'Browser' Fingerprinting

In my case, the result is:

"Your browser fingerprint appears to be unique among the 1,031,006 tested so far.”​

 

You do know lower is better?


Using the latest Firefox, Win7, en-us, no JS/Cookies in case you are interested. I think it's the most generic setup currently.

 

Yes, I know! I was just reporting my results....

According to Panopticlick, about 85% of browsers are “unique.”

 

Hi.
I am a bit confused, why would less be better. If i am unique 1 out of 1, than i can be pinpointed, but if i am same as 1000000 then i am "invisible" in the crowd. Or not? Please enlighten me

 

No, 1 in 1 would mean everyone got exactly the same fingerprint.
It either says: "only one in X browsers have the same fingerprint as yours" where a low X is better or you are "unique", which obviously is the worst result you can get.
To reword, what's better: To be unique in 100 or to be unique in a sample of 1000000?

 

While the issue of “browser fingerprinting” is serious, it’s wise to keep in mind that the statistics reported by Panopticlick are based on a sample of those browsers that have been tested which, proportionally, is quite small relative to the population of all browsers. So, even if Panopticlick reports that your “fingerprint” is unique within its dataset, it does not imply that the uniqueness would exist in the real world.

Additionally, I suspect that some of the information stored in Panopticlick’s dataset is already out-of-date. For example, it reports that my “Browser Plugin Details” are highly unique, but I suspect this is true only because the current versions of Flash and Silverlight that I am running were released very recently.

I anticipate that enterprising individuals and corporations will soon be providing anti-fingerprinting plugins for major browsers to combat this threat.

 

I still love the result that I got last month ...

"Within our dataset of visitors, one in 0 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys INF bits of identifying information."

 

Yes that's what we need. a anti-fingerprinting plugin for FF which randomizes
the finger print for each site we visit

 

Any advice how did you do that

 

I don't know. I suspect that I queried as they were taking the site offline, after their database server had been stopped.

 

What the heck are you using? Something from outer space?

 

Ubuntu 10.04 LTS

And FWIW, I believe that the result should have been ...

"Within our dataset of visitors, one in NULL browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys NULL bits of identifying information."

 

FYI -- I submitted this idea as a feature suggestion for Norton Internet Security 2011. We’ll need to wait and see if Symantec addresses the concern....

 

Given that the fingerprint is built on your browser's capabilities, if you change that fingerprint, you're changing how the webpage sees your browser's capabilities ... and suddenly webpages won't quite work the same way, or won't work the same way each time you visit the same page. The problem is with HTTP, not with the browsers.

 

However, it should be possible to reduce (but not eliminate) the efficacy of ‘browser fingerprinting’ by randomly altering the ordering of information that is reported (e.g., the sequence of installed fonts) and by eliminating the minor version numbers of installed pulgins (e.g., “Java 1.6” versus “Java 1.6.0.20”) that are reported. Additionally, one could suppress the reporting of uncommon fonts installed on the PC to reduce uniqueness. These steps shouldn’t change how a webpage is rendered.

If, for example, such tactics were implemented by Symantec across the 50+ million users of Norton, then the uniqueness of the ‘fingerprint’ of any one user may be reduced substantially. If other anti-malware vendors adopted and implemented similar procedures, then the impact would be further magnified.

 

I personally use a FireFox add-on, which 'disables' visited link styling.

See here:
https://addons.mozilla.org/en-US/firefox/addon/12312/

 

This has nothing to do with browser fingerprinting. Also Firefox will be the first one to fix this privacy issue, you soon won't need that ad-on anymore

Against browser fingerprinting there are a few useful ad-ons available for Firefox like NoScript, TorButton and one of the user agent switchers.
The only thing you have no control over are the "HTTP_ACCEPT Headers". If anyone got a solution for that, please share!

 

I use this:
1.
put "about:config" in the address bar.
find "network.http.sendRefererHeader" and change it to 0

2.
put "about:config" in the address bar.
find "general.useragent.override" string (or create one) and enter your value

p.s. Use private mode in FireFox and Noscript

Try it, give some feedback. It works for me :/

 

network.http.sendRefererHeader is something different again, setting it to 0 blocks sending the Referer (which tells sites where you are coming from). Enhances privacy but has no influence on the browser fingerprint.

With general.useragent.override you can change the user agent but as mentioned there are more userfriendly ways by using an extension that can store common user agents and switch between them at a press of a button.
It changes the fingerprint but as far as I see has no influence on the HTTP_ACCEPT.
I'm pretty sure that HTTP_ACCEPT is very browser specific so changing the user agent without changing HTTP_ACCEPT will raise a red flag, would make your fingerprint very suspicious and therefore would not make you less traceable unless everyone started spoofing their user agent.

So far the only way to really generate *uniquely different* fingerprints is to user different browsers. But if I could change the http accept header I could accurately and undetectably spoof any browser that can disable JS.

 

Symantec is hardly a very good security product, what we need is the idea submitted to the firefox team so as they can make an add on which randomizes the finger print.

Not true there is lots of information in the finger print which would have no effect on the rendering of webpages, like time on pc, screen resolution, OS etc, and anyway an addon could be made for FF which interprets the data sent by servers so as pages can be rendered properly.

This has nothing to with Finger printing

Like I say before in this thread you can block this and that with private mode, noscript and changing about config settings Unless it is randomized a Finger Print will still exist.

 

Will these do?

 

Well, the functionality is there. Now we just need a front-end for changing that quickly. It's not enough to just change your fingerprint once, you have to do so frequently. Going into about:config and typing all that manually is infeasible.

I think this would be a pretty easy task for any add-on writer (anyone here? ) Combine it with the user agent spoofing and add a button to toggle a randomised change.

Fixing JS fingerprinting on the other hand will be really hard if not impossible. Don't expect anyone to fix that anytime soon.