Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Your browser is probably leaving behind fingerprints as you surf the Internet. Disabling cookies and deleting browsing history cannot prevent websites from identifying them. EFF has put up Panopticlick, where you can test how much identifying information your browser is sending out.
To open, view and use a website properly, you need to allow that website to access a lot of information about your computer’s configuration. When put together, this information can form a digital fingerprint of you that can be used to identify you and your computer. This technology is not new, and some many websites use it to remember users when they come back. By observing returning visitors, the EFF Panopticlick team can estimate how fast the browser fingerprints can change over time. They can determine the level of the privacy threat that the browser fingerprinting poses to the individual user. Then they can suggest methods to counter the fingerprinting to help users avoid being identified and profiled by websites. Anti-fingerprinting privacy technologies must be widely implemented to succeed, however, since being without a fingerprint can identify users if they are few.
The EFF is running an experiment called Panopticlick to find out how effective online tracking can be. Panopticlick is set up to log the version and configuration information of a user’s browser, operating system, and plug-ins. It then compares the information to their database of collected Internet user configurations. It can then tell how unique a person’s browser configuration is to give an idea of how easily identifiable that user might be. Users can test this for free on the Panopticlick website by voluntarily clicking on the Test Me button.
The experiment is being conducted to find out how far advertising and other companies can go with user tracking. The EFF is seeking volunteers to add their browser configurations to the database to help them evaluate the capabilities of Internet tracking. It will also help them to find out who are making serious efforts to develop ways to track and record users’ online activities. Most tracking and data mining methods are kept secret, and users usually are not aware when they are being tracked. The experiment can also help the EFF to predict the future of online tracking so that Internet users can protect themselves against invasive data mining activities.
The experiment may raise some eyebrows since it is also gathering user data. But the process is completely voluntary, and Panopticlick collects only anonymous data about the configuration of computers, operating systems, browsers and plugins. This kind of data may also form a fingerprint that could be combined with other information gathered about page requests and identifying details, but the EFF is strongly against this practice of tracking browsing habits and will not do so. The following is a list of the data that Panopticlick collects:
- User agent string from each browser
- HTTP ACCEPT headers sent by browser
- Screen resolution and color depth
- The timezone that the system is set to
- Browser extensions/plugins and versions installed in the browser
- Fonts installed, as reported by Flash or Java.
- Yes/No information on whether browser accepts cookies and “super cookies”
- Housekeeping information – Cookies, Encrypted IP addresses, Timestamps
What identifies a person is a combination of bits of data that are by themselves not identifying at all. Many companies get around privacy laws by collecting individual types of data that cannot be argued as being personally identifying information. This is how advertisers continue to practice data mining for marketing purposes. But when they put the data together, the profile that is created can to some degree identify a user. Therefore it is a privacy threat to that user when such data is collected and stored. This is where a VPN comes in. VPN technology is designed to secure user data and traffic. Combined with safe browsing habits, users can keep their online activities private to keep their data safe.
It is possible to figure out a user’s identity when bits of data are combined. There is a mathematical quantity that allows Panopticlick to measure what the chances are that a piece of data will reveal a user’s identity uniquely. Every new piece of data that is collected about a user exponentially increases the chance of identifying that user. About 33 bits of information are needed to identify a person. If you have tried the Test Me link and found your browser to be conveying close to 33 bits of data, your online privacy is in serious danger.
Disabling all cookies and deleting browsing history every few minutes makes web surfing a very irritating process. Not having cookies makes some websites malfunction, while other websites will insist that you accept cookies before you can use them. Just remembering to delete browsing history is an inconvenience that many are not willing to accept. The simple solution is to run a VPN to route all your data and traffic through a private tunnel and secure VPN server. This protects your data with encryption and shields your online activities from snoopers. This way, you do not give away more information than is needed for websites to render properly and preserve ease of use when your browse.
Web browsers collect data from IP addresses and tracking cookies, and they themselves have identifying characteristics. If a date of birth, zip code and gender can identify an individual, then these three pieces of data can identify the user as well. The User-Agent string of a browser contains its name, operating system and precise version number. This information is about 10.5 bits of information, and is sent every web server visited by the user. This data can already quite accurately differentiate users on the Internet since only about 1 in 1,500 other Internet users in the whole world will have the same User Agent string. With an IP to identify location and cookies to feed data about website activities, anyone would have more than enough to identify a user.
VPN servers give you an alternate IP address that cannot be connected to you. This eliminates the IP address from the equation to prevent access to that store of identifying information. Users can then take advantage of the simple function to connect to a different VPN server. This removes any association with the same websites when visiting them the next time around. If you have used the Panopticlick tool and found your browsing privacy to be lacking, consider signing up for a VPN service so you can stay safe online.