: Browser privacy improvement implications for websites On https://panopticlick.eff.org/ EFF let you test the number of uniquely identifying bits that the browser gives a website. Among these are HTTP
On panopticlick.eff.org/ EFF let you test the number of uniquely identifying bits that the browser gives a website. Among these are HTTP header fields such as User-Agent, Accept, Accept-Language and later perhaps ETAG and If-Modified-Since. Also there is a lot of Information that javascript can get from the browser such as time-zone, screen resolution, complete list of fonts and plugins available.
My first impression is, is all this information really used/required on a majority of all websites?
For example, how many sites does really send different content-types depending on the http accept header, or what fonts are available(I thought css had taken care of this)?
Let's say of these headers/js functionality on day would be gone.
Which ones would;
never be noticed they were gone?
impact user experience?
impact server performance?
immediately reimplemented because the Internet cannot work without it?
Extra credit for differentiating between what can be done, what should be done and what is done in most situations.
More posts by @Megan663
2 Comments
Sorted by latest first Latest Oldest Best
What do you mean by usable? Do you mean which ones have legitimate uses or which ones are usable to those interested in tracking or gaining more information about users? If it's the latter then I believe the idea is that it's by taking all of these data points together that a unique "fingerprint" can be created for each browser.
If you're asking about which features have legitimate uses, then I'd say almost all of them. The HTTP accepted/preferred content-type headers are useful for a variety of applications which can't be substituted for using CSS. Namely it provides a standard method for content negotiation. (Different user-agents prefer/support different content types or languages.)
Things like browser plugin availability, screen resolution, and local data storage have obvious uses. Without these features a lot of the web apps you use wouldn't function or wouldn't be as useful as they are.
What fonts are available is gotten through Flash, and that's about the only feature that has a very limited use for general web apps. However, even that has its uses. For instance, it has enabled some very useful font-related flash apps to be developed (e.g. font identification/suggestion tools).
I can't really answer the question of what information would be missed, though I will say from an analytics standpoint we do tend to care about the browser and OS our users are visiting with (to determine what HTML features we can get away with using).
Philosophically I can give you my view on the sitiation--
What CAN be done falls in to two categories:
* Maliciously we can identify a user with some degree of certainty based on their browser signature, as Panopticlick demonstrates.
* Benignly we can tailor a site's experience based on the information provided ("leaked") by the browser.
What SHOULD be done? Probably the benign thing above, offering customized site experiences based on the technology available to the user.
What IS done? Typically site designers just throw a single site experience out there, which requires some set of plugins. If you don't have those plugins you get the "broken/missing plugin" box and/or a prompt from your browser/OS to install the appropriate plugin. Lousy user experience, but easier for the designers :)
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.