Impressive idea for fingerprinting a user, especially along the font/plugin vector.
Looking at just Java plugins, and the number of releases, you could also in theory age a browser, on how long it's been operational on how far back in versions of a plugin the browser maintains.
Wow! I am quite surprised. I use a Macbook running Snow Leopard, fully up-to-date software, with Safari. I don't (yet) have any after market fonts installed. And yet "Your browser fingerprint appears to be unique among the 47,390 tested so far." That is creepy.
Who is using this type of profiling as an alternative to cookies and other techniques? I would love to see some examples.
Apparently I have a unique browser fingerprint as well. With so many different plugin and font combinations, I think that there are bound to be quite a few uniques.
Mine is unique too. Only 7 other people at the time of my test had the same plugin profile, and nobody had the same exact fonts (only thing I've knowingly added are MS fonts and ProggyCleanTTSZ).
If you keep refreshing, you can watch the numbers change. (If not, try disallowing cookies first; then Javascript second.) This leads me to think that, since the numbers are shrinking slowly (12.5 bits... 12.1 bits... 11.8 bits...), it means that: of the full collection of data that your browser is sending, only __ bits actually makes you unique. Meaning to say, some of the data is common to others, so isn't useful for distinguishing you from them.
Those fingerprints are mostly based on information that your browser gives out voluntarily for no good reason (the server doesn't need to know your fonts, screen resolution, plugins or user-agent).
Thus an easy workaround would be to use a plugin that randomizes all this, which turns your one unique identity into many unique identities.
user-agent is most definitely needed. My server gives different content depending on which kind of client accesses the page and I certainly don't want to do that in javascript.
I, too, am a unique snowflake. Unique among 52,301.
But here's a surprise. My UserAgent string is for the version of Firefox distributed three weeks ago as a security patch to Ubuntu Linux 9.10. One in 45.01 browsers has that exact rev. of Firefox.
So over 2% of EFF visitors are running this exact version of Firefox and Ubuntu Linux? That's much more popular than expected.
Fascinating. It's hard to believe that my Safari setup has a lot of entropy in the plugins, since I don't have anything special installed there, just Click2Flash and Silverlight. My system fonts, though, are more unique. Not many people have Macs with Consolas installed on them.
After some thought, this sort of seems like it's missing the point.
What I'm curious about is what the current state of cookie and user click stream sharing among analytics/advertising companies is. What proportion of my browsing history is known to any given company, and what proportion given collusion? Are there any studies on this?
So, it looks like you can get fairly close to unique identification (at least so far), by paying attention to system fonts. I actually find it a bit hard to believe that I'm the only one out of 59,132 with this set of system fonts.
I was puzzled by that too, but when I deleted the cookie from panopticlick.eff.org it no longer claimed I was unique among 60-some thousand, but among half that number.
This can't be right. According to that site, my HTTP_ACCEPT header of "text/html, / UTF-8,* gzip,deflate en-au,en-us;q=0.7,en;q=0.3" is unique. Uh .. is it? Looks fairly standard to me?
System fonts are a very telling fingerprint, though. I tried the test on two browsers; the first time it said I was one in ~60k, the second time was one in ~30k. So it is working.
Yeah, but I haven't changed them? Maybe FF is doing something weird since it's the US english firefox running on an Australian English user account but I wouldn't have thought I'm the only person in the world doing that. I suppose it's possible I'm the first to visit that page, though. 60k people isn't much really.
Looking at just Java plugins, and the number of releases, you could also in theory age a browser, on how long it's been operational on how far back in versions of a plugin the browser maintains.