Browser Versions Carry 10.5 Bits of Identifying Information on Average

Electronic Frontier FoundationThis is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2.

Whenever you visit a web page, your browser sends a “User Agent” header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).

Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem.

User Agents: An Example of Browser Characteristics Doubling As Tracking Tools

When we analyze the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network. Continue reading.

Related Posts

Video, Freedom And Mozilla My LCA talk on Friday was about why open video is critically important to free software, and what Mozilla is doing about (plus a discussion of the rel...
The Traceability of an Anonymous Online Comment Yesterday, I described a simple scenario where a plaintiff, who is having difficulty identifying an alleged online defamer, could benefit from subpoen...
Celebrating Data Privacy Day I'm assuming most people already know this, but if you did not, today is Data Privacy Day. Given that those in control of the wheels of the digital ma...
Unintended Consequences: Twelve Years Under the DMCA Twelve years after the passage of the controversial Digital Millennium Copyright Act (DMCA), the law continues to stymie fair use, free speech, scient...
Web 2.0 versus Control 2.0 The fight for free access to information is being played out to an ever greater extent on the Internet. The emerging general trend is that a growing n...
The Beginning of the End of Data Retention Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was ...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*