Cookie conundrum
in [UK Mac]
|
From: Woody on 3 Feb 2010 09:45 Sn!pe <snipe(a)spambin.fsnet.co.uk> wrote: > Woody <usenet(a)alienrat.co.uk> wrote: > > > I would imagine that your enropy should be increasing if you are unique > > and reducing if you are not. > > when you retest, other people have looked in the mean time and more > > people have added to the database, so the sample size is bigger. > > I puzzled for a minute or two over whether reported entropy was > increasing or decreasing and thought that I had got it right. Whatever, > you get the idea. The retesting was done every five seconds or so, so I > doubt the site had had many more visitors with just my configuration in > that time. No, that is the point. The site had had more visitors without your configuration. You were (say) 1 in 510,000 as you were unique amoungst the 510,000 people who were in the database. When you went back 5 seconds later, you were still unique, but you were 1 in 510,010 as 10 more people had visited, therefore your entropy was higher, ie, slightly less chance of finding you by random. If you go back in a week or so you will probably be 1 in 600,000 etc. > As it happens I now see that this point is addressed in the rather > well hidden FAQ. The link to the FAQ was on the first page. It wasn't hidden - it was highlighted. -- Woody
From: Phil Taylor on 3 Feb 2010 09:47 In article <1jdcdfr.x3377hxtz11bN%snipe(a)spambin.fsnet.co.uk>, Sn!pe <snipe(a)spambin.fsnet.co.uk> wrote: > Woody <usenet(a)alienrat.co.uk> wrote: > > > I would imagine that your enropy should be increasing if you are unique > > and reducing if you are not. > > when you retest, other people have looked in the mean time and more > > people have added to the database, so the sample size is bigger. > > I puzzled for a minute or two over whether reported entropy was > increasing or decreasing and thought that I had got it right. Whatever, > you get the idea. The retesting was done every five seconds or so, so I > doubt the site had had many more visitors with just my configuration in > that time. > > As it happens I now see that this point is addressed in the rather > well hidden FAQ. The upshot is that their dataset apparently may > be skewed by retesting, which IMO makes a bit of a nonsense of it. Maybe they should plant a cookie so they know that you've been there before? Phil Taylor
From: chris on 3 Feb 2010 10:05 On 03/02/10 09:19, Woody wrote: > chris<ithinkiam(a)gmail.com> wrote: > >> On 02/02/10 15:45, Pd wrote: >>> James Taylor<usenet(a)oakseed.demon.co.uk.invalid> wrote: >>> I'm not sure you've represented that right. I've just done it on Safari, >>> and it says "Your browser fingerprint appears to be unique among the >>> 513,301 tested so far." Which means a website can identify me pretty >>> accurately. It would be interesting to try again from a different >>> internet connection, and see if it says I'm one of two in half a >>> million, so probably the same one who logged in earlier. >> >> That's a good point. What does that value actually mean? Is a large >> number good or bad? Does it mean I am similar to the 500,000 or different. >> >> 'Uniqueness' is such a horrible word. > > It means that in all the browsers they have tested so far you can be > individualy identified. > > The larger the number the worse it is (but the number only goes to > 500,000, as that is how many records there are). If you were (say) 1 in > 3, that means you would be virtually impossible to say who you were, > unless there were only 2 other people. Got it. My browser settings are very unique, therefore I'm highly identifiable. OK. So, adding NoScript and User-Agent Switcher (set to IE6 WinXP) to Firefox I now get a value of 273,737. I wonder what's the lowest possible? Or put another way what's the most generic browser settings out there?
From: chris on 3 Feb 2010 10:13 On 03/02/10 11:18, Woody wrote: > Sn!pe<snipe(a)spambin.fsnet.co.uk> wrote: > >> Woody<usenet(a)alienrat.co.uk> wrote: >> >>> Uniqueness itself is not a major problem, it is identifiable uniqueness >>> that is the problem. It would be quite a good idea to make an >>> applescript or something that just changed your browser ID string >>> slightly and then fired up the browser everytime you wanted it. you >>> would still be unique, but you would be a different unique every time. >> >> I think the evaluation prog is b0rked, I've just been testing with >> Google Chrome on Mac OS X. For me, repeated re-evaluations result >> in steadily (FSVO steadily) decreasing entropy per their calculations. >> I suspect that, in this case at least, Panopticlick is treating each >> visit as being from a different browser installation, increasing the >> number of similar ones it mistakenly sees. This of course means that >> the displayed results are less alarming than they should be. E&OE. > > I would imagine that your enropy should be increasing if you are unique > and reducing if you are not. > when you retest, other people have looked in the mean time and more > people have added to the database, so the sample size is bigger. I do think there's something up with it. They mention they use a cookie (back on-thread!) with a 3-month time limit to avoid multiple counting, but deleting the cookie doesn't seem to change my 1 in 500,000 value despite the breakdown values changing significantly... Maybe it's IP locked too? The lowest I've got for the User Agent (the most identifying feature) is 971.28
From: Woody on 3 Feb 2010 10:15
chris <ithinkiam(a)gmail.com> wrote: > On 03/02/10 09:19, Woody wrote: > > It means that in all the browsers they have tested so far you can be > > individualy identified. > > > > The larger the number the worse it is (but the number only goes to > > 500,000, as that is how many records there are). If you were (say) 1 in > > 3, that means you would be virtually impossible to say who you were, > > unless there were only 2 other people. > > Got it. My browser settings are very unique, therefore I'm highly > identifiable. > > OK. So, adding NoScript and User-Agent Switcher (set to IE6 WinXP) to > Firefox I now get a value of 273,737. I wonder what's the lowest > possible? Or put another way what's the most generic browser settings > out there? I got 1 in 3745 on the iPhone. which isn't suprising as all the iPhones will be the same. I am guessing the iPad when it comes out will be even more the same as every other. -- Woody |