Privacy and the Browser Fingerprint

The Electronic Frontier Foundation (EFF) is reporting on its recent experiment regarding anonymous web browsing.  In its test, the EFF tracked the types of browser information a website typically accesses when a user visits a site.  This information, known as a browser fingerprint, includes details like type of browser, time zone, screen resolution, whether or not cookies are accepted, browser plug-ins and system fonts.  The EFF compared the browser fingerprints it gathered against a set of configurations for nearly a million other users.  Results revealed that over 80 percent of the browser fingerprints it gathered were identifiable.  Further, over 90 percent of the browser fingerprints were identifiable if the browser had Adobe Flash or Java plug-in installed.  Surprisingly, some of the steps a user may take to protect his or her privacy such as using a flash blocking browser plug-in actually proved to make the browser fingerprint more unique and therefore easier to track. 

 

To try to minimize or obscure the browser fingerprint, EFF recommendations include using a common browser type and disabling javascript. While a change to the browser (upgrade, new plug-in) may alter the fingerprint, it may still be identifiable and although some browsers include a private browsing mode, they are not that effective for really privatizing a fingerprint. 

 

While the fingerprint does not reveal a person’s actual identity on its own, if the fingerprint is stored with personally identifiable information, then who the user is and all of their online activity is at risk for exposure.  Based on the EFF evaluation, browser fingerprinting may need to take its place along side cookies and IP addresses in terms of online privacy, which does mean disclosing browsing fingerprinting practices in online privacy policies.