Opinion: There’s no such thing as anonymity on the internet

Posted on 3 Feb 2010 at 13:36

• 
• 

 1 of 2

Gallery

Even if you disable cookies, your browser could easily share enough information to give you a unique signature on the web. I've been testing the computers I use on the Electronic Frontier Foundation's Panopticlick website, which reports the identifying information your browser is sharing and compares it against data it has already collected from other users. So far, every system I've tested has been uniquely identifiable.

My browser and identifiable system configuration tend to be fairly distinctive. I use Firefox with a range of plug-ins, depending on what I use each PC for. I also use minority operating systems on most of my machines (usually either Windows 7 or various Linux distributions). All this information can be extracted by a site that contains code to query my browser.

In the screenshot above, you can see the information extracted from my browser. It’s apparently unique among the 544,493 users that have been tested to date.

This information can be used as an electronic fingerprint to uniquely identify my browser and, theoretically, track my online behaviour. In practice, although my system configuration is diverse enough to be unique, it lacks stability. If I install a new font or yet another browser plugin, my browser’s electronic fingerprint will change.

Currently, the least identifiable browsing configuration is a "non-rare" browser, such as the latest version of Firefox, without any plugins, on a modern version of Windows, with JavaScript disabled (JavaScript can be used to extract most of the kinds of identifying information we're looking at). Using TOR is another option, albeit one that slows down your browsing a great deal.

According to Panopticlick, "the only browsers which we believe really meet the conflicting criteria of being common but not accompanied by high-entropy plugin and font configurations are the browsers in smartphones". After all, there’s not much you can do to change the browser and system configuration on most phones.

The final suggestion for protecting your privacy requires the involvement of the people who make the browsers, by either removing or restricting the version information shared by your browser or by improving the "private browsing" modes already present in modern browsers.

Obscuring your system's browser fingerprint is a long way from being a primary security concern for most people, but Panopticlick sheds a light on one direction the future of online tracking could take. For my money, it's always worth knowing exactly how much information you're giving away.

Author: Kat Orphanides