May 17, 2010 | By Peter Eckersley

Is Every Browser Unique? Results Fom The Panopticlick Experiment

Today we are publishing a report of the statistical results from the Panopticlick experiment on web browser fingerprintability.

The results show that the overwhelming majority of Internet users could be uniquely fingerprinted and tracked using only the configuration and version information that their browsers make available to websites. These types of system information should be regarded as identifying, in much the same way that cookies, IP addresses, and supercookies are.

In our analysis of anonymized data from around half a million distinct browsers, 84% had unique configurations. Among browsers that had Flash or Java installed, 94% were unique, and only 1% had fingerprints that were seen more than twice. However, our experiment only studied a limited number of variables, and the companies that offer specialized fingerprinting services are likely to use a wider and therefore more powerful range of measurements.

While almost all browsers are uniquely fingerprintable, there were four special categories that were comparatively resistant to fingerprinting:

  1. Those with JavaScript disabled (possibly using a tool like NoScript)
  2. Those that use TorButton, which successfully anticipated and defended against many fingerprinting measurements.
  3. Mobile devices like Androids and iPhones (unfortunately, these devices tend not to have good interfaces for controlling cookies, and so may be trackable by that method)
  4. Corporate desktop machines that are precise clones of one another (Such systems appeared to constitute around 3-4% of the visitors to Panopticlick; unfortunately, there are some fingerprinting techniques like CPU clock skew measurement which would will work against these systems. commercial fingerprinting services employ those techniques).

Ultimately, browser developers will need to take the lead in defending their users against this particularly troublesome form of tracking. That won't be easy, but our article includes a number of recommendations about how to start.

These results will be presented at the Privacy Enhancing Technologies Symposium in July.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Come to EFF HQ on July 8 for a book talk with author of "Geek Heresy: Rescuing Social Change from the Cult of Tech" https://eff.org/r.i3fv

Jul 2 @ 4:57pm

EFF is turning 25! Here's the who, what, when, where, how, and—maybe most importantly—why of our celebration: https://eff.org/r.6dov

Jul 2 @ 4:51pm

After 28 years, the US is getting a new Librarian. @jessamyn lays out what to look for in the #nextloc: http://librarianofprogress.com/

Jul 2 @ 3:30pm
JavaScript license information