Browser Versions Carry 10.5 Bits of Identifying Information on Average

Electronic Frontier FoundationThis is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2.

Whenever you visit a web page, your browser sends a “User Agent” header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).

Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.

User Agents: An Example of Browser Characteristics Doubling As Tracking Tools

When we analyze the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network. Continue reading.

Related Posts

Google Superbowl Ad Explains The Need for Search Privacy Google's ad during yesterday's Superbowl explained in less than a minute how the story of someone's life can be pieced together from their search quer...
Help EFF Research Web Browser Tracking What fingerprints does your browser leave behind as you surf the web? Traditionally, people assume they can prevent a website from identifying them...
Proposed guidelines for open government plans Open Source for America (OSFA) represents more than 1,600 businesses, associations, non-governmental organizations, communities, and academic/research...
Privacy Risks from Geographic Information In today's world more geographic information is being collected about us, such as where we live, where the clinic we visited is located, and where we ...
Why “Open Source” misses the point of Free Software By Richard Stallman: When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change ...
Data Privacy Day is January 28, 2010! Around the globe, people use powerful technologies and devices every day to improve their lives. Businesses develop software, build hardware and prov...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

Leave a Comment

Your email address will not be published. Required fields are marked *