Reveals more than enough information

For various reasons, Web browsers freely pass information to Web host. Lots of information, just ask

For various reasons, Web browsers freely pass information to Web hosts. Lots of information, just ask


In my last article, I referred to Panopticlick, a Web application that determines how identifiable/traceable a Web browser is, just from the information it passes to Web sites. Using Panopticlick, the Electronic Frontier Foundation (EFF) looks at the following characteristics, ultimately calculating the entropy level of your Web browser:

  • User Agent
  • HTTP Headers
  • Browser Plug-in Details
  • Time Zone
  • Screen Size and Color Depth
  • System Fonts
  • Are Cookies Enabled?
  • Limited super cookie test

In my recent wanderings around the Internet, I found a Web site called The Web site is Panopticlick on steroids, performing the same checks that Panopticlick does, plus an additional 64 tests. I had no idea that much information could be obtained from Web browsers. is the brainchild of Henrik Gemal. The Web site started out as a few JavaScript utilities back in 1999. Henrik describes the Web site as:

"A collection of online tests that show you how much personal information can be collected from your browser just by visiting a Web page. can tell you all kinds of detailed information about you and your browser. Information ranging from simple stuff like the name and version of your browser to more detailed stuff like what kind of fonts you have installed and what hardware you're running on."

Some questions

I managed to get in touch with Henrik. During our e-mail conversation, I asked several questions about and why he was so interested in this particular facet of IT. Here are those questions and his responses:

TechRepublic: What inspired you to devote so much time and effort to Henrik Gemal: I mainly use it at work or for support when people have no idea what version of browser or operating system they are running. At a point, the purpose of changed a bit. Now, it is a challenge for me to find out just how much information I can get out of a Web browser. TechRepublic: If you had to pick just five tests, which ones would you consider the most important? Henrik Gemal: The tests I consider important are:

Browser: This was the very first page I've created in the suite.

CSS Exploit: A bit scary, since we are able to check which sites you have been visiting.

Fonts via Flash: Yes, we can see your fonts too.

IP Address: Use this page if you have to get the IP address.

Java: I like to stay updated in terms of software and sometimes I check what version of Java I'm running.

TechRepublic: In your experience, do different Web browsers (in default condition) reveal varying amounts of information? Henrik Gemal: Internet Explorer has and still does reveal much more information than the other systems. After IE, they pretty much reveal the same information. TechRepublic: Do you agree with the EFF (Panopticlick), that information provided by a Web browser is sufficient to identify and track the computer/user combination? Henrik Gemal: Yes, I do think that. Not really sure what it can be used for, but we could see someone taking advantage of it. I've heard of a security company that did profiling of PCs using information that Panopticlick and reveals. Footprints

As I checked out each of the tests, I began to understand how much information specific to my Web browser and computer can be captured by Web sites. Henrik mentioned that he wasn't sure what it could be used for, but the EFF believes it can be used to form an identifiable footprint. That in of itself is enough.

Final thoughts

Knowing what I do now, I will not surf the Internet without my trusty NoScript set to forbid everything. I realize it is a pain to manually allow each JavaScript to run. Yet, that seems less painful than having to rebuild a computer.

I would like to thank Henrik Gemal for his useful and informative Web site, as well taking time to answer my questions.