Test Your Online Privacy Protection with EFF’s Panopticlick
San Francisco – The Electronic Frontier Foundation (EFF) launched new online tracker-testing in its Panopticlick tool today, helping you analyze the privacy protections in your Web browser.
When you visit a website, online trackers and the site itself may be able to identify you, and the records of your online activity can then be distributed among a vast network of advertising exchanges, data brokers, and tracking companies. Many people install ad- or tracker-blockers to try to protect themselves, but it can be hard to know how effective they are. Panopticlick will check your browser and your add-ons and assess the privacy protections users have in place. It can also suggest remedies for under-protected browsers.
But even if you have strong tracker blocking installed on your computer, you could still be identified by what’s called a “browser fingerprint. ” That’s the combination of factors such as your operating system, your browser, and plug-ins. Panopticlick also analyzes the uniqueness of your browser to see if you are still at risk from this kind of data-gathering, even if you have privacy-protective software installed.
“Have you ever felt like ads you see online have an uncanny knowledge of your browsing habits? It’s creepy, and a sign you are being tracked, ” said EFF Chief Computer Scientist Peter Eckersley. “When you visit Panopticlick and click on the ‘test me’ button, the site simulates the loading of various tracking technologies. Then you get a report to help you understand what protections you have in place, and what’s missing. Panopticlick is a great way to boost your privacy as you read, shop, and interact with websites throughout your day. ”
Fighting for user privacy on the Web can feel like an uphill battle, with advertisers and marketers changing their tactics and technologies at a lightning pace. Panopticlick will also do double-duty as a research project for EFF, collecting anonymous data for technologists to analyze so they can improve privacy tools like EFF’s Privacy Badger and develop others down the road.
“Online data-gatherers use tactics that are complex, subtle, and ever-evolving, ” said EFF Software Engineer Bill Budington. “Panopticlick is a way for you to help protect yourself, as well as help contribute to our understanding of online tracking more generally. ”
Panopticlick 3.0 | Electronic Frontier Foundation
Today we’re launching a new version of Panopticlick, an EFF site which audits your browser privacy protection. Conceived to raise awareness about the threat of device fingerprinting, Panopticlick was extended in December 2015 to check for protection against tracking by ads and invisible beacons. This new update adds a test for trackers whitelisted by the so-called “Acceptable Ads” initiative. Acceptable Ads is a program involving the popular adblockers Adblock Plus and Adblock, whereby companies can have their ads deemed “acceptable” if they meet certain format criteria. These ads are then unblocked and the owner of Adblock Plus, a fee of 30% of the resulting revenue from the ads for administering the process. This revenue is divided between the participating ad blockers.
By default, Panopticlick will now check browsers for trackers from the Acceptable Ads list by testing against a real tracker. If the browser fails, that tracker will receive some information about the user, but this minimal leakage is necessary to diagnose the problem. If you are uncomfortable with this, it is possible to opt out of the test. If Panopticlick detects inadequate protection, the user is linked to instructions to disable Acceptable Ads and fix their configuration.
What is Acceptable Ads?
Acceptable Ads is a whitelist of “non-intrusive” ads that meet requirements relating to format, size and placement on the page. The process has been operated on a for-profit basis since late 2011 by Eyeo. Large advertising companies like Amazon, Criteo, and Google make significant payments to this program, though the exact amounts are not public. Acceptable Ads serves an important policy purpose by identifying types of ads that are not visually intrusive. However, the payments that Eyeo demands for listings, and the fact that Eyeo has implemented Acceptable Ads in such a way that it silently overrides users’ privacy settings, are huge problems.
The Problem with Ad Blockers as Privacy Tools
Many users install blockers not just to block obtrusive advertising but also for privacy and security reasons. Unlike tracker blockers (like Brave, Disconnect, Privacy Badger, or uBlock Origin), ad blockers offer only limited privacy protection by default. This functionality is easily extended through the addition of filters such as EasyPrivacy, a blacklist of invisible trackers. But since the launch of the Acceptable Ads Initiative in late 2011, the Acceptable Ads whitelist has been turned on by default for Adblock Plus users, as it has been for Adblock users since late 2015. The Acceptable Ads whitelist allows numerous tracking domains. Content blockers like Adblock Plus and Adblock function based on both whitelists and blacklists. When there is a conflict, the whitelist wins. This means that even though EasyPrivacy is intentionally installed and Acceptable Ads is enabled by default, whitelisted domains will not be blocked from tracking the user. With more than 10, 000 domains on the Acceptable Ads whitelist, that’s a lot of tracking.
