Browsing the internet and privacy

olive · 2011-11-01 13:18:03

An article in the New Scientist tell that the browser send a lot of information to the server:

Fonts installed
Screen size
Language settings
Operating system
Browser plugins
etc...

and that all this informations combined can uniquely identify a user with more than 95% success rate.

I am not that familiar with http protocol. I was aware that the browser send the user agent string, but not the fonts, screen size, etc.. How the browser send this information? Is it possible to configure Firefox to not send this information (or the least possible to be able to browse the web reliably).

bratmaxe · 2011-11-01 13:43:51

Fonts and screen resolution depend on javascript, so disabling javascript (in firefox with the noscript addon for example) prevents pages from getting those informations. The test on this site https://panopticlick.eff.org/ shows most of the information you currently leak into the web.

WorMzy · 2011-11-01 13:56:37

That's an interesting test. Without Javascript enabled, only one in 16,547 browsers have the same fingerprint as mine. With javascript enabled, my browser fingerprint is unique.

Just another reason to use NoScript, I guess.

Leonid.I · 2011-11-01 15:52:38

olive wrote:

An article in the New Scientist tell that the browser send a lot of information to the server:
Fonts installed
Screen size
Language settings
Operating system
Browser plugins
etc...
and that all this informations combined can uniquely identify a user with more than 95% success rate.
I am not that familiar with http protocol. I was aware that the browser send the user agent string, but not the fonts, screen size, etc.. How the browser send this information? Is it possible to configure Firefox to not send this information (or the least possible to be able to browse the web reliably).

I maybe missing the point, but where is the privacy problem here?

Some creeeepy websites need browser info to correctly display their content. For instance, facebook.com will not even load with xlinks, but if make xlinks appear as Mozilla, all is OK.

Lang settings and screen size are useful too, especially if you read multilingual websites.

OS -- so the website will receive a string like "3.0-ARCH", big deal.

The only real problem I see are the plugins, but if you have particularly badly written ones, you should remove them in the first place.

Gusar · 2011-11-01 16:00:19

Leonid.I wrote:

I maybe missing the point, but where is the privacy problem here?

The point is that if your browser's fingerprint is unique, someone could use that to track you.

If you're that paranoid though, I have the perfect solution: Don't go online.

Army · 2011-11-01 22:36:03

Gusar wrote:

Don't go online.

+1

fukawi2 · 2011-11-01 22:40:49

Gusar wrote:

Leonid.I wrote:
I maybe missing the point, but where is the privacy problem here?
The point is that if your browser's fingerprint is unique, someone could use that to track you.

Nothing personal to anyone, but you are not that interesting. The government holds much more personal and private information about you than what fonts you have installed and your screen resolution.

Gusar · 2011-11-01 23:02:45

fukawi2 wrote:

Nothing personal to anyone, but you are not that interesting. The government holds much more personal and private information about you than what fonts you have installed and your screen resolution.

It's not about the fonts or screen resolution. It's that these, when taken together, form a fingerprint. Using that fingerprint, they could track which websites you've been visiting.

jasonwryan · 2011-11-01 23:14:06

Gusar wrote:

fukawi2 wrote:
Nothing personal to anyone, but you are not that interesting. The government holds much more personal and private information about you than what fonts you have installed and your screen resolution.
It's not about the fonts or screen resolution. It's that these, when taken together, form a fingerprint. Using that fingerprint, they could track which websites you've been visiting.

While I don't disagree, I am unclear on who "they" are...

My experience of bureacracies is that they have enough trouble trying to adequately track their users across their own website, let alone any others.

Gusar · 2011-11-01 23:19:01

jasonwryan wrote:

While I don't disagree, I am unclear on who "they" are...

If you're a paranoid loon, "they"s are everywhere

Ogion · 2011-11-01 23:24:18

Google is a pretty specific and, one might argue, competent 'they'…

Ogion

Meyithi · 2011-11-01 23:38:53

Ogion wrote:

Google is a pretty specific and, one might argue, competent 'they'…
Ogion

And what are they going to do? Kidnap you in your sleep and replace you with a clone?

