|
|
|
|
|
|
| Search | ||||||||||||
| Vulnerabilities Alerts | ||||||||||||
|
||||||||||||
| IT Directory | ||||||||||||
|
||||||||||||
 | |
|
2010-05-18 17:35:24 | |
| An Electronic Frontier Foundation study shows that user privacy may be at risk as Web browsers generate unique fingerprints in 84% of cases. | |
|
Back in January we wrote an article about Panopticlick, a project by the Electronic Frontier Foundation (EFF). They yesterday published the statistical results of the experiment in a report showing that "the overwhelming majority of Internet users could be uniquely fingerprinted and tracked using only the configuration and version information that their browsers make available to websites."
Panopticlick is an online tool which users can choose to run to allow it to gather information about their browser and their operating system in a database. The tool then compares this information to the the rest of the data and determines the uniqueness of the user's browser. After analyzing the data recovered from around half a million unique browser scans, EFF determined that 84% of these browsers had unique configurations. This number rises to 94% for those who have Flash or Java installed, with only 1% of browsers having a configuration with more than two occurrences. EFF admits that the data they gathered with this study is not especially representative of global trends, as users who visited the Web page and run the tool are likely to be people who are concerned by online security and privacy, instead of varied types of users. But the analyzed browsers may have tools blocking cookies and other such applications or add-ons that would help leaving less traces online, so realistic conditions may show even more traceable browsers. However, EFF's study also shows an interesting paradox as "technologies intended to enhance user privacy turn out to make fingerprinting easier." Actually, the report says "many kinds of measures to make a device harder to fingerprint are themselves distinctive unless a lot of other people also take them." Some measures are in fact quite effective, though. EFF has identified three groups of browsers which have been found to be "comparatively resistant to fingerprinting:"
The problem is commercial fingerprinting solutions usually employ such techniques, rendering them highly effective. In conclusion to its report, the Electronic Frontier Foundation is concerned that since fingerprinting seems so effective, "there are implications both for privacy policy and technical design." They claim "policymakers should start treating fingerprintable records as potentially personally identifiable, and set limits on the durations for which they can be associated with identities and sensitive logs like clickstreams and search terms." After all, if one's browser is being detected as being absolutely unique, this information could be much more useful to a third party than knowing that this particular user is one of the thousands of "John Smith" in the world. And there are laws protecting such personally identifiable information. | |
Reference 1: http://www.net-security.org/secworld.php?id=9303
Reference 3: https://panopticlick.eff.org/browser-uniqueness.pdf
No comment on this post.