available font types might improve things, but even that might not be enough.

There are instances where simply using certain fonts related to certain languages will enable oppressive regime new methods of targeted surveillance and spying, Tibetans (who have a unique language and script) under Chinese occupation being just one serious example.

Thu, 2010-02-04 11:43 — Friedel

Re: It is quite shocking that any

I agree. A way to improve things in terms of fonts, is to encourage more people to install basic support for all scripts in their systems. If I understand correctly, it has been a goal of the Fedora project that all scripts can be rendered out of the box (with extra fonts available, of course). This could improve things a little bit, but probably only a little bit.

Of course, if you happen to be a font designer...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.