Cross-browser fingerprinting test 2.0

A partial 'fingerprint' will suffice...

Is this experiment the first of its kind?

No. Our experiments were inspired by the Panopticlick project (2010). Our first dataset collection attempt - which is still accessible and testable - was launched in September 2010 following a similar concept, with the aim of testing a browser- and plugin-independent fingerprinting technique. The experiment can be considered a success from many aspects (e.g. we showed that the set of installed fonts was an adequate source of information for such techniques); however, we could not collect data from enough test runs to indisputably prove the browser-independence of the concept.

Is the article showing the available results accessible somewhere?


What is the difference between our experiment and Panopticlick?

The Panopticlick project checked if a browser was unique, among all browsers checked thus far, by the information that described it. However, our goal is to identify the client device, rather than the browser; the fingerprint must be the same for all browsers running on the same system. It is therefore recommended to run the test on multiple browsers, and compare the results.

The test failed. Why is that?

This is not a problem. During the test, we record several pieces of information that are not incorporated into the calculated fingerprint. This will allow us to further refine and extend the information considered for the fingerprint after collecting a sufficiently large data set.
For instance, our test detects thousands of fonts, but the fingerprint comprises less than 100 (the so-called 'feature set'). As not all fonts can be detected in all browsers and operating systems, this set will be extended after examining our database.

I have never been here, but the test says it has found my fingerprint. What does that mean?

During the test, only a tiny fraction of the available information is used. Therefore, it is quite conceivable that multiple users get the same fingerprint, albeit not very typical.
This problem can be fixed by incorporating more of the available information into the fingerprint; however, this is also a part of our research, and the fine tuning of the algorithm will happen posteriorly.

I cannot use the chosen user name. How can this be fixed?

The user name is stored in a so-called evercookie. If it is set in one browser, it will be available on the others on the same system. However, the evercookie script is sometimes a bit slow to load, and at these times, it is not 'detected by the browser'. Whenever this happens, it is recommended to reload the page a few times after waiting a few seconds.
Unfortunately, if the evercookie is damaged or deleted, the user name cannot be recovered anymore.
You may intentionally delete the evercookie by using the 'Remove evercookie' link. The evercookie is, however, quite stubborn sometimes, so you might need to repeat this step in multiple browsers, after reloading the page several times.

Is FireGloves the only available means of defence?

No. There are many ways of defending oneself against fingerprinting techniques. Read more »

How 'fireproof' is FireGloves?

FireGloves is a proof-of-concept application which does not aim to operate perfectly, undetectably, and be impossible to circumvent; it merely demonstrates an alternative mode of operation, i.e. how the user experience (and the success of fingerprinting attacks) would change if the features of FireGloves were to be incorporated into browsers by default.