Ogion · 2011-11-02 00:01:20

Yea, and the clone will be less lazy than i too

Anyway, i think both positions, making it out as a terrible thing and calling it completely harmless, are seeing it too easy.
It's not going to give me cancer, yet i also by principle don't think it's anyone's business to track my browsing habits. And that has nothing to do with "i've got nothing to hide". I also wouldn't want to be filmed sitting on the toilet or some such. People who know they're 'being watched' will behave differently subconsciously or consciously, and not always in a good way. (I mean it's psychologically not very healthy)

Ogion

Last edited by Ogion (2011-11-02 00:02:27)

fukawi2 · 2011-11-02 03:19:09

Gusar wrote:

fukawi2 wrote:
Nothing personal to anyone, but you are not that interesting. The government holds much more personal and private information about you than what fonts you have installed and your screen resolution.
It's not about the fonts or screen resolution. It's that these, when taken together, form a fingerprint. Using that fingerprint, they could track which websites you've been visiting.

I'm sure a "fingerprint" of individuals could be determined by a detailed analysis of sewerage, but we don't guard our waste under lock & key

jasonwryan · 2011-11-02 03:40:03

fukawi2 wrote:

Gusar wrote:
fukawi2 wrote:
Nothing personal to anyone, but you are not that interesting. The government holds much more personal and private information about you than what fonts you have installed and your screen resolution.
It's not about the fonts or screen resolution. It's that these, when taken together, form a fingerprint. Using that fingerprint, they could track which websites you've been visiting.
I'm sure a "fingerprint" of individuals could be determined by a detailed analysis of sewerage...

The horror. The horror...

Blµb · 2011-11-02 09:21:27

Whaa, I'm unique because of my browser string and http-accept headers? Am I the only one using a manually compiled SELinux sandboxed chromium of this very development revision I chose to build it at?
1 in 45953.28 use that browser string, and I have javascript disabled.
Headers... 1 in 1838131 o.O

Kinda funny...

EDIT: Oh... it sends my locales in the accept header... now THAT might explain it... nobody on this earth has english, german and japanese locales it seems

Last edited by Blµb (2011-11-02 09:26:40)

olive · 2011-11-02 09:49:40

Leonid.I wrote:

olive wrote:
An article in the New Scientist tell that the browser send a lot of information to the server:
Fonts installed
Screen size
Language settings
Operating system
Browser plugins
etc...
and that all this informations combined can uniquely identify a user with more than 95% success rate.
I am not that familiar with http protocol. I was aware that the browser send the user agent string, but not the fonts, screen size, etc.. How the browser send this information? Is it possible to configure Firefox to not send this information (or the least possible to be able to browse the web reliably).
I maybe missing the point, but where is the privacy problem here?

The problem is that it can be used to track which website I visit. Google could (I do not say it actually do but it could) know a lot about me. It would not be difficult to link these informations to my real name (with a Gmail account or an amazon count or my IP address with the collaboration of my ISP or whatever where you have left your real name somewhere) and know a lot about me.

lolilolicon · 2011-11-02 09:54:54

I'm browsing your privacy, Internet!

nomilieu · 2011-11-02 13:18:43

The worst that might happen is you get targeted advertisements.

sakisds · 2011-11-02 13:21:17

Blµb wrote:

Whaa, I'm unique because of my browser string and http-accept headers? Am I the only one using a manually compiled SELinux sandboxed chromium of this very development revision I chose to build it at?
1 in 45953.28 use that browser string, and I have javascript disabled.
Headers... 1 in 1838131 o.O
Kinda funny...
EDIT: Oh... it sends my locales in the accept header... now THAT might explain it... nobody on this earth has english, german and japanese locales it seems

I am close, english, greek and japanese locales. And yes, you might be the only one who is using a manually compiled sandboxed chromium of that specific revision.

On the subject, while I am relevantly more paranoid than other people, disabling plugins and javascript on unknown websites seems the best option for me.
Sure, they might track me and give me better targeted adverts but I don't really care anyway.

