Panopticlick Can Help You Defend Against Tracking Cookies And Browser Fingerprinting

If you do not take the proper precautions, whenever you use an internet browser like Firefox, Chrome, Safari, Opera, or Internet Explorer your internet activity can be logged via tracking cookies and browser fingerprinting.

A cookie is a text file containing information regarding the websites you visited that had the same cookie. For example, if you visit a website that has 3rd party ads like Google Adsense, and then you visit other sites with Google Adsense, then the cookie will contain information on all of the sites you have visited with Google Adsense. This data is then used to suggest products and services tailored to your preferences based on your browsing activity. This is a breach of privacy, and there is no guarantee the data stored in cookies won’t be sold to 3rd parties or intercepted by hackers.

Another way companies can identify individual computers and log internet activity is browser fingerprinting. Websites have access to data regarding the configuration of your browser and computer. Even when using the most common browsers, your computer can be differentiated by the various plugins and fonts it has installed. Once a fingerprint has been established companies can use this information to aggregate a long term record of your internet browsing activity. The EFF finds that 94.2% of browsers with Flash or Java enabled can be uniquely fingerprinted, and even when a fingerprint is changed due to an upgrade, 99.1% of the time the new fingerprint can be linked to the previous one. It is possible to increase privacy by disabling Flash and Java, such as with the tool NoScript, but this is not a good option for most users since that would cause numerous websites to not work correctly.

The insidious thing is that even if you are actively blocking tracking cookies, or in the extreme case do not allow cookies at all, browser fingerprinting still works. If you do allow cookies and you clear of all your cookies at some point, the browser fingerprint in combination with your IP address makes it possible to regenerate the cookie, making it possible to track your internet activity long term no matter how many times you delete your cookies. These regenerable cookies are called supercookies.

The Electronic Frontier Foundation (EFF) is an organization dedicated to defending digital privacy, free speech, and innovation, and in order to reduce the impact of tracking cookies and browser fingerprinting they have created Panopticlick. Simply click ‘test me’ and Panopticlick will determine your browser’s fingerprint and how well your browser is blocking tracking cookies.

The EFF setup three different websites in order to determine how well your browser is blocking tracking cookies. The first website simulates tracking by a visible ad, and if this ad is blocked then the test passes. The second website simulates a non-visible tracking beacon, and if this is blocked then the test passes. The third website has the Do Not Track policy enabled, and if this website’s scripts are not blocked then the test passes.

A brief Segway into Do Not Track. Essentially, Do Not Track is a setting you can choose in your browser where you tell websites not to track you, and certain websites will not track you if this setting is enabled. The EFF believes that if more people use Do Not Track it would increase the incentive for websites to use this policy, since they could still display their ads while simultaneously users do not have to worry about being tracked. This would help preserve privacy friendly websites that depend on ad funding. Unfortunately, most websites do not utilize Do Not Track, so many privacy-oriented internet users find browser plugins which simply block all ads.

If Panopticlick users see that their browser is not properly blocking tracking cookies, they can proceed to adjust their browser settings and install certain plugins to block tracking cookies. The EFF has created a program called Privacy Badger which does this for you if you use Chrome and Firefox. Future Cypherpunk Labs articles will explore other ways to block tracking cookies.

Finally, Panopticlick displays your current browser fingerprint. You can then try different ways to get rid of your fingerprint and test your progress with Panopticlick.

Apparently the best way to avoid browser fingerprinting and tracking cookies is by using Tor. In response to Panopticlick, Tor now standardizes the user agent string in the browser fingerprint, restricts the fonts that websites can use, and can aggressively block javascript, aside from the fact that the IP address is constantly changing when browsing with Tor.

Essentially, tracking cookies and browser fingerprinting is something privacy-oriented internet users should be aware of, since if no action is taken then your internet activity can be tracked long term. There is no simple fix to this issue. It is up to the user to properly configure the settings and install certain plugins and programs to get rid of tracking cookies and stifle fingerprinting. A major caveat is that if you do not thoroughly stifle fingerprinting then your browser may end up having an even more unique fingerprint than other browsers.

There is a basic three step test to achieve internet browsing privacy. First find a way to block tracking cookies while simultaneously allowing cookies that are necessary for a website’s functionality. Then learn about all the types of supercookies and figure out how to disable them. Finally, figure out a way to make your browser fingerprint non-unique. This is easier said than done, but if all three steps are completed then you can browse the clear web with far more privacy.