The Electronic Frontier Foundation [EFF] is conducting an interesting research project, called Panopticlick (Bentham fans will recognize the reference), to attempt to find out whether it is possible to track individuals across the Web without employing the usual suspects: Web bugs, cookies, and so on. The hypothesis,basically, is that because browsers can report a good deal of configuration information to the Web server, it might be possible to identify individuals passively, just by tracking browser characteristics.
Many users are surprised at the amount of data that their browsers can be coaxed into disclosing. The list below will give you some idea (but is not exhaustive):
- User Agent string, which identifies the browser and version. On this machine, running Firefox 3.6 under Kubuntu Linux 8.4, my browser reports: “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6”
- Time zone
- Screen size and color depth
- Plugin configuration
- System fonts
- Cookie settings
From admittedly limited anecdotal evidence, it appears that plugin configurations and font collections tend to be most distinctive.
I have not tried it yet, but will be interested to see to what extent, if any, the “private” or “incognito” modes in some browsers make a difference.
The EFF has a page of suggested defenses against browser tracking; I’m not sure how useful they really are. Perhaps a Firefox or Chrome extension could be developed that would allow the returned values to be modified by the user, or randomized.