Leonid.I · 2011-11-02 14:41:20

Blµb wrote:

Whaa, I'm unique because of my browser string and http-accept headers? Am I the only one using a manually compiled SELinux sandboxed chromium of this very development revision I chose to build it at?
1 in 45953.28 use that browser string, and I have javascript disabled.
Headers... 1 in 1838131 o.O
Kinda funny...
EDIT: Oh... it sends my locales in the accept header... now THAT might explain it... nobody on this earth has english, german and japanese locales it seems

Custom compiled SELinux, chromium sandbox -- is is linux-selinux from AUR?

When I went to that EFF website my browser (links) was identified as unique per 2 mil based on the fact that I have an en_US locale and the OS is 3.0-ARCH.

This is total bogus IMHO and these EFF people are even worse than greenpeace.

fsckd · 2011-11-02 17:47:15

I wouldn't dismiss it so badly. This is a pretty good demonstration and opens new tactics for anonymization. Ironically, the sort of websites that would track me are the ones I give a username to.

nomilieu · 2011-11-02 18:16:15

Leonid.I wrote:

When I went to that EFF website my browser (links) was identified as unique per 2 mil based on the fact that I have an en_US locale and the OS is 3.0-ARCH.

That's because no one bothers to visit that website using links.

Leonid.I · 2011-11-02 19:53:44

So basically, in order to be completely anonymous, we all have to use IE?

What bothers me about this whole bussiness is that while FOSS has an advantage of public disclosure of security and privacy issues, some people seem to use this publicity to create stupid noise. Of course, you can study the influence of the sea-level on the average CPU temperature in all computers in US (total nonsense clearly), but now these studies attract attention. I mean, noone runs campaigns against car plates, but following the same logic those also constitute privacy concern. And then all the cars should have the same brand and color too...

fukawi2 · 2011-11-02 22:17:07

lolilolicon wrote:

I'm browsing your privacy, Internet!

That has to be a new tagline for someone, somewhere....

Arch Linux

#1 2011-11-01 13:18:03

Browsing the internet and privacy

#2 2011-11-01 13:43:51

Re: Browsing the internet and privacy

#3 2011-11-01 13:56:37

Re: Browsing the internet and privacy

#4 2011-11-01 15:52:38

Re: Browsing the internet and privacy

#5 2011-11-01 16:00:19

Re: Browsing the internet and privacy

#6 2011-11-01 22:36:03

Re: Browsing the internet and privacy

#7 2011-11-01 22:40:49

Re: Browsing the internet and privacy

#8 2011-11-01 23:02:45

Re: Browsing the internet and privacy

#9 2011-11-01 23:14:06

Re: Browsing the internet and privacy

#10 2011-11-01 23:19:01

Re: Browsing the internet and privacy

#11 2011-11-01 23:24:18

Re: Browsing the internet and privacy

#12 2011-11-01 23:38:53

Re: Browsing the internet and privacy

#13 2011-11-02 00:01:20

Re: Browsing the internet and privacy

#14 2011-11-02 03:19:09

Re: Browsing the internet and privacy

#15 2011-11-02 03:40:03

Re: Browsing the internet and privacy

#16 2011-11-02 09:21:27

Re: Browsing the internet and privacy

#17 2011-11-02 09:49:40

Re: Browsing the internet and privacy

#18 2011-11-02 09:54:54

Re: Browsing the internet and privacy

#19 2011-11-02 13:18:43

Re: Browsing the internet and privacy

#20 2011-11-02 13:21:17

Re: Browsing the internet and privacy

#21 2011-11-02 14:41:20

Re: Browsing the internet and privacy

#22 2011-11-02 17:47:15

Re: Browsing the internet and privacy

#23 2011-11-02 18:16:15

Re: Browsing the internet and privacy

#24 2011-11-02 19:53:44

Re: Browsing the internet and privacy

#25 2011-11-02 22:17:07

Re: Browsing the internet and privacy

Board footer