18 votes

Cover Your Tracks - A new EFF project designed to better uncover the tools and techniques of online trackers and test the efficacy of privacy add-ons (successor to Panopticlick)

15 comments

  1. [2]
    Durallet
    Link
    Some more thoughts regarding fingerprinting. The purpose of browser fingerprinting techniques is to harvest as much identifying data about the user's browser, device, and behavior as possible....

    Some more thoughts regarding fingerprinting.

    The purpose of browser fingerprinting techniques is to harvest as much identifying data about the user's browser, device, and behavior as possible. Thanks to modern technology, it's possible to gather and correlate all these data points together to paint a picture of person behind the screen. This creates a situation where standardizing everything creates pseudo-anonymity as users of that setup are largely indistinguishable from each other (i.e. what Apple or TOR Browser do).

    • Devices which are tightly constrained in terms of specs are less identifiable. This means popular products from major brands make it easier to blend in with other users of the same device.
      ex. An iPhone 12 is more common than a custom built gaming pc tricked out with an ultrawide monitor
    • Using popular browsers makes it easier to blend in. Conversely, deliberately switching to anything besides Chrom(e|ium) makes you stand out like a sore thumb.
      ex. Nearly everyone using a mobile device uses the default browser. Picking up a third party browser app like Lighting or Kiwi Browser (or even Firefox) is not anything the multitudes do (or can even conceive of).
    • Extensions and tweaks affect browser and user behavior. Each additional change cumulatively adds to the amount of information ("bits") and makes an user unique.
      ex. The Privacy Badger extension works by examining all connections made during your regular browsing sessions. Everybody has different habits and hangouts, so naturally their browsing history will become unique as time goes on without resetting the Privacy Badger extension. This means that the persistent blocklist that Privacy Badger creates has become a proxy for that unique browsing history.
    • User behavior before and during the browsing session adds bits, especially if they are persistent habits.
      ex. Most people use their browser in maximized window mode. Anyone who resizes their window (e.g.a random resolution like 1207x988) and browses persistently without changing it again has just created a nearly unique data point.
    8 votes
    1. onyxleopard
      Link Parent
      Even if they can’t build a picture of the person behind the screen on the first impression, once you’re fingerprinted, you can be tracked across domains and even browsing sessions. And that...

      Thanks to modern technology, it's possible to gather and correlate all these data points together to paint a picture of person behind the screen.

      Even if they can’t build a picture of the person behind the screen on the first impression, once you’re fingerprinted, you can be tracked across domains and even browsing sessions. And that tracking can then garner even more information, such as what times you browse, and potentially what sites you visit if you visit a group of sites that can match the same fingerprint in their database (or if they are part of the same ad network that can match your fingerprint).

      3 votes
  2. [12]
    suspended
    (edited )
    Link
    I'm getting 'good' results from this test but not 'great'. What does this mean for an end user stance? EDIT: I realize that this article addresses some of these things. However, I am asking in...

    I'm getting 'good' results from this test but not 'great'. What does this mean for an end user stance?

    EDIT: I realize that this article addresses some of these things. However, I am asking in order to start a conversation here.

    EDIT2: With 'Privacy Badger' add-on installed on Firefox, I am still getting the same 'good' results but not 'great'.

    2 votes
    1. [2]
      Deimos
      (edited )
      Link Parent
      After you finish running it, you should get a really long report page with "Your Results" and "Detailed Results" sections that goes through all the different factors and explains how unique yours...

      After you finish running it, you should get a really long report page with "Your Results" and "Detailed Results" sections that goes through all the different factors and explains how unique yours are. That's kind of the core feature of the tool: letting you see what aspects of your browser/setup are contributing the most to making you identifiable by trackers.

      Under "Your Results", if it says something like "Your browser fingerprint appears to be unique among the 277,196 tested in the past 45 days." that's probably a bad thing (but it's also really hard to not get the unique result—that's the point), because it means that tracking companies would be able to use the same methods EFF is using to uniquely identify you across sites.

      In the detailed results, the things to pick out as the "worst" will be ones that have high numbers for both "Bits of identifying information" and "One in x browsers have this value". High values on those mean that your browser is giving a rare response and is more easily identifiable.

      8 votes
      1. suspended
        Link Parent
        Thank you for explaining this and much appreciated!

