You have persistent cookie storage turned off and you think you can’t be identified? You are so wrong.
I think I’ve seen it before, but I lately discovered PanOptiClick again. It’s a website where your browser fingerprint is compared to everyone else who used the website, and it tells you how unique that fingerprint is. You are encouraged to give it a try, since that makes their sample size bigger.
Your browser fingerprint consists of informations every website you visit knows about you:
- Your user agent
- Your HTTP_ACCEPT headers
- Your browser plugins list, including versions (plugins like your PDF-Viewer or Java/Flash plugins, not browser extensions)
- Your timezone, as reported by your browser
- Your screen size and color depth
- Your system font list, as reported by Flash and Java, which are presumably even ordered in inode walk order.
- Whether cookies are enabled or not
- A so-called supercookie test which seems to test localstorage
That’s quite a bit of information, right? This should rarely to never change, and quite possibly is unique to your computer:
Your browser fingerprint appears to be unique among the 2,622,016 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 21.32 bits of identifying information.
Within our dataset of several million visitors, only one in 262,202 browsers have the same fingerprint as yours.
Currently, we estimate that your browser has a fingerprint that conveys 18 bits of identifying information.
This is also not including the font list, because it somehow couldn’t be retrieved on my machine.
And shockingly, there would be more information which can be used to identify your browser, just take a look at BrowserSpy. There is also a nice paper by the EFF on the topic, but I’ve not taken a closer look at it yet.
Then of course there is also evercookie which probably would be worth a blog post on it’s own, a more persistent, nearly undeleteable cookie.