Panopticlick and Online Privacy

I prefer not to be tracked by ad-networks and other 'services' on the net and so far thought I was pretty much o.k. with having my cookies deleted whenever I end a browser session and having flash cookies disabled by default. But now it seems this is not quite the case.

Have a look over at the Electronic Frontier Foundation's (EFF) Panopticlick project and run the test yourself. By analyzing the user-agent information the web browser gives the web server when it connects together with additional information that can be queried and returned by JavaScript and Flash content embedded in a page, it is in most cases possible to uniquely identify you again. Yes, uniquely, as the combination of browser version, available fonts on the system, their reported order, time zone, screen size and a couple of other parameters generates such a wide range of combinations.

When running my browser as it is, my PC is identified as unique among 1.2 million devices already tested. If I activate No-Script to prevent JavaScript and Flash to execute on that page, the detection rate is down to 1:6815 devices. Still a shocking number. And if you add my German IP address into the mix in combination with the browsers language set to English, the whole thing probably blows up again.

Pretty solid research from the EFF and I hope we come up with some browser plug-ins soon that randomly change some of this information from time to time to protect my privacy.