Electronic Frontier Foundation Shows How Little Privacy There Is Online

After the story concerning the possibility of speeding the DNS lookup earlier today, I happened to see a story concerning the tracks that a browser can leave across the internet, and a tool from the Electronic Frontier Foundation.

Have you ever wondered why so many sites have small blurbs showing what you are running, and asking if you want to install updates for one or more pieces of software on your machine? These are not guesses, but the conclusions made from information sent by the browser, to better enable you to have a seamless journey on the internet. The trouble is, much of that information can be turned against you, which is why having a good firewall is a necessity.

A story from InfoWorld tells how the EFF is getting your back, and also gives information about their tool -

The Electronic Frontier Foundation has created an on-line tool that details the wealth of information a Web browser reveals, which can pose privacy concerns when used to profile users.

The EFF’s Panopticlick tool takes just a few seconds to pluck out information that a Web browser divulges when visiting a Web site, such as a user’s operating system, version numbers for plug-ins, system fonts and even screen size, color and depth.

And all of that from just a few seconds connected.

Taken together, that information is a unique fingerprint for a particular PC, which could be used to repeatedly identify a particular visitor a Web site, the EFF said.

The EFF, which has campaigned against intrusive on-line advertising systems, warns that advertising companies are already using digital fingerprinting techniques, wrote Peter Eckersley, an EFF staff technologist, on the organization’s blog.

“They develop these methods in secret, and don’t always tell the world what they’ve found,” Eckersley wrote. “But this experiment will give us more insight into the privacy risk posed by browser fingerprinting and help web users to protect themselves.”

Panopticlick anonymously records a visitor’s system configuration and then compares it to a database of five million other configurations. On Friday, the Panopticlick Web site said it had collected 188,394 browser fingerprints so far.

Users are mistaken if they think that merely disabling cookies — small text files stored in browsers that allow Web sites to recognize repeat visitors among other functions — will protect their privacy.

The question for most people is one of their prospective importance in the larger world. For most people, getting so involved in security is just not worth the time, because few people are actively being tracked.

In a separate blog post, Eckersley wrote that the user-agent string of a browser reveals the computer’s operating system, precise version number of the browser and kind of browser used. Only about one in 1,500 Web surfers have the same user-agent string, Eckersley wrote.

A user-agent string along isn’t quite enough information to track somebody but “in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the user-agent string becomes a real privacy problem,” Eckersley wrote.

To stay more anonymous, the EFF recommended using a common browser, such as the latest version of Firefox running a recent version of Microsoft’s Windows operating system. Turning off JavaScript is another option, since that is how Web sites detect plugins and fonts, but that also can hamper how well Web sites work.

Another option is to use a mobile browser, the EFF said.

“Current versions of the iPhone, Android, and BlackBerrys do not vary much with respect to plugins, installed fonts or screen size,” the EFF said. “This situation may well change in the future, but until it does, most of these devices are far less fingerprintable than any sort of desktop PC.”

You just knew there was a reason for that fancy phone, didn’t you. Who knew that a browser sitting on a phone could become an effective way to keep “da man” off your back. For now.

Just as an aside, this is one of the nice things about Opera. It is a little more secure than most browsers, and the browser itself will help you out by spoofing its name. You can have Opera report that it is Internet Exploder, Mozilla, and Netscape. I haven’t checked recently, by now other choices could be available.

§



Opera, the fastest and most secure web browser

Sometimes I forget how much better the music of my youth was. I’m listening to some Hendrix right now…

Dolly Dagger, her love’s so heavy gonna make you stagger! Dolly Dagger, she drinks her blood from a jagged edge…