Search My Blog

Thursday, May 27, 2010

Majority Of Browsers Leave Fingerprints Online

Majority Of Browsers Leave Fingerprints Online

Mike Sachoff
Staff Writer

SecurityProNews: Insider Reports Insider Reports RSS Feed

The majority of web browsers have unique signatures that create identifiable "fingerprints" that could be used to track Internet users as they surf, according to new research from the Electronic Frontier Foundation (EFF).

The findings were the result of an experiment EFF conducted with volunteers who visited the EFF's Panopticlick website.

The website anonymously logged the configuration and version information from each participant's operating system, browser, and browser plug-ins -- information that websites routinely access each time you visit -- and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser "fingerprints." Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable.

"We took measures to keep participants in our experiment anonymous, but most sites don't do that," said EFF Senior Staff Technologist Peter Eckersley.

"In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are."

EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information a browser shares with the websites users visit. But overall, it is difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves.

"Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability," said Eckersely.

"We hope that browser developers will work to reduce these privacy risks in future versions of their code."

View All Articles by Mike Sachoff

Go there...


No comments: