Your Web Browser Verifies You

The Electronic Freedom Foundation web site has an interesting experiment underway. Of the 806,321 persons who had visited that site, no one had the same identifying characteristics as me. A web connection shares a great deal of information in case the destination site can produce a richer experience for the client. Unlike many communication approaches, capabilities aren’t negotiated; they’re reported.

Of 806,321, I am the only one with this particular set. In a way, this is like a fingerprint. The set lacks the permanence of a fingerprint (web browser characteristics change) and it is the fingerprint of the web browser on a machine. Multiple web browsers will give a machine multiple fingerprints. Multiple machines will give a person multiple fingerprints.

This can be just enough consistency to become a second factor (a “something you have”) in a two factor authentication process. Your userid / password combination maps to the device (web browser) that you usually use.

Four months later, using a different (although superficially similar) machine: 1,083,078 clients had visited, and no one matched my configuration.

Two and a half years later, different machine: 3,139,039 had visited, and no one matched my configuration.

See also: Peter Eckersley’s “How Unique Is Your Web Browser?” [pdf].

See also: CentralOps Browser Mirror

See also: What’s My User Agent?

Comments are closed.