EasyPrivacy’s protection is only effective if users disable the default Acceptable Ads whitelist, but the blockers offer no warning regarding the incompatibility of the two lists. This is despite the fact that tracker blocking was offered by ABP as an explicit option during installation until recently, and Adblock offers EasyPrivacy in the list of filters available for activation in its user settings. Because the Acceptable Ads whitelist is enabled by default, some EasyPrivacy users are likely unaware that Acceptable Ads is even enabled, never mind undermining their preferences. As a consequence, we believe millions of users have been unwittingly exposed to tracking.
In reality, the co-existence of Acceptable Ads and EasyPrivacy could only be logically consistent were EasyPrivacy to restrict the domains allowed from the Acceptable Ads list to those which are privacy-compliant. A setting just released for Adblock Plus on Firefox offers this option, but its details are still to be verified. 1
Part of the solution is better user interface design and clear information, that clearly outlines the different configuration options to users during installation. Better still, clients could offer a one-click option to enable meaningful privacy protection as part of the installation process, where most users are most likely to choose it. Otherwise, we know that only a minority of users change the default configuration of their software. Regardless of what options are available, the default options are key to how any software will be used in the wild. Manipulating defaults and interface design to influence user actions is a practice referred to as “dark patterns”. An explanation for such behavior is close at hand: every user who opts out of Acceptable Ads represents a loss of income for the companies involved, which are simultaneously ad blockers and brokers of their users’ eyeballs.
Serve the User?
Earlier this year, Eyeo handed over control of the criteria for Acceptable Ads to an independent committee, though Eyeo remains in control of the business. In principle, this committee could serve the important public function of setting standards for visual unobtrusiveness, privacy-friendliness, and other types of good practice for online and mobile ads. 2 It could also be an important forum to encourage advertisers to switch to privacy-positive technologies compliant with the Do Not Track policy. But the manner in which Acceptable Ads has operated reveals a conflict between the interests of the companies participating in the Acceptable Ads program and those of their users. To resolve this, the issues we identify above must be fixed quickly and comprehensively. A good place to start would be to disable Acceptable Ads for all existing users of EasyPrivacy, delivering them the privacy they seek.
Defenders of Acceptable Ads have argued that its rationale is to protect the user experience while allowing publishers to sustain themselves through advertising. This is a vital discussion and one in which EFF is keen to participate. Adblock Plus is free to try to persuade the public of the social value of Acceptable Ads for supporting publishers, but it must do so in the context of clear and non-confusing user interface choices for their users and resist the temptation to overrule clear user decisions. In the meantime, users who want to protect their privacy should either follow our configuration instructions or consider switching to more robust tracker blocking tools.
The top browser fingerprinting checkers to protect your data privacy
Browser fingerprinting is a sneaky practice that allows marketers and data brokers to track you across the internet even if you use a VPN.
Much like a human fingerprint, browser fingerprints are a very specific identifier. If you are concerned about privacy, you need to be aware of how browser fingerprinting works, and what you can do to protectyour data privacy with the top browser fingerprinting checkers.
By wiping away your prints as you browse the web, you’ll flummox the trackers — and keep your data private!
What is browser fingerprinting?
While they aren’t 100% unique like those on your fingers, browser fingerprints are incredibly complex and allow marketers to track your online usage across the web.
Many people use VPNs or other blockers to hide their IP addresses and locations while browsing the web. These are important tools in the data privacy toolbox. Unfortunately, they aren’t able to stop browser fingerprinting, which is the latest strategy online marketers use.
Browser fingerprinting is an accurate method of connecting browsers to consumer demographics, which then allows marketers, companies and data brokers to track your activity across multiple websites and apps and serve you targeted marketing.
These fingerprints are not affected by cookies, which still widely used to track your behavior. But, third-party cookies, which are the primary type of cookies used to collect your browsing data across the internet, are being phased out.
Browser fingerprinting replaces cookies as the primary means of tracking your digital behaviors. Marketers and data brokers can trace these digital fingerprints back to you and are a threat to your digital privacy.
The truth is, it’s not always used nefariously. Some positive uses of browser fingerprinting include banks and dating websites checking for fraud.
