Your Browser May Be One In a Million

This week’s post is on a bit of a different note. It is about privacy. There have been lots of news reports about privacy recently, and this post is about web privacy.

In the past web advertisers have used browser cookies to enable browsers to display ads that they think are relevant to the viewer. For instance, I looked on Amazon at a set of cookware recently. I also looked at a single burner induction cooktop. Adds for cookware sets and induction cooktops now dominate the pages I visit. It seems the advertisers belong to a network that shares information about who has looked at what. They leave cookies on your browser so they know what ads to display to you.

Ads are necessary on today’s Internet. Most users expect free content, and just as there is no such thing as a free lunch, there is no free content. Some sites are powered by donation, some by grants from foundations or government agencies, some are marketing tools and some are funded by ads. I’m fine with that model. Some Internet users are not, however.

The users unhappy with ads sometimes block the ad network cookies, unsubscribe from the ad network or otherwise make the ads disappear. (To be fair, in many cases they just get general instead of targeted ads.) Unless they block the ads completely, I’m ok with that, too.

The users who don’t want to share their buying habits with marketers, however, are beginning to face a new technology, though: browser fingerprinting. It seems each browser/computer combination has characteristics that make it easy to identify. A site that will tell you a lot about your browser is http://www.alanwood.net/demos/browserinfo.html (As usual I’m not endorsing this site, I’m sharing it because it presents the information in a clear manner.)

The Electronic Frontier Foundation (eff.org) looked at around a million visits to its site and found 83.6% of the browsers seen had a unique fingerprint. That means that almost 87% could be individually identified. And they didn’t use cookies. When they looked at browsers with Flash or Java enabled (and face it, most people have at least one of those enabled), the uniqueness jumped to almost 95%. I am guessing that is close to what one would get if cookie tracking were used. You can see the details at the EFF site. The work was reported in 2010 and there is a more recent experiment described here.

The point is, your browser leaks information about its configuration and your computer’s configuration.  You may be able to block some of the information going out, but that will alter the fingerprint and maybe make you more identifiable. If you really want to hide, you might try a proxy of some sort. Those cause your traffic to go through another server so it appears to come from that server instead of your desktop. To learn more about browser fingerprinting, proxies and privacy in general, check out in Learning Tree Course 468, System and Network Security Introduction.

Browser fingerprinting has clearly been around for a few years and it’s likely to be around for more. It has even been suggested that as the technology improves it might be used as one factor in a multi-factor authentication scheme. What do you think about browser fingerprinting? Do you use some sort of scheme to make your browser seem less unique? Let us know in the comments below.

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.