Does Panopticlick Prove that Anonymous Browsing is Dead?

[Rob Williams]

Earlier today, we exposed the fact that it's unwise to be absolutely carefree while online, because if you upload anything that at all can put you in a poor light, you can bet that someone will find it. In the case of that news post, it could be an employer, and that can have obvious consequences. So with that in mind, are you looking to take the opposite route and cover up your tracks online as much as possible?

​

You can read the rest of our news post here.

 

[2Tired2Tango]

Did the test...

"Your browser fingerprint appears to be unique among the 458,041 tested so far."

Wow... now that's a surprise. Especially from a LAN you can't even ping from the internet...

Of particular interest, it seems my Font collection (600+) was accessed remotely... Now that I didn't expect. Why the heck would any website need to know what fonts I have installed????

 

[Tharic-Nar]

Of particular interest, it seems my Font collection (600+) was accessed remotely... Now that I didn't expect. Why the heck would any website need to know what fonts I have installed????

Quite simple.... Style. Some websites want their site to look a certain way - to be unique, and quite often that requires the use of specific fonts. Each font has a different tracking, kerning and leading distance (space between characters, space between words and space between lines), as well as base size, size '9' is not universal across all fonts. Cursive scripts require additional space, etc, when used and using images bloats the size of the site.

It's text reflow thats the problem, since it can distort the shape of a box ('div'), resulting in text going outside of a box, or reshaping it causing a knockon effect for the rest of the page. If you know what fonts are available, the site can tell the browser to use a specific font if available, rather than second guessing and using 'serif' which could be one of 1000 different fonts. Within CSS, you can specify the hierarchal order of what fonts to use, starting with the most preferred, then second, third, and so on until you have 'serif'/'sans-serif' at the end.



As for the test, both computers are unique...

"Currently, we estimate that your browser has a fingerprint that conveys at least 18.84 bits of identifying information."

Which is interesting as well, since i performed the same test on 2 different machines, with 2 different browsers, with 2 different setups, and they both come back with '18.84' bits of information, which is from the browser Plugin details. But, to be fair, half a million tests - while substantial, is only a small demographic compared to the near billions of internet devices. Also, this test is being promoted by technical news sites, so the large number of readers will probably have unique setup's anyway, mainly from browser plugins.

So if you want to be anonymous, be as generic as possible. Don't use browser plugin's, don't use the most up to date browser, don't use custom UI enhancements, etc. Best not to go online at all....

 

[Rob Williams]

Of particular interest, it seems my Font collection (600+) was accessed remotely... Now that I didn't expect. Why the heck would any website need to know what fonts I have installed????

Like Tharic-Nar said, it could be because some sites might like to know which fonts to display, but to be honest, I don't think that's a common thing at all. Most websites stick to fonts that are natively on all OSes, like Arial, Times, Verdana and so forth. So, I don't think a website in particular needs to know that, but the browser itself would, so that it would know what it can and can't display. But with regards to this exact test, it looks like that information could be used against us.

Which is interesting as well, since i performed the same test on 2 different machines, with 2 different browsers, with 2 different setups, and they both come back with '18.84' bits of information, which is from the browser Plugin details. But, to be fair, half a million tests - while substantial, is only a small demographic compared to the near billions of internet devices. Also, this test is being promoted by technical news sites, so the large number of readers will probably have unique setup's anyway, mainly from browser plugins.

Well, that doesn't really mean the test isn't that effective. It just means that both configurations had the exact same amount of identifiable data. For the record, mine was 18.91... I'm not sure what it was that made the number a bit higher. Also interesting is that when I run the test twice, it still tells me I'm unique. Perhaps it's using the IP address to make sure the test isn't run more than once, I'm not sure. I'd be interested in seeing the numbers of duplicates when this experiment is all done, though.

 

[Kougar]

Did the test...

"Your browser fingerprint appears to be unique among the 458,041 tested so far."

Wow... now that's a surprise. Especially from a LAN you can't even ping from the internet...

Of particular interest, it seems my Font collection (600+) was accessed remotely... Now that I didn't expect. Why the heck would any website need to know what fonts I have installed????

Actually, that sounds rather logical. If they queried how many fonts you had and you really have that many, then it would really help uniquely identify your browser. I'm sure plenty of others have as many fonts as you, but not all of them use the same browser at the same settings/resolution/OS/referrer info/whatever other info. Details like that quickly narrow down the scope which is what this site appears to do.

Just because I run 1920x1200x32 with Opera 10.1 means I'm already in a fairly small % of users, so I'm probably out of luck. Their sample size needs to be around 10 million before it could even be considered sufficient as a sample size to judge browser uniqueness, so far it isn't even at 1 million.