Privacy and Device Fingerprinting
While reading DevOps news to keep Morpht in-line with the current best practices, I stumbled upon a paper called "FPDetective: Dusting the Web for Fingerprinters", covering a study performed by KU Leuven researches in Belgium. The team put together a web crawler called FPDetective and has crawled the million most popular websites of the Internet, detecting fingerprinting.
Device Fingerprinting is a technique, which uses a browser environment characteristics, like installed fonts, installed plugins, screen resolution, to generate an unique device-specific fingerprint.
Visit the Panopticlick research project of the Electronic Frontier Foundations to find out how unique your browser configuration is.
My browser fingerprint was unique among the 3.5 million users who have visited the Panopticlick website before me!
The Panopticlick projects was covered in a paper called "How Unique Is Your Web Browser?" by Peter Eckersley in 2010. One of the finding was that 94.2% of browsers with Flash or Java were unique in their sample!
While the Panopticlick project focuses on your browser uniqueness, the current FPDetective project (which will be presented at the 20th ACM Conference on Computer and Communications Security that takes place in Berlin in November 2013) wants to know how many websites out there already use device fingerprinting.
One of the most interesting conclusions I found in the FPDetective paper says that Flash-based fingerprinting was present the homepages of 145 out of the top 10,000 sites. That is 1.5% of the top 10.000 websites tracking you!
As all of this raises serious privacy concerns, I presented this topic as a lightning talk at October Sydney Drupal meetup, to make my friends, colleagues and customers aware of this. You can download the talk slides from here.
- Panopticlick: https://panopticlick.eff.org/
- paper: How Unique Is Your Browser? (PDF): https://panopticlick.eff.org/browser-uniqueness.pdf
- FPDetective project: http://homes.esat.kuleuven.be/~gacar/fpdetective/
- paper: FPDetective: Dusting the Web for Fingerprinters (PDF): http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf
- Fingerprint image source: http://www.flickr.com/photos/downy_squirrel/1223021285