RSS Alerts

Related Links

Related Stories

  • Microsoft, Marlinspike threaten Google data gathering policy
    Google faced challenges to its search engine's data gathering policy this week from two sides. Microsoft bettered the search engine giant by revising its own search privacy policy, while security researcher Moxie Marlinspike delivered a service that allows users to bypass Google's data gathering procedures altogether.
  • Google Chrome in anonymity blunder
    The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports.
  • MIT projects raise privacy questions
    Two experiments conducted at MIT are raising questions about the level of privacy among those who use modern tools such as mobile phones and social networks - and suggesting that there is even less of it than most of us already thought.
  • Smartphone security has privacy problems
    WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities.
  • Organizations Counsel New President on Privacy Issues
    President Obama has yet another set of technological recommendations to mull over following his inauguration today. The National Institute of Standards and Technology (NIST) published a draft set of recommendations for protecting personal information, while the Future of Privacy Forum (FPF) provided its own list of requirements for protecting consumer privacy.

News

EFF launches web browser entropy tool

01 February 2010

A new tool released by privacy advocacy group EFF is designed to help users find out how identifiable their web browsers are online.

The Electronic Frontier Foundation (EFF) has launched a tool called Panopticlick, designed to tell a user how uniquely identifiable their web browser is. Panopticlick works by analyzing the information that a browser sends to a website, and then calculating the entropy involved – how close the information that is relayed comes to revealing a unique identity.

"Because there are around 7 billion humans on the planet, the identity of a random, unknown person contains just under 33 bits of entropy (two to the power of 33 is 8 billion)," said an explanation of Panopticlick by Peter Eckersley, staff technologist for the EFF. "When we learn a new fact about a person, that fact reduces the entropy of their identity by a certain amount."

The high entropy of many web browsers can lead to device fingerprinting, in which websites are able to hone in on the identity of a visiting individual. Many websites are already engaging in this activity, the EFF said.

Even when cookies are turned off, other information relayed by a web browser reduces entropy. In particular, the User-Agent string, which contains the name, operating system and precise browser version number reveals extensive information about a single computer.

"On average, User-Agent strings contained about 10.5 bits of identifying information, meaning that if you pick a random person's browser, only one in 1500 other internet users will share their User-Agent string," Eckersley continued.

Panopticlick's release follows recent reports that it is possible to identify individuals from anonymous data. Ian Brown of the Oxford Internet Institute is writing a report for the European Commission detailing how sensitive data that can be extracted from a large data set even when uniquely identifying information has been removed.

The EFF advises users to use a "non-rare" browser, which include many smartphone browsers. Disabling JavaScript can help, as can using the Tor anonymous browsing network.

 

This article is featured in:
Compliance and Policy Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water