Naked Security: Panopticlick reveals the cookie you can't delete

ATN-300InsightaaS: We often highlight pieces from Naked Security on Across the Net; over the past handful of months, we’ve drawn attention to posts on privacy disputes involving Facebook and Google, and on a Dutch student’s efforts to sell his online soul. That last example might be more humourous than frightening – but today’s featured post is much more serious. Here, Naked Security is covering a research project by the Electronic Frontier Foundation (EFF), which has acted as a public interest advocate on the Internet for many years (in the spirit of disclosure, we should note that we’re not just admirers of EFF, we’re members). The EFF launched an initiative to see if it was possible to update or replace tracking cookies with digital ‘fingerprints’ derived from your browser – and found that most individuals can be identified through their browser configurations.

The EFF project is called Panopticlick – a clear takeoff on ‘panopticon,’ the vision of a prison where a single watchman can observe all inmates developed by Jeremy Bentham in the late 18th century. Panopticlick uses browser ‘fingerprints’ – the combination of information your browser voluntarily hands over about itself when it opens a web page” – to attempt to identify a user independently of cookies. The Naked Serucity piece points out that most people “are using the latest versions of about five different browsers. With so little variation you might assume your browser is easily lost in the herd” – and then adds, “you couldn’t be more wrong.” The EFF initiative found that 83.6% of the 470,000 users it sampled had completely unique fingerprints, and the figure is even higher (94.2%) for browsers with Flash or Java enabled. With this information, firms can regenerate deleted cookies, or skip cookies altogether and track users via their browser confirmations. To make matters worse, the steps that users take to protect against traditional tracking methods make their browsers more unique, so as your trackability via cookies decreases, the distinctiveness of your browser fingerprint actually increases. In all, the article (and the EFF report it links to) contains very sobering news for the increasing numbers of users who would like to achieve a degree of online anonymity.

Cookies are an essential part of the way the web works and occupy a pivotal position in the online privacy arms race. Organisations who want to track and profile people give them cookies and users who don’t want to be tracked disable or delete them.

But what if there was a cookie you couldn’t delete, and what if the steps you took to guard your privacy made you easier to track?

That is the spectre raised by a report, authored by the Electronic Frontier Foundation (EFF), entitled How Unique is Your Web Browser?

The report uses data gathered by a tool called Panopticlick that determines how easy you are to identify based on your web browser’s ‘fingerprint’.

Uniqueness is important because organisations can only track people when they can tell one user from another…

Read the entire post: Link

Read the EFF report (19 pages): Link

Try the Panopticlick tool yourself: For the record, when I tried the tool, I was told that “your browser fingerprint appears to be unique among the 4,385,603 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 22.06 bits of identifying information.”


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.