First published: 22nd May 2010
Research by the Electronic Freedom Frontier (EFF) has shown that most web browsers are uniquely identifiable, leading to serious privacy concerns. The EFF used a test website to collect configuration information from 470,161 visiting browsers, and found that 84% of the configurations were unique.
The data collected was grouped in eight categories:
- User Agent
- HTTP ACCEPT headers
- Cookies enabled?
- Screen resolution
- Timezone
- Browser plugins, plugin versions and MIME types
- System fonts
- Partial supercookie test
This is just one possible method of fingerprinting a browser, and the EFF suggested that commercial companies are already using these and other methods to track users across multiple websites. Paradoxically, some supposedly "privacy enhancing" tools, such as Privoxy and Browzar are ineffective or counter-productive. However, TorButton and NoScript reduced fi ngerprintability.
Browser fingerprinting techniques could also be used in investigations to link a particular browser (and, by implication, the user of that browser) to an incident or crime, but the techniques cannot be expected to produce forensically strong evidence. Browser fingerprints do not stay constant, any change to plugins, fonts or other settings could affect them. Also, some potential fingerprint parameters could be strongly linked to each other, and the location of the incident, for example, timezone and system fonts - many browsers in Hong Kong could be expected to have Chinese fonts, and a GMT+08:00 timezone.