Are You Being Fingerprinted Online? - Comments Page 2

Re: After I switched to private (or “incognito”) browsing mode . . . , taking Joe You went from 1 in 3M to 1 in 1.5M because you tested the same browser twice and Old Man the site showed it did place a cookie on the computer so multiple tests would not skew the overall figures. Deleting the cookie would render each test as unique, not a returning tester. together, did going incognito just hide the earlier cookie so that you were a second instance?

I got one in 48,000 right off the hop (I run no-script). I didn't much like it, so went looking for a very common user agent setting for Firefox. I found "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0" then made a new entry in about:config called "general.useragent.override" and set it to that. Now I'm down to 1 in 2,800. Still pretty identifiable, but better.

If I set it to a common IE useragent pages would display screwy. Now if only I could find a more common HTTP_ACCEPT Header and figure out how to set that.

I agree with your comments overall, but the pantoptickick numbers appear to be misleading - basedon their web site. Their "one in x browsers have this value" is just a binary translation of the number of bits in the message. So if there were just 2 bits x would be 4, for 3 bits x would be 8 and so on. However this assumes that data is randomly distributed - so it for the two bit example that there are equal numbers of 00, 01, 10, and 10. But suppose - for illustration only that all browsers returned "00" - in that case your anonymity would be complete, you would be indistinguishable from all other users.

Now the situation I describe as an example is not the case - but that is a far cry from assuming a truly random distribution. If in fact your signature is a common one then you are indistinguishable from a great many other people. So what the real numbers are is not at all revealed by the article or by the pantoptickick site test.

I tested it in 2 browser with vastly different number of plug-ins reported, 1 line against at least 50 lines of the plugin report. The test returned EXACTLY the number as to my uniqueness and the number of bits identifying me. This leads me to the conclusion that the browser does not enter into the calculation and that it is almost entirely based on screen resolution and installed fonts. Unless they do something else they are not telling us about, such as a calculated sum of hardware component IDs.

Since you can't have 15.38 bits in a message, clearly the N in "1 in N" is not computed from the length of a bit string. Rather, the #bits is computed log2 of N and presented as an effective number of bits of identifying information based on uniqueness.

Now I guess since the least unique configurations are known, the Gov't will have to start focusing on these, knowing that terrorists will do their best to make themselves anonymous. Non-unique, eh? That's very suspicious.

Thank you for the useful link, & the different way to look at the browser experience. I have always believed that regardless of what tool a user accesses the net with, he/she would invariably leave a trace of themselves wherever they chose to land. ;)

You posted a website address of https://panopticlick.eff.org. Once you click test, it provides the results and then runs an app on your computer without telling you. My settings and add-ons blocked it, but many people won't have the same security settings I do.