The way they work is that websites collect information about your browser type and your operating system. The fingerprint includes other information such as your language preference, IP address, HTTP request header, device plugins you are running, your time zone, flash plugin data, installed fonts, timestamps, Silverlight data and more.
All of these specifics that your computer and browsers operate with create a unique dataset. Data brokers and marketers can build a profile around that data.
One in 286, 777 browsers shares the same fingerprint with other users on the internet, according to a Panopticklick study. Consequently, this allows websites to track users with a high level of certainty.
It isn’t easy for marketers to track users with common applications and settings. One example would be those on a brand new computer with default settings. But, once you start adding fonts, plugins and more, your fingerprint becomes more unique and trackable.
When that happens, here come the ads.
In addition to browser fingerprinting, companies track your behavior by device fingerprinting, which identifies who you are based on your device’s unique fingerprint (more here: what is device fingerprinting).
When used in combination, browser and device fingerprints provide a nearly ironclad way to connect everything you do across all digital channels into a single profile that’s just as good as cookies — if not better, since you can’t delete your fingerprints like you can with cookies!
The top browser fingerprinting checkers
Browser fingerprinting checkers will tell you how “at risk” you are.
These browser fingerprinting checkers will not only tell you how “unique” your score is, but they will give you a glimpse into how much information is being tracked from your devices.
Be warned. It’s a lot of information that the average person provides just within the browser fingerprint!
is a very barebones website that serves one purpose. It provides you with a snapshot of all of the information about your system, and is a snapshot of your browser fingerprint.
Am I Unique
Another top browser fingerprinting checker is the open-source website
The website’s stated purpose is to allow users to learn how identifiable they are on the Internet and to study “the diversity of browser fingerprints and providing developers with data to help them design good defenses. ”
If you wish to check your browser fingerprint, go to the homepage and click “View my browser fingerprint. ” Please note, the website will collect your browser fingerprint and put a cookie on your browser for four months to help with their purpose.
Am I Unique allows users to download their browser fingerprint and also features a browser extension for Chrome that will keep track of your fingerprint over time.
Cover Your Tracks
Cover Your Tracks is a website run by the digital privacy nonprofit Electronic Frontier Foundation. This free service allows users to test their browsers to see how well they are protected from tracking and fingerprinting.
The report, which is available at the click of a button, will provide you with three indicators.
First is whether or not your browser is blocking tracking ads.
Second is whether your browser is blocking invisible trackers.
Third indicates whether you are protecting yourself from fingerprinting.
Hidester, a VPN company, also offers a free browser fingerprint test. Hidester is unique in that it will tell you your browser fingerprint’s ID.
There’s not a ton you can do with this ID code, but it is nonetheless interesting to see.
is a robust website that serves one simple purpose. It highlights privacy violations and makes people aware of how much of their information is being tracked.
The analyzer from the website features a five-step analysis.
The first step is your basic information and will display your IP address (if you aren’t using a VPN).
Second is an autofill test that will show you how websites can take advantage of your browser’s autofill capabilities from past forms you have filled out.
Third is a user account test, which will show you which accounts you are logged into from your browser.
The fourth is a browser capability test, which can be used to create a fingerprint.
Fifth is a fingerprint analysis.
How to prevent browser fingerprinting
As you can see, browser fingerprinting is a sneaky way for companies to track your activities across the internet.
There are a number of defenses against this practice, but none are 100% foolproof.
A few quick tips are to limit the number of extensions and plugins you use. Keep your software updated. Browse in incognito or private mode. Use the Tor browser and lastly, use a VPN.
For more tips, check out our article on what is browser fingerprinting and how to prevent it.
Frequently Asked Questions about eff browser fingerprint test
How do I check my browser fingerprint?
If you wish to check your browser fingerprint, go to the homepage and click “View my browser fingerprint.” Please note, the website will collect your browser fingerprint and put a cookie on your browser for four months to help with their purpose.Apr 26, 2021
What is an eff test?
Learn about objective setting, discover how to design a multi-platform campaign measurement programme, gain knowledge of theories of advertising effectiveness and earn the confidence to write an effectiveness paper to showcase your success. Formerly known as the Eff Test.
Can my browser be fingerprinted?
As browsers become increasingly entwined with the operating system, many unique details and preferences can be exposed through your browser. The sum total of these outputs can be used to render a unique “fingerprint” for tracking and identification purposes. Your browser fingerprint can reflect: the User agent header.