Your Data, Your Control: Join Our Experiment to Audit Server-Side Fingerprinting
Be one of the people who participated in our research ! We're investigating the power of Meta (ex. Facebook) and Google advertising tools. Help us hold these companies accountable and shape the future of advertising!
Device fingerprinting or browser fingerprinting is the systematic collection of information about a remote device, for identification purposes. Client-side scripting languages allow the development of procedures to collect very rich fingerprints: browser and operating system type and version, screen resolution, architecture type, lists of fonts, plugins, microphone, camera, etc.
On this website, we collect:the User agent header the Accept header the Connection header the Encoding header the Language header the Upgrade Insecure Requests header the Referer header the Cache-Control header the BuildId of the browser the list of plugins the platform the cookies preferences (allowed or not) the Do Not Track preferences (yes, no or not communicated) the timezone the screen resolution and its color depth the use of local storage the use of session storage a picture rendered with the HTML Canvas element a picture rendered with WebGL Supported Audio formats Supported Video formats the presence of AdBlock the list of fonts
Browser fingerprints are also called cookieless monsters because it is not necessary to install any form of cookie to collect a fingerprint. This means that the act of fingerprinting a specific browser is stateless and transparent for the user. Any third-party interested in fingerprinting can exploit a set of different techniques to get a rich fingerprint:
On this site, we use:
Like all tracking technology, it is a double-edge sword.
Fingerprints can be used in a constructive way to combat fraud or credential hijacking, by checking that a user who logs into a specific site is likely the legitimate user.
Fingerprints can also be used in more questionable way, in order to track users across web sites and collect information about their habits and their tastes without the users knowing about it.
Fingerprints can even be used in a destructive way: if attackers know which software modules (specific browser version, plugins, etc.) are installed on a specific device, they can deliver exploits that are tailored for these specific modules or combination of modules.
AmIUnique shares some goals with panopticlick, but it provides a number of novelties:
AmIUnique implements the most recent techniques for fingerprinting, including webGL and canvas
There exist other sites that collect and / or inform users about the amount of information that can be collected through their website:
AmIUnique is different from these sites, with respect to the following points. It implements state of the art fingerprinting techniques. In particular, this is the first web site that collects information through WebGL. It provides different levels of information to the user. Beyond the complete fingerprint, AmIUnique is the only site that provides a synthetic view, which gives few, easy to understand statistics about the degree of unicity of a device among the sample we have observed so far. We also centralize a number of different pointers about fingerprinting, which go from general pages that introduce the technique, to technical papers in the research literature and press articles that cover the topic.