EFF Study: Most Browsers Leave Trackable Fingerprints Behind

by Sam Dean - May. 18, 2010Comments (0)

According to new research by the Electronic Frontier Foundation (EFF), your browser may be leaving identifiable fingerprints that could be used to track you activities online. Several months ago, the EFF announced an expiriment on the topic, involving volunteers who visited http://panopticlick.eff.org/. At the site, the EFF was able to collect a surprising amount of private information about browsers. Among several interesting findings, iPhone and Android browsers produced much lower levels of identifiable information than common desktop browsers, although they lacked good cookie-control features.

During the study, the Panopticlick web site anonymously logged configuration and version data from each participant's operating system, browser, and browser plug-ins, and compared that information to a database of configurations collected from almost a million other visitors. The study found that almost 84 percent of the configuration combinations were unique and identifiable. Browsers with Adobe Flash or Java plug-ins installed were 94 percent unique and trackable.

According to the EFF's whitepaper on the study:

"iPhone and Android browsers are significantly more uniform and harder to fingerprint than desktop browsers; for the time being, these smartphones do not have the variety of plugins seen on desktop systems. Sadly, iPhones and Androids lack good cookie control options like session-cookies-only or blacklists, so their users are eminently trackable by non-fingerprint means."

The EFF arrived at several recommendations for site administrators and browser makers as a result of the study. "Policymakers should start treating fingerprintable records as potentially personally identifiable, and set limits on the durations for which they can be associated with identities and sensitive logs like clickstreams and search terms," EFF researchers note. They also add this:

"The Tor project is noteworthy for already considering and designing against fingerprintability. Other software that purports to protect web surfers' privacy should do likewise, and we hope that the test site at panopticlick.eff.org may prove useful for this purpose. Browser developers should also consider what they can do to reduce fingerprintability, particularly at the JavaScript API level."

We've covered the open source Tor project extensively, as seen here, and it's worth looking into if you wish to maximize your privacy online. You can use it to browse completely anonymously on Android phones, and with desktop browsers. For more details on the EFF study's findings, check out the whitepaper.