Sticky Fingers: How Web Browsers Still Leave 'Fingerprints'

"browser screenshot"

If you're interested in protecting your online privacy, you've probably taken steps like deleting browser cookies or turning on the private browsing features of Safari and Google Chrome.

That's supposed to prevent Web sites from tracking you across repeat visits. But a forthcoming paper prepared by an Electronic Frontier Foundation technologist shows that they're not really effective at all.

The reason is simple, but counterintuitive: Modern browsers have been designed to send Web sites a torrent of information thought to be innocuous, including detailed version numbers, operating system information, screen size, what fonts are installed, and sometimes even in what order the fonts were installed. Firefox, for instance, sends every Web site a version number such as "Intel Mac OS X 10/Gecko/20100315 Firefox/3.5.9."

Once this collection of facts--which are individually anonymous--is combined together and compared against other users' browsers, the data can become personally identifiable. (It's like being able to find someone's name if you know their birth date, ZIP code, and gender, which is not that difficult a task.)

Peter Eckersley the Australian computer scientist working at EFF who wrote the report, calls the technique "browser fingerprinting." Eckersley's paper will be presented at a privacy symposium in Berlin in July.

Read the full article on CNET

  • Declan McCullagh On Twitter»

    Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.