[NetBehaviour] Indiscrete web browsers assist de-anonymisation.

james morris james at jwm-art.net
Wed Feb 3 15:02:17 CET 2010

I decided to find out how unique my browser is.


The result is given along the lines of "only one in n browsers share an
identical fingerprint." The less n is, the better, the less unique and
thus more difficult to track your browser is.

After some quick tweaking of configuration I've got it down to only
"one in 136,738" with an identical fingerprint.

That's with javascript enabled.

Without javascript (disabled via "deny eff.org" in NoScript), only one
109,406 browsers have an identical fingerprint which is better, but...
more on javascript below.

Some alterations made my browser more unique, and over-simplifying the
user agent (via User Agent Switcher plugin) to "Mozilla/5.0 (X11; U;
Linux x86_64; en-GB; rv:" made my browser _unique_ amongst the
"547,245 tested so far".

I guess there's just not enough Debian users out there! It's a good job
it can't pick up more in-depth details about the operating system
environment I'm using, otherwise uniqueness across the millions is
practically guaranteed. Maybe browser uniqueness provides a case for
using Microsoft Windows!

Unfortunately there are very few sites which don't require javascript.
There are very few sites which don't require javascript to be enabled
for tracking/marketing/api/code/functionality from additional sites, to
be enabled so you can log in or view an embedded video or play a music
stream, etc (this is where NoScript can be a PITA).


On 3/2/2010, "marc garrett" <marc.garrett at furtherfield.org> wrote:

>Indiscrete web browsers assist de-anonymisation.
>A test on browser fingerprinting by the Electronic Frontier Foundation 
>(EFF) has shown how uniquely identifiable a user's browser is on the 
>web. What that test is unable to do is to identify individual users. 
>This, however, is the goal of an experiment by the International Secure 
>Systems Lab (Isec Lab). Originally founded by the Vienna University of 
>Technology (TUV), Isec Lab is now a collaborative venture between TUV, 
>Eurécom and the University of California in Santa Barbara. The test 
>makes use of Xing, a platform widely-used in Europe on which many 
>millions of users have published profiles.
>The test essentially exploits the fact that many Xing users are 
>identifiable by their membership of various groups. According to 
>Thorsten Holz, one of the researchers who designed the experiment, there 
>are very few people on any social network who belong to exactly the same 
>groups. A 'group fingerprint' could thus allow websites to identify 
>previously anonymous visitors.
>NetBehaviour mailing list
>NetBehaviour at netbehaviour.org

More information about the NetBehaviour mailing list