Identifying Browsers
The Panopticlick project is an interesting data collection exercise and experiment aimed at understanding just how unique a browser (yours, not to put too fine a point on it) is.
In essence, the EFF researchers show how to fingerprint a browser (1) without storing any state in the browser and (2) simply by executing code that reads public properties and configuration that your browser makes available (this information includes the “UserAgent” string, but goes far beyond it to detect other properties like installed fonts and plug-ins, screen size, screen resolution, and time zone, among others).
I first heard about this project from Bruce Schneier’s February Cryptogram (covering his January 29 blog post – most of the comments, including one from the EFF researcher, Peter Eckersley, are enlightening), but then a paper about the system crossed my email Inbox. Going to the site, I found that my browser (as of 15 March) has about 19.5 bits of entropy and is unique out of 741,612 browsers that have visited the page. Like most other people have experienced, the most distinct parts of my fingerprint are my system fonts and my plug-in details. My user-agent (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6), time zone (EDT), and screen details (1440x900x24) also give away some bits of identifying information, but much less than the fonts and plug-ins.
Schneier’s blog links to this Arstechnica news story.
Other related work is the browserrecon project.
