Web bugs and browser finger printing

Every time you visit a web page your web browser shares certain data with the web server. This data is shared for many good reasons. The most obvious is so the server can tailor the web page to give you the best experience. For example, if you are visiting a page on a phone the web server will see that you are on a phone and automatically re-direct you to the mobile site which may be easier to view. Similarly, Macs and PCs have different sets of fonts installed by default, a web site may automatically pick the font that will look best on your computer.

Every time you visit a web page your web browser shares certain data with the web server. This data is shared for many good reasons. The most obvious is so the server can tailor the web page to give you the best experience. For example, if you are visiting a page on a phone the web server will see that you are on a phone and automatically re-direct you to the mobile site which may be easier to view. Similarly, Macs and PCs have different sets of fonts installed by default, a web site may automatically pick the font that will look best on your computer.

Step 1: Look at the data your browser shares with websites

In this step you will be looking at the information your browser sends to web servers on your behalf. The Electronic Freedom Foundation (EFF) has created a web page called Panopticlick to help educate people about how trackable they are online. The web page shows you all the different types of data web pages can collect from your browser. It also tells you how unique the data your browser is compared to other web browsers that have visited Panopticlickin the past.

  1. Visit: Panopticlick
  2. Click Test button. This should result in a web page which shows you details about your web browser and how common those details are.
  3. Click the "Show full results for fingerprinting" link near the bottom to see all the results of the test.
  4. Try opening Panopticlick on at least two web browsers, such as Firefox and Chrome. Identify at least two pieces of information that are different between the two web browsers. Identify at least two pieces of information that are the same for both browsers.
  5. Try opening Panopticlick while in Private Browsing (Firefox) or Incognito (Chrome). Do you see any difference between when you are in Private Browsing and when you are not?

Step 2: Change the data you send to websites

  1. Install a browser add-on that changes the information sent to websites. You can use either Chrome or Firefox.
    • Firefox: Install "User Agent Overrider"
    • Chrome: Install "User-Agent Switcher for Chrome"
  2. Change the User Agent to either an iPhone or to Android.
  3. Visit Panopticlick again.
  4. Observe that the User Agent row now shows your computer as an Android or an iOS phone device. Changing your User Agent causes your browser to lie to websites about what software you are running.
  5. Visit Twitter.
  6. Observe that the twitter.com website re-directed you to the mobile.twitter.com website. It did this because it believes that your computer is a phone.
  7. Try visiting a couple of websites with your browser set as a phone or other browser and see how the internet sometimes looks different on different sites.
  8. How might you use this control over your User Agent information to manage your privacy online?