Security Corner

Sep 8 2010   1:27AM GMT

Your Privacy is Bleeding onto the Internet

Ken Harthun Ken Harthun Profile: Ken Harthun

Privacy has been dead for a long time thanks to the Information Age. More personally-identifiable information than ever before is now accessible online through free and paid searches. The simple fact that most people post their intimate personal details on FaceBook, MySpace, Twitter, and other social networks contributes to the overall erosion of privacy. But, personally-identifiable information is only one aspect of the problem; perhaps an even bigger privacy threat is the leakage of machine-specific fingerprints that are used to track your online habits.

Beginning at the first part of 2010, the Electronic Frontier Foundation (EFF) initiated a study called Panopticlick designed to see if sufficient information could be gathered, irrespective of the use of cookies or other tracking methods, to uniquely identify machines on the Internet. The bad news is that yes, they could; the good news is that it’s not personally-identifiable information. You can read their full report, “How Secure is Your Browser?

I went to their research site and found that my browser was uniquely identifiable among more than 1.1 million others: “Your browser fingerprint appears to be unique among the 1,161,450 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 20.15 bits of identifying information.” What this means is that using the information listed below, my browsing habits can be tracked using only information gleaned from my browser’s interaction with web servers.

Steve Gibson of covered this research in minute detail in Security Now! Podcast Episode #264 last week and I highly suggest you listen to it. But, until you get a chance to do so, here is all the information you need to uniquely identify any machine on the Internet with amazing accuracy:

  • User agent
  • HTTP_ACCEPT headers
  • Browser plug-in details
  • Time Zone
  • Screen size and color depth
  • System fonts
  • Whether or not cookies are enabled
  • Supercookie (Flash cookies) test

Commercial services are already using this information to track your online habits–no matter how you try to block them–using technology to fingerprint your system, and they are building huge databases. While none of this information is tied to your personal identity, the profiles are nevertheless useful to advertisers who will use it to more accurately target web surfers with relevant marketing messages.

In the next post, I’ll detail what you can do about this (not much, unfortunately) and why, for now, you probably shouldn’t be too concerned.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: