privacy and licensing

Browser Versions Carry 10.5 Bits of Identifying Information on Average

Electronic Frontier FoundationThis is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2.

Whenever you visit a web page, your browser sends a “User Agent” header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).

Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.

User Agents: An Example of Browser Characteristics Doubling As Tracking Tools

When we analyze the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network. Continue reading.

Related Posts

The Evil That Apple Does Apple’s new iPad is going to be a laptop supplement for some early-adopters, a laptop replacement for others, and a laptop instead-of for still other ...
How essential is anonymity to peer to peer relationality? How essential is anonymity to peer to peer relationality? I believe answering that question becomes easier if we look at the historical development...
A Primer on Information Theory and Privacy If we ask whether a fact about a person identifies that person, it turns out that the answer isn't simply yes or no. If all I know about a person is t...
Who Controls Identity on the Web? The race to own your virtual identity is on. In announcements made just days apart at the end of April, Facebook and the Mozilla Foundation launched p...
The Multiple Meanings of the Term “Open” Over the last couple of months I’ve found myself involved, both actively and passively, in several conversations that contained terms like “open” or “...
Proposed guidelines for open government plans Open Source for America (OSFA) represents more than 1,600 businesses, associations, non-governmental organizations, communities, and academic/research...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*