EFF launches web browser entropy tool

The Electronic Frontier Foundation (EFF) has launched a tool called Panopticlick, designed to tell a user how uniquely identifiable their web browser is. Panopticlick works by analyzing the information that a browser sends to a website, and then calculating the entropy involved – how close the information that is relayed comes to revealing a unique identity.

"Because there are around 7 billion humans on the planet, the identity of a random, unknown person contains just under 33 bits of entropy (two to the power of 33 is 8 billion)," said an explanation of Panopticlick by Peter Eckersley, staff technologist for the EFF. "When we learn a new fact about a person, that fact reduces the entropy of their identity by a certain amount."

The high entropy of many web browsers can lead to device fingerprinting, in which websites are able to hone in on the identity of a visiting individual. Many websites are already engaging in this activity, the EFF said.

Even when cookies are turned off, other information relayed by a web browser reduces entropy. In particular, the User-Agent string, which contains the name, operating system and precise browser version number reveals extensive information about a single computer.

"On average, User-Agent strings contained about 10.5 bits of identifying information, meaning that if you pick a random person's browser, only one in 1500 other internet users will share their User-Agent string," Eckersley continued.

Panopticlick's release follows recent reports that it is possible to identify individuals from anonymous data. Ian Brown of the Oxford Internet Institute is writing a report for the European Commission detailing how sensitive data that can be extracted from a large data set even when uniquely identifying information has been removed.

The EFF advises users to use a "non-rare" browser, which include many smartphone browsers. Disabling JavaScript can help, as can using the Tor anonymous browsing network.

What’s hot on Infosecurity Magazine?