For various reasons, Web browsers freely pass information to Web host. Lots of information, just ask BrowserSpy.dk.
For various reasons, Web browsers freely pass information to Web hosts. Lots of information, just ask BrowserSpy.dk.
In my last article, I referred to Panopticlick, a Web application that determines how identifiable/traceable a Web browser is, just from the information it passes to Web sites. Using Panopticlick, the Electronic Frontier Foundation (EFF) looks at the following characteristics, ultimately calculating the entropy level of your Web browser:
- User Agent
- HTTP Headers
- Browser Plug-in Details
- Time Zone
- Screen Size and Color Depth
- System Fonts
- Are Cookies Enabled?
- Limited super cookie test
In my recent wanderings around the Internet, I found a Web site called BrowserSpy.dk. The Web site is Panopticlick on steroids, performing the same checks that Panopticlick does, plus an additional 64 tests. I had no idea that much information could be obtained from Web browsers.BrowserSpy.dk
"A collection of online tests that show you how much personal information can be collected from your browser just by visiting a Web page.
BrowserSpy.dk can tell you all kinds of detailed information about you and your browser. Information ranging from simple stuff like the name and version of your browser to more detailed stuff like what kind of fonts you have installed and what hardware you're running on."Some questions
I managed to get in touch with Henrik. During our e-mail conversation, I asked several questions about BrowserSpy.dk and why he was so interested in this particular facet of IT. Here are those questions and his responses:TechRepublic: What inspired you to devote so much time and effort to BrowserSpy.dk? Henrik Gemal: I mainly use it at work or for support when people have no idea what version of browser or operating system they are running. At a point, the purpose of BrowserSpy.dk changed a bit. Now, it is a challenge for me to find out just how much information I can get out of a Web browser. TechRepublic: If you had to pick just five tests, which ones would you consider the most important? Henrik Gemal: The tests I consider important are:
Browser: This was the very first page I've created in the BrowserSpy.dk suite.
CSS Exploit: A bit scary, since we are able to check which sites you have been visiting.
Fonts via Flash: Yes, we can see your fonts too.
IP Address: Use this page if you have to get the IP address.
Java: I like to stay updated in terms of software and sometimes I check what version of Java I'm running.
As I checked out each of the tests, I began to understand how much information specific to my Web browser and computer can be captured by Web sites. Henrik mentioned that he wasn't sure what it could be used for, but the EFF believes it can be used to form an identifiable footprint. That in of itself is enough.Final thoughts
I would like to thank Henrik Gemal for his useful and informative Web site, as well taking time to answer my questions.