Leaving fingerprints on the web

While I was researching a cookie-free diet for my websites I came across the idea of ‘browser fingerprinting’ which seemed have been a bit of a story last summer but one that completely passed me by.

According to the EFF disabling cookies only actually protects your privacy so far and that;

“When you visit a website, you are allowing that site to access a lot of information about your computer’s configuration. Combined, this information can create a kind of fingerprint — a signature that could be used to identify you and your computer.”

EFF setup a little web app to test just how unique your browser is at Panopticlick and have released a PDF report analysing the data in which they;

observe that the distribution of our fingerprint contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint.

However it turned out when I did the little test I ended up with the following results;

Your browser fingerprint appears to be unique among the 1,703,127 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys at least 20.7 bits of identifying information.

So my Chrome on a Mac with minimal ‘apps’ is a 1 in 1.7 million chance which probably means my use of Ghostery to block just about every cookie except Google Analytics and Piwik (I can’t complain about the lack of usage data for my own site and then block everyone else!) is actually nowhere near as effective in masking my interactions with the internet as maybe I thought!

To be honest I don’t really worry that much about these things – I live my life pretty openly online for better or worse – and am willing to a certain extent to ‘be the product‘ if it means getting services I use regularly for free (though many of them I would pay for in the right circumstances) but even I get twitchy when Ghostery shows me just how many tracking tools some sites use (match.com being the leader by far to date!) and so it is interesting to see where the next privacy battleground might be (with the EFF already offering ‘countermeasures’) while the Guardian already admit to using browser fingerprinting in their Privacy Policy.

%d bloggers like this: