On Thu, Jan 26, 2012 at 7:38 PM, William Kenworthy <bi...@iinet.net.au> wrote: > On Thu, 2012-01-26 at 11:14 -0500, Michael Mol wrote: >> On Thu, Jan 26, 2012 at 11:04 AM, Frank Steinmetzger <war...@gmx.de> wrote: >> > On Thu, Jan 26, 2012 at 09:34:56AM -0500, Michael Mol wrote: >> > >> >> >>> I guess you mean https://panopticlick.eff.org/ >> >> >> >> >> >> My results from work: >> >> >> >> >> >> Your browser fingerprint appears to be unique among the 1,939,102 >> >> >> tested so far. >> >> >> >> >> >> Currently, we estimate that your browser has a fingerprint that >> >> >> conveys at least 20.89 bits of identifying information. >> >> >> >> >> > >> >> > >> >> > Funny, I get exactly the same thing except add one to the large number. >> >> > I guess you tested before I did. How does one avoid this but still >> >> > have sites work? >> >> >> >> Well, I just went to the same site using a Chrome 'incognito' browser, >> >> and got this: >> >> >> >> Within our dataset of several million visitors, only one in 969,560 >> >> browsers have the same fingerprint as yours. >> >> >> >> Currently, we estimate that your browser has a fingerprint that >> >> conveys 19.89 bits of identifying information. >> > >> > I get almost the same numbers with just using NoScript and Flashblock. (And >> > the above result when I allow the Java applet and JavaScript). >> > >> > This backs me up in using noscript and flashblock. Sometimes I doubt myself >> > when I get asked once more why I would use NoScript in times when most of >> > the >> > web relies on JS. I then say that privacy and comfort is more important to >> > me >> > than having to allow JS on a site from time to time. (Even though some >> > sites >> > obviously don't work without it, such as video portals, most of them still >> > do, >> > albeit some gt a borked layout from it). >> >> FWIW, I'm not using NoScript or Flashblock, only an Adblock. And >> Chrome blocked the Java applet both in the normal and incognito modes. >> >> > > To turn this on its head ... rather than hiding, is there a way to > create identical browsers that pollute their (google et al.) databases? > > Perhaps a read only VM with a standard fit out? (noscript etc. - > basically a sandboxed browser for the paranoid!) > > or does such a thing already exist?
Sure. Boot an Ubuntu live CD and use the browser in there. And forget all the fancy plugins. For how panopticlick works, their presence will say more about you then their absence. Your target needs to be having as simple, generic a setup as possible. Disabling features which come enabled by default sets you apart. Adding fonts to the system, or adding plugins to the browser, or enabling extensions, or having an unusual operating platform show up in your User-Agent--all of it. Every customization you make makes you more unique. It's much the same as dressing the same as everyone else outside; it's called keeping a low profile. -- :wq
