A few years ago, The New York Times exposed how “anonymous” search data isn’t anonymous by using saved AOL search terms to track down an elderly widow in Georgia. Now, the Electronic Frontier Foundation has revealed that Web browsers leave information on websites you visit, which could be used to track your digital movements.
Volunteers for an EFF experiment visited panopticlick.eff.org. The website logged data that are automatically collected when you visit most sites: configuration and version of a user’s operating system, browser and plug-ins.
That information was compared with a database of configurations from other visitors.
EFF found that 84 percent of the configuration combinations ended up identifying unique browsers — essentially acting as fingerprints. Browsers installed with Adobe Flash or Java plug-ins were unique and trackable 94 percent of the time.
The privacy concerns are obvious. Do you want others to find out that you visit NSFW sites like Hawtness? Advertising networks could (and some do) use this information to secretly monitor you across websites and build a profile of your behavior and interests.
Implications for journalists
As journalists, the problem is compounded. A government agency or corporation could track your research and maybe even sources through your browser. If you cover the Pentagon, for example, would you want your fingerprints on the databases and public records that you review on defense.gov? What if you clicked on the e-mail link for a top-level executive at a major corporation?
Stephen Doig, Knight Chair in Journalism at the Walter Cronkite School of Journalism at Arizona State University, has spoken at IRE and NICAR conferences about “spycraft” — how to keep sources safe from the government or corporations. He discusses ways to keep Internet searches and e-mail private, make untraceable phone calls, use encryption programs and deal with keyloggers. (If you are an IRE member, you can download tipsheets from one of his talks.)
Self-defense
The Electronic Frontier Foundation found that browsers that block JavaScript blend in because their configurations look more like other browsers. You may be able to find browser plug-ins that reduce how much information is shared with sites. But there doesn’t seem to be much else you can do.
The Panopticlick site offers a few tips that could help keep you anonymous online:
- Use a standard browser. EFF says the most common browser is the latest release of Firefox on a Windows computer. But then you have to consider all the plug-ins you use, which makes using a “standard” version harder than you’d expect. Oddly enough, your best bet is to use a smart phone browser. They offer fewer configuration options and are harder to trace.
- Disable JavaScript. This is easy, but it makes a lot of websites unusable. An alternative is to use Firefox plug-ins like NoScript or AdBlock Plus.
- TorButton is a plug-in that sends incorrect browser configuration information data to websites, covering your tracks.
- “Private browsing” is now available on several modern browsers. This prevents your computer from storing cookies, browsing history, images and other data from websites that you visit. It doesn’t affect what information a website collects about your browser, but it does clear the evidence of your activity from your own computer.
Seem paranoid? Maybe, but if it’s important that you not to leave fingerprints when you’re online, better safe than sorry.
Comments