Is Your browser cheating on You??

Reading Time: 2 minutes

Just to calm down my friends reading this blog … no, I haven’t developed personal relationship with my browser, however as many of us I’ve personalized it and I feel comfortable with it right now. All the plugins, configuration etc. It is our daily used tool now so probably all of us have done something to customize it.

Is our browser also attached to us or does it flirt (how strange it may sound) with others on the network???

(cc) bored-now

Through Kim Cameron’s blog I‘ve found project Panopticlick page started by Electronic Frontier Foundation (EFF). This project aims to try how easy is to identify person identity in Internet based on characteristics of its main tool … web browser. Question is how easy is to distinguish You from other Internet users based on elements like Your browser user agent, fonts, screen resolution and other data which can be accessed from browser by any web page.

Let see  – this is example of check performed on my browser:

So my browser has unique footprint among almost 400k of other browser tested. In other words – yes, my browser is cheating on me and it allows web sites to track me without my knowledge … definitely not nice.

Another example which shows that this approach might work came from information about OpenOffice market share. Method which was used to identify OO users was based on checking fonts installed on system through browser. OO install unique fonts – which might be used as indicator that OO is present on a system – without user interaction at all. Scary … ???

Also Kim Cameron posted another example:

(…) The authors claim the groups in all major social networks are represented through URLs, so history stealing can be translated into “group membership stealing”.  This brings us to the core of this new work.  The authors have developed a model for the identification characteristics of group memberships – a model that will outlast this particular attack, as dramatic as it is. (…)

So browser can be used to identify a user in Internet or to harvest some information without its consent. Will it really become a problem and will it be addressed in some way in browsers in a future? This question has to be answered by people responsible for browser development. We will see …