        Thank you for explaining this and much appreciated!

        2 votes
    2. [9]
      Durallet
      Link Parent
      This question is too vague and there's no information about your setup to give any meaningful advice/interpretation. Things to keep in mind: This tool is used by the privacy conscious, which will...

      This question is too vague and there's no information about your setup to give any meaningful advice/interpretation.

      Things to keep in mind:
      This tool is used by the privacy conscious, which will eventually skew the "uniqueness" results towards weird and highly profile-raising setups. i.e. "Hardened Firefox"
      More extensions = more fingerprinting opportunities since your browser will behave radically differently from the normal users. This includes ad blockers and especially using weird or regional blocklists.
      Use the default or popular browsers to blend in. i.e. Safari on MacOS/iOS, Chrome/Edge on Windows, Chromium/Firefox on Linux.

      2 votes
      1. petrichor
        Link Parent
        That's certainly well-exemplified by the "Platform" statistic. Linux on the desktop sure seems to have gotten popular recently... PLATFORM Linux x86_64 Bits of identifying information: 2.91 One in...

        This tool is used by the privacy conscious, which will eventually skew the "uniqueness" results towards weird and highly profile-raising setups.

        That's certainly well-exemplified by the "Platform" statistic. Linux on the desktop sure seems to have gotten popular recently...


        PLATFORM
        Linux x86_64
        
        Bits of identifying information: 2.91
        One in x browsers have this value: 7.52
        
        6 votes
      2. [5]
        suspended
        Link Parent
        Safari on Mac (Big Sur) desktop 14.0.1 with no add-ons or any other modifications: Produces the exact same results as Firefox with strictest privacy settings with uBlock Origin and Privacy Badger.

        Safari on Mac (Big Sur) desktop 14.0.1 with no add-ons or any other modifications:

        Produces the exact same results as Firefox with strictest privacy settings with uBlock Origin and Privacy Badger.

        2 votes
        1. [4]
          Durallet
          Link Parent
          What are the actual results of the report? You want to read the line about the bits of identifying information. Higher = worse because it is easier to identify the user and correlate activity.

          What are the actual results of the report?

          You want to read the line about the bits of identifying information. Higher = worse because it is easier to identify the user and correlate activity.

          Your browser fingerprint appears to be unique among the 277,992 tested in the past 45 days.

          Currently, we estimate that your browser has a fingerprint that conveys at least XX bits of identifying information.

          1 vote
          1. [3]
            suspended
            Link Parent
            Firefox: Safari:

            Firefox:

            Your browser fingerprint appears to be unique among the 277,238 tested in the past 45 days.

            Currently, we estimate that your browser has a fingerprint that conveys at least 18.08 bits of identifying information.

            Safari:

            Your browser fingerprint appears to be unique among the 277,253 tested in the past 45 days.

            Currently, we estimate that your browser has a fingerprint that conveys at least 18.08 bits of identifying information.

            1. [2]
              Durallet
              Link Parent
              So I tried it with Chromium and Firefox on Linux, that part that I quoted appears to stay the same as far as bits of info are concerned. @Deimos' comment is right about needing to go further down...

              So I tried it with Chromium and Firefox on Linux, that part that I quoted appears to stay the same as far as bits of info are concerned. @Deimos' comment is right about needing to go further down to check each individual element of fingerprinting and seeing how unique each feature tested is.

              Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
              Bits of identifying information: 8.4
              One in x browsers have this value:337.37

              Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
              Bits of identifying information: 9.74
              One in x browsers have this value:853.24

              3 votes
              1. suspended
                Link Parent
                Yes. Thank you for breaking this down further...much appreciated!

                Yes. Thank you for breaking this down further...much appreciated!

                2 votes
      3. suspended
        Link Parent
        This section of your comment is much appreciated. Thank you!

        Things to keep in mind

        This section of your comment is much appreciated. Thank you!

        2 votes
      4. suspended
        Link Parent
        I'll try a minimalist default Safari and report back.

        I'll try a minimalist default Safari and report back.

        1 vote
  3. Shahriar
    Link
    States I have strong protection, but I'm still susceptible to fingerprinting. Oops!

    States I have strong protection, but I'm still susceptible to fingerprinting. Oops!