Browser Versions Carry 10.5 Bits of Identifying Information on Average

Electronic Frontier FoundationThis is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2.

Whenever you visit a web page, your browser sends a “User Agent” header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).

Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.

User Agents: An Example of Browser Characteristics Doubling As Tracking Tools

When we analyze the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network. Continue reading.

Related Posts

File-Sharing Software Potential Threat to Health Privacy The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing sof...
What we can learn from Jason Chen’s experience Not too long ago, Jason Chen, a Gizmodo editor, had all the computer related materials in his residence seized by cops acting on a warrant in relation...
Beware of Proprietary Drift The Free Software Foundation (FSF) announced yesterday a campaign to collect a clear list of OpenOffice.Or...
A Bill of Privacy Rights for Social Network Users Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connection...
In Networks We Trust European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the d...
It’s not the Gates, it’s the bars To pay so much attention to Bill Gates' retirement is missing the point. What really matters is not Gates, nor Microsoft, but the unethical system of ...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*