Hacker News new | ask | show | jobs
by groby_b 5228 days ago
Pardon me for doubting the EFFs claim. Just for grins, I took my stock laptop (as handed out by my company, so I _know_ they're identical), fired up a completely unmodified Safari (not my normal browser, hence nothing installed), and it still claims I'm unique.

At which point the word BS comes to mind.

But just for grins, I repeated the test with a Chromebook fresh out of the box, and of course it's flagged "uniquely identifiable".

I'm not saying the underlying claim - browser characteristics can be used to track you - is bogus. I am saying that I think that site is intentionally exaggerating for effect. Or, more realistically, that while they can extract 20+ bits of info from those strings, the values in that 20+ bit domain are far from uniformly distributed.
2 comments
wtallis 5228 days ago
Why is it implausible that either of those systems has a unique fingerprint among all those that have run the Panopticlick tool?
link
groby_b 5228 days ago
Because that means that nobody with a stock chromebook and nobody with a stock laptop from my employer (of which there are many, let's put it that way) has ever visited the panopticlick site.

But just because, I tried two more chromebooks (same model), both in guest mode, both stock configuration - and they're both flagged as "unique" too.

Maybe I'm just a victim of a really long update cycle of their database.

(Addendum: I went back with my original laptop, all cookies cleared, and it's indeed not considered unique any more. So maybe I really just saw some lag in updating their DB)

(Addendum 2: Just to clarify, I never doubted that you can be uniquely identified. But the "unique" part was wrong for my sample. )

link
cpeterso 5228 days ago
Even if you have the same system fonts and plugins installed, the order in which they are reported may be stable on one system but differ on another (due to filesystem inode layout). The EFF's Panopticlick FAQ [1] suggests that Flash and Java plugins should alphabetize the font lists reported from their APIs to reduce variation.

https://panopticlick.eff.org/faq.php

link
groby_b 5228 days ago
Wait, posting factual info gets you downmodded? Go HN, I guess.
link
bkirwi 5228 days ago
He's probably being downvoted (not by me) because he's misunderstood the tool: his signature is unique among all browsers that have visited that page, not every browser in existence.
link