There's a fun new research project by public rights fighters at the Electronic Frontier Foundation (EFF). Panopticlick. The boffins there believe it is very likely that you can be (almost) uniquely identified by the cumulation of info in your browser. They say that the sum of installed OS, browser handle, language, plugins, local time zone, usable fonts, etc. form a profile of you that is almost as unique as a fingerprint. A few lines of Javascript can read this out. Even if your browser has a private browsing setting, that doesn't help.
Now you can just add things up. Maybe you have cookies enabled, too. Oh, that will identify you very uniquely. Maybe not, but the server could still get additional info on your rough location and ISP by looking at your IP adress, unless you use a proxy all the time.
A website can easily identify you with those information and link what you do online to your profile and you. For example Google. Just think what the big G knows about you. Their Superbowl commercial made it quite clear, ironically. Life situation, hobbies, sexual preferences, possibly illegal actions even (not depicted in the ad). It can be as detailed as you wish.
There are certain restrictions, of course. For starters, however rare your browser fingerprint may be, it is probably not unique. One in 250.000 browsers may have your info. [check your browser's uniqueness here] But they could still get a specific zombie pinned down by ISP & location. The other restriction is bigger, though. What if I update my browser? Install new plugins? New fonts? Yep, your fingerprint just changed.
With that said you'd have to take certain heuristics into consideration when trying to log someones profile. How many parameters can change in what time span? Well, fonts probably won't get deinstalled, only new ones installed. With new applications for example. A little hard, but achievable.
Now if some site had those info and your real life adress and name - like eBay or some online shop for example - it goes wild. No privacy no more, mister zombie man!
What can you do against it? Pretty much nothing. Changing your browser, plugins and so on every once in a while is not very feasible. Of course you can browse via proxies like Tor to mask your IP, but that can be rather slow and then they could log your traffic or passwords. A few ISPs don't give region handles with their DNS servers, but you have to look a bit to find one. You can deactivate Javascript and every other extension, but that would harshly hinder your internet experience.
Now you can just add things up. Maybe you have cookies enabled, too. Oh, that will identify you very uniquely. Maybe not, but the server could still get additional info on your rough location and ISP by looking at your IP adress, unless you use a proxy all the time.
A website can easily identify you with those information and link what you do online to your profile and you. For example Google. Just think what the big G knows about you. Their Superbowl commercial made it quite clear, ironically. Life situation, hobbies, sexual preferences, possibly illegal actions even (not depicted in the ad). It can be as detailed as you wish.
There are certain restrictions, of course. For starters, however rare your browser fingerprint may be, it is probably not unique. One in 250.000 browsers may have your info. [check your browser's uniqueness here] But they could still get a specific zombie pinned down by ISP & location. The other restriction is bigger, though. What if I update my browser? Install new plugins? New fonts? Yep, your fingerprint just changed.
With that said you'd have to take certain heuristics into consideration when trying to log someones profile. How many parameters can change in what time span? Well, fonts probably won't get deinstalled, only new ones installed. With new applications for example. A little hard, but achievable.
Now if some site had those info and your real life adress and name - like eBay or some online shop for example - it goes wild. No privacy no more, mister zombie man!
What can you do against it? Pretty much nothing. Changing your browser, plugins and so on every once in a while is not very feasible. Of course you can browse via proxies like Tor to mask your IP, but that can be rather slow and then they could log your traffic or passwords. A few ISPs don't give region handles with their DNS servers, but you have to look a bit to find one. You can deactivate Javascript and every other extension, but that would harshly hinder your internet experience.
In the end, the digizombie of today has to take that risk. Just think about it the next time you enter something on a website.
Posts
No comments:
Post a Comment