The Electronic Freedom Foundation web site http://panopticlick.eff.org has an interesting experiment underway. Of the 806,321 persons who had visited that site, no one had the same identifying characteristics as me. A web connection shares a great deal of information in case the destination site can produce a richer experience for the client. Unlike many communication approaches, capabilities aren’t negotiated; they’re reported.
Of 806,321, I am the only one with this particular set. In a way, this is like a fingerprint. The set lacks the permanence of a fingerprint (web browser characteristics change) and it is the fingerprint of the web browser on a machine. Multiple web browsers will give a machine multiple fingerprints. Multiple machines will give a person multiple fingerprints.
This can be just enough consistency to become a second factor (a “something you have”) in a two factor authentication process. Your userid / password combination maps to the device (web browser) that you usually use.
Four months later, using a different (although superficially similar) machine: 1,083,078 clients had visited, and no one matched my configuration.
Two and a half years later, different machine: 3,139,039 had visited, and no one matched my configuration.
See also: Peter Eckersley’s “How Unique Is Your Web Browser?” [pdf].
See also: CentralOps Browser Mirror
See also: What’s My User Agent?