Sorry for the bad news. Anonymous browsing is not real, it is just a lie so you are honest at browsing and do online believing your identity is being protected.
In this post i will show some results from the project created by the Electronic Frontier Foundation called Panopticlick.
- Do not believe in what your eyes see. This option creates a false sense of security, nothing worse.
When doing the test of your browser, you will most likely see a message like this:
2) Browser tracking goes even deeper and deeper. Even you get the binaries from Firefox already compiled, you will be surprised that on different computers the Browser produces very different responses, that together create a unique fingerprint.
Unique numbers obtained for the same computer but different versions of Firefox.
The identifiers that have more relevance are the Hashes of Canvas and WebGL. For example, the identifier for WebGL says that one browser in 8320 has this ID but together with the other identifiers (not considering external data).
Changing the version of Firefox keeps the same Canvas identifier (always on the same computer).
Is TOR Browser better protecting on this scenario ?
Yes, i said the magic word, oh yes, we are going to the deep web. Before presenting the results i would like to say that Tor may not be the perfect solution. But it is gaining popularity. Be careful, because the only fact of using tor could create a fingerprint for your person: for example, you are in a place full of people, and you are the only one wearing a mask, that would create a unique id for you.
This test looks better:
And the already known identifiers look better also. I hope this is trustworthy.
Ok now we are at the end of this post. I could not find one place that explains how those unique identifiers (or hashes) are created, at some places it says that it depends on the computer: memory, video driver and other things… true is that our team in Buenos Aires has tested different configurations: more or less RAM, more or less Video Memory, other video driver, but the hashes remained the same.
It would be interesting to test a different operating system: another kernel version, 32 bits instead of 64, redhat instead of debian.
Thanks to the Perl Mongers in Buenos Aires for helping in the analysis.