Your Web Browser Verifies You

The Electronic Freedom Foundation web site http://panopticlick.eff.org has an interesting experiment underway. Of the 806,321 persons who had visited that site, no one had the same identifying characteristics as me. A web connection shares a great deal of information in case the destination site can produce a richer experience for the client. Unlike many communication approaches, capabilities aren’t negotiated; they’re reported.

Of 806,321, I am the only one with this particular set. In a way, this is like a fingerprint. The set lacks the permanence of a fingerprint (web browser characteristics change) and it is the fingerprint of the web browser on a machine. Multiple web browsers will give a machine multiple fingerprints. Multiple machines will give a person multiple fingerprints.

This can be just enough consistency to become a second factor (a “something you have”) in a two factor authentication process. Your userid / password combination maps to the device (web browser) that you usually use.

Four months later, using a different (although superficially similar) machine: 1,083,078 clients had visited, and no one matched my configuration.

Two and a half years later, different machine: 3,139,039 had visited, and no one matched my configuration.

See also: Peter Eckersley’s “How Unique Is Your Web Browser?” [pdf].

See also: CentralOps Browser Mirror

See also: What’s My User Agent?

Advertisements

Comments are closed.