Site icon The Mac Security Blog

You Are Your Web Browser

The Electronic Frontier Foundation has been doing an experiment. Their initial hypothesis was that if you examine certain elements that a web browser provides to websites, you may be able to find combinations of such data that are unique. This is called a “browser fingerprint.” They have been testing this on their Panoptclick web site. Just go to the site, click Test Me and you’ll see the results. As the site explains:

Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.

So what did we see? Our first test led to this result:

Your browser fingerprint appears to be unique among the 863,195 tested so far.

Then we tested with other browsers, on other Macs, and got essentially the same result.

The site looks at a number of common elements that your browser provides, such as a “User Agent” string, which tells which browser, its version, and the operating system; your time zone; your screen size and color depth; the browser plugins you have installed; and your system fonts. All of these can be combined to make a unique signature. And turning cookies off doesn’t prevent a site from getting this information.

So how could this be used? Any web site could keep track of individual users in this manner, without cookies, and in most cases the vast majority of users are indeed unique. In a press release, the EFF said that “several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities.” They point out that “Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability. We hope that browser developers will work to reduce these privacy risks in future versions of their code.”

So for now, there’s not a whole lot you can do. The EFF gives some tips as to how to prevent such fingerprinting, such as disabling JavaScript in your browser. But you may need JavaScript to surf many sites, so this isn’t an ideal solution. (In fact, disabling JavaScript means their test doesn’t work, so it’s impossible to find out if, indeed, it makes one less unique.)

Share this: