Guide | How To EFF Panopticlick: Test your browser against Tracking

[Dirk41]

Hi everyone!

Surfing the web I found this
Panopticlick

I think it is made by the creators of https everywhere and privacy badger

I recommend you to read their privacy policy before perform in the test

And I suggest you to read the explanation of the results etc

One thing : probably it will say you also that your web fingerprint is unique , but IMHO, that result is due to the small number of testers ( about 200000 .. How many people in the world use Internet ? )

But anyway the part about the fingerprint makes me think ( please , as always , tell me if I am wrong because I am not an expert ) that when people , in the Internet , suggest to use less common OS/browser /etc because they are less targeted by malwares ,they , maybe , don't think that this makes your web fingerprint more unique .

Let me know what do you thing if want .

 

[_CyberGhosT_]

Thanks Dirk41, that was kind of cool.

 

[Handsome Recluse]

I think they calculate stuff to get an estimate of how unique you are. Most who go there are nerds though making Firefox less fingerprintable than Chrome even though Chrome is more common.

 

[Myriad]

Panopticlick is a great tool , and the eff do fantastic work on behalf of every internet user on Earth ,
whether those users know it or not .
They have my utmost respect .

The downside is that the results can be very confusing and even misleading , especially for the " Mom and Pop "
type users who may have started reading about the serious privacy related issues we are all facing ,
( there have been plenty of Panopticlick debates on various other security oriented forums ) .

Put simply , it gives a measure of how unique you appear to be , compared to a given pool of other users .
More " visible " or less ?
More a target of interest , or too much trouble for the average data-mining company ?

It is a mistake to try to read more than that into the results , IMO .

I imagine a sheep on it's own , and maybe feeling a bit vulnerable , like an easy target , so it goes and hangs around
with a big herd of sheep , and feels happier and more secure .
Then one day it decides to paint itself blue .

That's what I think of when I look at the effects of hardening a browser ..... adblockers , noscript , canvas defender
and all of the rest , and how it affects the Panopticlick result .

You start getting more blue , that's what happens .

Only the individual can decide if that is a good thing or bad .

.... just my 2 Baht worth

 

[ozone]

I think it depends on many factors
linux user are rarely targeted by ads, but can be traced easier than windows user
windows user are more common, so good target for malware author

 

[Dirk41]

Thank you all .

IMO the most important results are those that say you if your browser config is good or not against tracking ( first 2 result of the first part of the test ) . That's enough

Thanks Dirk41, that was kind of cool.
View attachment 135308

Wow how did you get undefined in plugins ? I got it only with my iPhone. Not on PC

I imagine a sheep on it's own , and maybe feeling a bit vulnerable , like an easy target , so it goes and hangs around
with a big herd of sheep , and feels happier and more secure .
Then one day it decides to paint itself blue .

That's what I think of when I look at the effects of hardening a browser ..... adblockers , noscript , canvas defender
and all of the rest , and how it affects the Panopticlick result .

You start getting more blue , that's what happens .

Only the individual can decide if that is a good thing or bad .

.... just my 2 Baht worth

Very true





Anyway does anyone think it would be possible to make "undefined " in all fingerprint blanks ?
Just out of curiosity
Could you do it with tails and Tor ?

 

[ozone]

Wow how did you get undefined in plugins ? I got it only with my iPhone. Not on PC

disable plugins

Anyway does anyone think it would be possible to make "undefined " in all fingerprint blanks ?
Just out of curiosity
Could you do it with tails and Tor ?

nope

you can disable javascript to avoid most fingerprints, except for ip, headers, user agent, cookies, ...

link for results without using javascript: Panopticlick

using tor you will get "generic" fingerprint which is same/similar for other tor user

you can check more browser fingerprints on this site BrowserLeaks.com - Web Browser Security Checklist for Identity Theft Protection

 

[ozone]

I don't know if this is known but each browsers (firefox, chrome, ...) are sending request headers in different orders so even if you try to modify your browser with extensions and tweaks to look same like another you can't do it completely, as there will be always something you cannot change

first image is firefox (left) and chrome (right) modified to look like tor, you cannot tell which one is chrome or firefox

Spoiler

second image for same browsers (firefox – top, chrome - bottom), using site HTTP Header Viewer: list browser headers I can check request headers order and find out which browser target user is using

Spoiler

 

[Dirk41]

I don't know if this is known but each browsers (firefox, chrome, ...) are sending request headers in different orders so even if you try to modify your browser with extensions and tweaks to look same like another you can't do it completely, as there will be always something you cannot change

first image is firefox (left) and chrome (right) modified to look like tor, you cannot tell which one is chrome or firefox

Spoiler

View attachment 135540

second image for same browsers (firefox – top, chrome - bottom), using site HTTP Header Viewer: list browser headers I can check request headers order and find out which browser target user is using

Spoiler

View attachment 135542

Thank you in fact I was wondering why that website can guess my real browser and OS even if I set a fake user agent in Firefox ( other websites saw me like I used macOS and safari . Panopticlick instead guess Firefox and Windows )

 

[ozone]

Thank you in fact I was wondering why that website can guess my real browser and OS even if I set a fake user agent in Firefox ( other websites saw me like I used macOS and safari . Panopticlick instead guess Firefox and Windows )

sites are using simpler ways to check your OS and browser
they can use cookies but mainly javascript (Navigator Object)