Methods used to identify your anonymous browsing

Sorry for the bad news.  Anonymous browsing is not real, it is just a lie so you are honest at browsing and do online believing your identity is being protected.

In this post i will show some results from the project created by the Electronic Frontier Foundation called Panopticlick.

Screenshot from 2017-04-30 17:55:08

  1. Do not believe in what your eyes see.  This option creates a false sense of security, nothing worse.

Screenshot from 2017-04-30 18:00:02

When doing the test of your browser, you will most likely see a message like this:

Screenshot from 2017-04-30 18:03:16

2) Browser tracking goes even deeper and deeper.  Even you get the binaries from Firefox already compiled, you will be surprised that on different computers the Browser produces very different responses, that together create a unique fingerprint.

Unique numbers obtained for the same computer but different versions of Firefox.

Firefox 52.0.2

Screenshot from 2017-04-30 18:13:42

The identifiers that have more relevance are the Hashes of Canvas and WebGL.  For example, the identifier for WebGL says that one browser in 8320 has this ID but together with the other identifiers (not considering external data).


Firefox 53.0.0

Changing the version of Firefox keeps the same Canvas identifier (always on the same computer).

Screenshot from 2017-04-30 18:19:16

Is TOR Browser better protecting on this scenario ?

Yes, i said the magic word, oh yes, we are going to the deep web.  Before presenting the results i would like to say that Tor may not be the perfect solution.  But it is gaining popularity.  Be careful, because the only fact of using tor could create a fingerprint for your person:  for example, you are in a place full of people, and you are the only one wearing a mask, that would create a unique id for you.

This test looks better:

Screenshot from 2017-04-30 18:25:29

And the already known identifiers look better also.  I hope this is trustworthy.

Screenshot from 2017-04-30 22:06:33

Ok now we are at the end of this post.  I could not find one place that explains how those unique identifiers (or hashes) are created, at some places it says that it depends on the computer: memory, video driver and other things… true is that our team in Buenos Aires has tested different configurations: more or less RAM, more or less Video Memory, other video driver, but the hashes remained the same.

It would be interesting to test a different operating system: another kernel version, 32 bits instead of 64, redhat instead of debian.

Thanks to the Perl Mongers in Buenos Aires for helping in the analysis.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s