Ubuntu-gr Forum

έγραψε:
Your Browser’s ‘Fingerprint’ Could Be Used to Track You Across the Web
As a study by EFF has shown

The Electronic Frontier Foundation EFF has revealed the results of an interesting study regarding online privacy. While most people seem concerned with sites like Facebook or Google amassing too much private information or making it too public, it looks like a user’s browser can be as much of a risk to privacy as anything else. The study found that 84 percent of the participants were fully identifiable based solely on their browser, plugin configurations and the limited data provided by web browsers.

Volunteers in the study were asked to visit a site set up by EFF. The site would then log the operating system, browser, and browser plug-ins of each visitor creating a profile. This data is freely provided by most browsers as it enables sites to adapt to the user’s software and hardware configuration. The assumption here is that these tidbits of data are harmless and should be safe to share. After all, a lot of people are going to have the same Firefox version you have or the same screen resolution.

It turns out though that by aggregating all the data made available, a unique profile of the user could be created in 84 percent of cases. What’s more, for those with the Adobe Flash or Java runtime plugins installed, the percentage rose to 94 percent. And we’re talking about a sample size of close to a million visitors. You can take the test yourself and find out if the data your browser provides can make you identifiable. It most cases, the answer will be yes.

"We took measures to keep participants in our experiment anonymous, but most sites don't do that," EFF Senior Staff Technologist Peter Eckersley said. "In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are."

It’s not time to start panicking just yet, but it is food for thought. What’s more, the EFF says these kinds of methods may already be used in the wild. At this point, the threat is largely hypothetical. Scripts to log and store this data would have to be deployed across a number of sites before this approach would be a viable tracking system. But if it were to happen, users today would have little means of protecting their privacy and concealing the data shared.

πηγή:Softpedia

έγραψε:
Is Every Browser Unique? Results Fom The Panopticlick Experiment

Today we are publishing a report of the statistical results from the Panopticlick experiment on web browser fingerprintability.

The results show that the overwhelming majority of Internet users could be uniquely fingerprinted and tracked using only the configuration and version information that their browsers make available to websites. These types of system information should be regarded as identifying, in much the same way that cookies, IP addresses, and supercookies are.

In our analysis of anonymized data from around half a million distinct browsers, 84% had unique configurations. Among browsers that had Flash or Java installed, 94% were unique, and only 1% had fingerprints that were seen more than twice. However, our experiment only studied a limited number of variables, and the companies that offer specialized fingerprinting services are likely to use a wider and therefore more powerful range of measurements.

While almost all browsers are uniquely fingerprintable, there were four special categories that were comparatively resistant to fingerprinting:

1. Those with JavaScript disabled (possibly using a tool like NoScript)
2. Those that use TorButton, which successfully anticipated and defended against many fingerprinting measurements.
3. Mobile devices like Androids and iPhones (unfortunately, these devices tend not to have good interfaces for controlling cookies, and so may be trackable by that method)
4. Corporate desktop machines that are precise clones of one another (Such systems appeared to constitute around 3-4% of the visitors to Panopticlick; unfortunately, there are some fingerprinting techniques like CPU clock skew measurement which would will work against these systems. commercial fingerprinting services employ those techniques).

Ultimately, browser developers will need to take the lead in defending their users against this particularly troublesome form of tracking. That won't be easy, but our article includes a number of recommendations about how to start.

πηγή:eff.org