Browser Fingerprints Shatter Myth of Web Privacy

A new web tracking system called browser fingerprinting may offer a definitive answer to the question: Is it possible to identify you among the sea of unknown users on cyberspace?



The answer is yes, and contrary to popular belief, cookies-small pieces of information stored in browsers which allow websites to recognize repeat visits-are not the primary enemy but browser fingerprints. Browser fingerprinting is far more advanced and accurate than even the stealthiest super cookies, although web users are clueless about how this tracking system works.



Browser fingerprinting collects a large amount of information about a user's browser, such as plug-ins, system fonts, and screen resolution and operating system, among others. When taken separately, these details do not reveal much, but when combined with other data they form a unique digital fingerprint for a particular computer and user.



"If all I know about a person is their ZIP code, I don't know who they are. If all I know is their date of birth, I don't know who they are. If all I know is their gender, I don't know who they are. But it turns out that if I know these three things about a person, I could probably deduce their identity! Each of the facts is partially identifying," Peter Eckersley, a staff technologist of privacy advocacy group EFF, wrote on the company's blog.



Cookies work by helping a website remember a user's details like ID and password so these don't have to be re-entered. Unlike cookies which can be deleted or disabled so even a subsequent visit to the same website may seem like a first, browser fingerprints are hard to block because the details are collected using JavaScript. Also, browser fingerprints don't leave tracks, making it hard to identify which websites are using it.



To test how browser fingerprinting works, check out Panopticlick.eff.org. The Panopticlick tool shows the details a website collects from a user during a visit and determines how unique his browser fingerprints are. It records a user's system configuration and compares it to a database of millions of other configurations. It also reveals unique data like the user's typing patterns and speed.



Eckersley and his colleagues created the Panopticlick tool to see if there was any truth to reports that a particular website or group can zero in on a person's identity using browser fingerprinting.



Browser fingerprinting was originally developed for use in banks to help guard against fraud. Now, Scout Analytics, a web-based behavioral analytics group, offers the Panopticlick tool as a service to paid subscription websites



Can you escape from browser fingerprinting?



The EFF recommends several solutions to protect a user from having his browser fingerprinted. One of them is to use a common browser, like the latest version of Firefox; another is to disable JavaScript, although it may cause problems in accessing websites. Another option is to use the "less fingerprintable" mobile browser, like the current versions of the Blackberry, iPhone and Android.



Leonor Albino writes for Schooley Mitchell Telecom Consultants, North America's largest independent telecom consulting company. 888.311.6477