Home Business IT Security How unique is your presence on the Internet?
You might think that thousands, nay millions of people will be on the Internet with the same browser and operating system as you.  That may-well be true, but it's not as simple as that.

Electronic Frontier Foundation (EFF) has introduced The Panopticlick - the name being derived from Bentham's Panopticon which was a design for a prison where a limited number of unseen guards could operate the facility.

Later the name became a metaphor for unseen watchers - widespread public video surveillance being the obvious example.

Visiting the site we find a simple page asking a simple question: "Is your browser configuration rare or unique?  If so, web sites may be able to track you, even if you limit or disable cookies."

The opening page continues: "Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.

"Only anonymous data will be collected by this site."  In fact EFF states elsewhere that the only 'identifying' information is a 3-month persistent cookie they leave behind to stop collecting duplicate information from the same computer.

Run the Panopticlick and after a few moments a new page will be delivered.  The results may surprise you.

The site has a brief conversation with your browser and reports back the results.  In my case, my exact configuration is absolutely unique amongst the 388,030 people who have used the site.

How can that be?

Amongst other things, the Panopiclick collects the following information:

User Agent: the self-identifying string that every browser will report upon request.  Mine was "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/ Safari/532.0." for a relatively early Chrome build.  Around one in 86 people using the Panopticlick had the exact same User_Agent.

HTTP_Accept Headers: the description of valid information your browser will accept from a web server.  Mine said "text/html, */* ISO-8859-1,utf-8;q=0.7,*;q=0.3 gzip,deflate,sdch en,en-US;q=0.8,en-AU;q=0."  This was far more unique, just 5 others out of the 388,000 who had used the Panopticlick were the same.

Browser Plugin Details: The list of plug-ins your browser has currently installed.  I had about 40 (I didn't count them!) and just one other person had the same list.

Time Zone: Just one in 86.22 people were in the same Eastern Australian time zone as me.

Screen Size and Color Depth: one person in every 15 had the same 1280 x 800 x 32 as me (obviously we're all on laptops!)

System Fonts: This one is really interesting.  It appears that the browser will always report the font list in the order they were installed, not some 'normalised' order (such as alphabetical).  Just two other people had the same fonts in the same order.

Readers will not be surprised to know that the Panopticlick declared be to be unique amongst all tests.

So, what does this all mean?

Whether or not cookies are enabled, it seems quite easy to uniquely identify people upon repeat visits to a site.

For those interested, the EFF offers some moderately mathematically-based background on what the system is trying to achieve.

In addition, the FAQ offers some very useful information.

Currently around 85% of all the nearly 390,000 visitors to the site have been judged unique.

The system does NOT include SuperCookies (stored by Flash, SilverLight etc), neither does it access CPU ID information.  Also, (for very obvious reasons) Panopticlick doesn't collect information that would require user permission.

The EFF makes this final point on their FAQ page:

The quality of data that we get from this project is definitely decreased as a result of the fact that the design of the website encourages people to play with their browser configurations. A lot of people are doing things like turning off javascript, entering private browsing mode, or deleting cookies just to see what effects those actions have on uniqueness.

That's great from an educational point of view, but it's probably going to add a lot of noise to our data that we'll only be able to correct for partially. We'd have gotten better data by putting these tests in an invisible corner of a high-traffic website, but that simply isn't the EFF way when it comes to running an experiment like this: we wanted to make sure people knew they were participating, and let them know - even approximately - how rare/unique they were.

In case you're wondering, it seems that relatively fixed devices - iPhones for instance, display the greatest number of non-unique users; home PCs are almost certainly going to be unique.

Try it, and please report your findings in the comments.


Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Popular News




Guest Opinion


Sponsored News