New EFF Project: Browser Fingerprinting

Discussion in 'privacy technology' started by LockBox, Jan 27, 2010.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I just tested.
     

    Attached Files:

  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is actually pretty scary. And the problem seems to be that "Browser Plugin Details" can be read from a site if JS is enabled. That alone gives a high enough entropy. And if we add the rest to the mix, the chances for an unique "identity" increase dramatically.
     
  4. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Not scary, just scar tactics. I see nothing here unique about my browser. I find it very hard to believe that I am unique out of the 51,150 tested.

    Yet "Your browser fingerprint appears to be unique among the 51,150 tested so far.

    Currently, we estimate that your browser has a fingerprint that conveys at least 15.64 bits of identifying information."

    Browser Characteristic - bits of identifying information - one in x browsers have this value - value
    User Agent - 14.06 - 17050 - Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.6) Gecko/20091216 Firefox/3.5.6
    HTTP_ACCEPT Headers - 3.33 - 10.09 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 ISO-8859-1,utf-8;q=0.7,*;q=0.7 gzip,deflate en-us,en;q=0.5
    Browser Plugin Details - 2.34 - 5.06 - no javascript
    Time Zone - 2.33 - 5.03 - no javascript
    Screen Size and Color Depth - 2.33 - 5.03 - no javascript
    System Fonts - 2.33 - 5.04 - no javascript
    Are Cookies Enabled? - 0.21 - 1.16 - Yes
    Limited supercookie test - 2.33 - 5.03 - no javascript
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Yet we add this information to yet another database to store for as however long as they deem necessary. I've always said that no matter what you do to prevent it, you can be tracked, I keep being proved right. Forgive my going off-topic, I just have hesitations when it comes to the EFF. Anyway, I am glad I found out about this, it's just more knowledge for me.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Interesting test...
     

    Attached Files:

  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    One of you care to retest? :D
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Still unique.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Your wish is my command. :)
     

    Attached Files:

  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    But it's not you!
    What were the odds anyway :D
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Why would you have reservations? They have done a world of good, especially in the courtrooms of the U.S.
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Last edited: Jan 27, 2010
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Because at times they have gone a little overboard in their claims and have done a little FUD-slinging. It's one thing to bring to light concerns regarding safety and privacy, it's another to "work up a scare", especially over the hypothetical and very unlikely issues. At the end of the day, the EFF is simply another special interest/advocacy group. And, as with all of these groups, they have their agenda. There's nothing wrong with that, but, again, just like any of these groups, if they can find an issue to push said agenda, they will.

    They are, I believe, a good enough, often well-intentioned group, but they are still a political group.
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Very interesting test.

    BOII = bits of identifying information


    Changed the User-Agent in FF to IE8 = 14.4 BOII

    ie8.png

    Via http://w2.hidemyass.com/index.php = 15.97 BOII

    hma.png

    Via http://anonymouse.org = 11.97 BOII

    anym.png

    The best result was Via http://anonymouse.org and it shows no User-Agent or headers either :thumb: If you keep on trying with the same configuration, i found you get slightly different results every time ?
     
  15. Sheldon7

    Sheldon7 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    73
    Guys can someone help explain what this actually means? Wouldn't having a greater number of browsers with the same fingerprint as me, make me less uniquely identifying?

     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That is correct.
     
  17. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Of course they are. Thank God!
    http://w2.eff.org/legal/cases/SJG/?f=eff_creation.html
     
  18. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    The more unique the less anonymous, the less unique the more anonymous - i.e. think of hiding a key on a keyboard in plain sight.

    The key question to ask is how do I spoof/modify my essential details to become less unique with regard to the browser I use. For example, would changing any strings in Firefox's about:config help to lessen the uniqueness, and what would those values be?

    -- Tom
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    There isn't enough data points yet for the results that the EFF browser test to be accurate. i would wait till you have about 3 million or so, so you can get a 1% population sample.
     
  20. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    From http://browserspy.dk/ We have always known about this finger printing.

    The time on your computer is also revealed. You can change that to make out that you are in a different country, It would throw any one trying to track you of course.
     
  21. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    What makes the EFF project interesting is the mathematical calculations to how "unique" your fingerprint is. It's quite complicated and goes beyond just gathering the information. We've known you can gather all this stuff for years, what we didn't realize was how "unique" each individual computer is with all of these variables compared in the aggregate.
     
  22. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Perhaps even more interesting is the question what we are going to do with this knowledge. The setback of all these Firefox pro-privacy, anti-tracking settings:
     
  23. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    'EFF's Panopticlick and Torbutton'- Tor Blog Post

    Of Interest:

    ‘EFF's Panopticlick and Torbutton’

    https://blog.torproject.org/blog/effs-panopticlick-and-torbutton

     
    Last edited: Jan 31, 2010
  24. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Iphantom strips out user agent too. But they are a U.S. company. And it looks like anonymouse is a European company. So they undoubtedly log too. I think it is interesting that instead of showing user agent, anonymouse put's their name there instead.

    I tried a DNS test with anonymouse and it would not let me connect.

    https://www.dns-oarc.net/oarc/services/dnsentropy

    It said that you have to pay for a VIP membership to access an encrypted connection.
     
  25. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
Loading...
Thread Status:
Not open for further replies.