Browsers leave fingerprints that identify users

Posted by Emma Woollacott

Even without cookies, the vast majority of browsers leave unique signatures that can be used to track a user's online activity, according to the Electronic Frontier Foundation (EFF).

The EFF created a tool - here - which can extract information from visitors including operating system, version numbers for plug-ins - and even system fonts, screen size and color.

It found that 84 percent of the configuration combinations were unique and identifiable, creating browser 'fingerprints'. Browsers with Adobe Flash or Java plug-ins installed were 94 percent unique and trackable.

"Several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities," said EFF senior staff technologist Peter Eckersley.

"This experiment is an important reality check, showing just how powerful these tracking mechanisms are."

Those browsers that block JavaScript were less easy to identify, says the EFF, and some browser plug-ins can  be configured to limit the information that the browser shares with websites.

But overall, says the EFF, it's 'very difficult' to reconfigure a browser to make it less identifiable.

"Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability," said Eckersley.

"We hope that browser developers will work to reduce these privacy risks in future versions of their code."

The full white paper, How Unique is Your Web Browser?, is here.