The Electronic Frontier Foundation (EFF) has just released the results of research which indicate that your browser creates a unique “browser fingerprint” which can be uniquely linked to you, thus creating a record of your browsing habits and where you’ve been on the Internet with your browser, even if you have cookies turned off in your browser. In fact, says the report, this non-cookie method for identifying users using their browser fingerprint with such browsers as IE and Firefox is effective as much as 94% of the time.
According to Peter Eckersley, the EFF’s lead researcher on the project, by looking at and putting together various pieces of information that most browsers give up when they are visiting a site – including, among other things, which browser and operating system (OS) you are using, which plugins you have installed, the time zone you’re in, and which fonts you have installed – enough data is available to generate what turns out to be a unique set of identifying data; unique to you that is.
Says Eckersley, “Even if you turn off cookies and you use a proxy to hide your IP address, you could still be tracked.”
(And this isn’t even getting into so-called “super cookies”, also known as Local Shared Objects (LSOs), and otherwise known as “Flash cookies”, so-named because they are a function of Adobe’s Flash. These insidious cookies don’t even show up in your cookie or other privacy settings – they are buried deep within your Adobe Flash settings, and accessible only (or at least only easily) by visiting a special page at Adobe – that page is here. {Interestingly, this is not one of the legion of reasons that Steve Jobs mentions in his letter explaining why he won’t allow Flash on the iPhone or iPad.})
Eckersley also cautions about being lulled into a false sense of security offered by a browser’s privacy mode. “They provide you with some protection against other people who may be in your house or who have access to your computer,” he says, “but they haven’t got to the point where they’ve provided protection against the companies that are profiling Web users.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
For those who wonder what all the fuss is about, Eckersley points out that “If someone can see what pages we’re going to, they know what we’re reading and what we’re thinking.”
In their research, Eckersley and his colleagues found that the average browser with Flash or Java enabled carried hidden in its recesses at least 18 pieces of identifying information which, when taken together, created a unique fingerprint for more than 94% of the browsers. And the results weren’t that much better for those browsers that did not have Flash or Java enabled.
Even among what the EFF calls their “privacy conscious sample”, they say that an astonishing 83.6% of the browsers seen had an instantaneously unique fingerprint!
And while browser fingerprints change over time – sometimes even quite quickly – the EFF says that “even a simple heuristic was usually able to guess when a fingerprint was an ‘upgraded’ version of a previously observed browser’s fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%.”
So what can you, as a privacy conscious web user do to avoid having your browser leave its fingerprints all over the Internet?
The EFF says that “a user seeking to avoid being followed around the Web must pass three tests. The first is tricky: find appropriate settings that allow sites to use cookies for necessary user interface features, but prevent other less welcome kinds of tracking. The second is harder: learn about all the kinds of supercookies, perhaps including some quite obscure types, and find ways to disable them.”
“Only a tiny minority of people will pass the first two tests,” says the EFF, “but those who do will be confronted by a third challenge: fingerprinting.”
There are some things you can do, however, to fully protect yourself against browser fingerprinting, says Eckerley. For example, their research found that using Firefox with the “NoScript safe browsing” extension installed and turned on rendered the browser unidentifiable (at least for a test machine running Windows XP). Also, says Eckerley, using the Tor online anonymity software, which works by “bouncing your communications around a distributed network of relays run by volunteers all around the world,” will also obscure your Internet fingerprints.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
