Panopticlick: How Secure Is Your Browser?

by Paul Arnote (parnote)

During these times, heightened security of one's personal data has remained at or near the forefront of many users' concerns. Whether it's concern over government collection of that personal data, or collection of personal data by even more nefarious entities, keeping your personal data secure is a huge issue. Even the tracking employed by various websites can reveal a lot about your interests, purchases and activities.

But, how secure is that one tool you probably use the most in your online interactions: your web browser? You might be surprised by what you find out. Thanks to a research project by the Electronic Frontier Foundation (EFF), you can easily determine just how secure your web browser is from tracking. Who better to lead the fight for our privacy than the very organization that is (and has been) at the forefront of the fight for our privacy. That research project is called Panopticlick.

The purpose of Panopticlick can best be summed up with this statement from the EFF:

Panopticlick is a research project designed to better uncover the tools and techniques of online trackers and test the efficacy of privacy add-ons.

Panopticlick isn't exactly new. The EFF started Panopticlick in 2010 to investigate how unique each browser is. It gathers anonymous information about the configuration and version number from your operating system, your browser, and your plugins. It then compares your configuration against their database of other users configurations, creating a "uniqueness" score. That uniqueness score reveals how identifiable you might (or might not) be while browsing the web. In 2015, the EFF added tracker blocking testing. This most recent addition gauges how effective those tracker blocking add ons, such as AdBlock Plus, Ghostery and others, are in helping to protect you from overly intrusive data collection.

Upon your visit to the Panopticlick website, simply click on the "TEST ME" button in the middle of your browser window. Never fear, as only anonymous data is collected (and since it's the EFF, I trust them when they say that only anonymous data is collected ... their hard fought and earned good reputation is at stake). It will then analyze how well your browser and add ons work to protect you from online tracking techniques and the gathering of private, personal data.

After churning through a few test screens, Panopticlick will display a summary of its results. Since I primarily use Firefox, the results displayed here are from that particular web browser. With it, I also use the AdBlock Plus add on. In the past, I've also used the Privacy Badger (from the EFF) and Ghostery add ons, plus a few other privacy add ons, but have since disabled them because I've found them to bog my computer down too much, or they blocked out too much content that I was interested in accessing. As much as I want to block the gathering of my web browsing habits and data, it's also important to balance it against the web browsing experience. When the tools make your web browsing experience suffer, those tools become a hinderance and stand in your way of getting things done and having an enjoyable experience.

Clicking on the "Show full results for fingerprinting" link below the chart will reveal just how much information is revealed when you visit a website. You will most likely be as surprised as I was. I won't show my detailed results here for two reasons. First, it's just too long. Second, your results will be different since you will most likely have other fonts installed (yes, fonts play a role in fingerprinting) and you will most likely have different browser add ons installed.

Why Panopticlick?

When you visit a website, a tremendous amount of data about your computer's configuration is available and is shared. This information (OS, browser, versions of both, installed fonts, installed add ons, etc.) can create a unique "fingerprint," which can then be used to identify you and your computer.

A LOT of excitement was generated a few years back when the major web browsers implemented Do Not Track. This, if implemented properly, should give users relief from being tracked across the web. However, this has not been the case, since honoring Do Not Track requests is purely voluntary. As a result, the list of websites that honor Do Not Track is rather short. Don't be disappointed to not find your favorite website on the list. It most likely isn't complying.

When it was first introduced, there was hope that it would give web users the same level of protection that the popular Do Not Call list is supposed to give to U.S. telephone consumers. However, despite repeated promises from the internet advertising companies, there has been no progress on the matter. In fact, progress has been virtually nonexistent, since standardization of Do Not Track has become deadlocked in the World Wide Web Consortium, despite repeated pleas from American and European policy makers to make it happen.

Then you have websites that could care less about tracking the visitors to its website, like The PCLinuxOS Magazine website. If only things could be that simple.

In November 2015, the United States Federal Communications Commission (FCC) refused to make honoring Do Not Track requests compulsory. The agency was petitioned to require some of the web's largest firms -- Google, Facebook, Netflix, Pandora, YouTube, and LinkedIn were given as examples -- to honor user requests to not be tracked.

Not All Browsers Created Equal

Like many users, I have several web browsers installed on my computer. So, to satisfy my curiosity, I loaded up the Panopticlick website in each of them to see how they performed. The results may surprise you.

Firefox, Chrome and Slimjet all performed the same, giving the same results as those displayed above. They all protected against tracking ads and blocking invisible trackers, but failed to unblock third parties that promised to honor Do Not Track, and failed to protect against fingerprinting.

Midori and Opera only protected against tracking ads. They allowed invisible trackers, failed to unblock third parties that promised to honor Do Not Track, and failed to protect against fingerprinting.

Probably the best protection you can currently get to protect yourself against fingerprinting is to use the Tor browser. Its features go a lot farther in providing the protection against fingerprinting. The trade off is that browsing with the Tor browser is significantly slower than using just about any other browser.

Summary

You have to applaud the EFF's efforts with their Panopticlick research project. It is hopeful that, as a result of their data collection, users can be provided with information about how to best protect themselves from tracking, and subsequently protect their data.

Without compulsory rules (technical and/or legal) about honoring Do Not Track, it's doubtful that it will ever fulfill its promise to internet consumers and users. In fact, without those technical and/or legal rules, Do Not Track is pretty much useless, ineffective and dead in the water. Until then, about the only hope internet users have are organizations -- like the EFF -- compiling a database of browsers and their add ons that provide the highest level of protection. So, your participation (by submitting data to the research project) helps the EFF provide the information that other users will rely on to help protect their privacy and browsing habits.