EFF launches Panopticlick 2 with new tracking and fingerprinting tests

Panopticlick 2.0 is a new version of the tracking and fingerprinting tool that ships with new tests and capabilities.

Whenever you connect to an Internet site, you reveal information to that site. Depending on how well your browser is configured, you may reveal little information or a lot of them.

For instance, if you don't take precautions at all, a site has access to your computer's IP address, your browser name and version, the screen size, operating system, and the site you came from among other things.

These information alone can be extended through tools and services, for instance to look up the IP address to find out where you are connecting from.

Other technologies are commonly used to increase what sites know about you. They may use some form of local data storage to track you across browsing sessions, or use advanced fingerprinting options like Canvas Fingerprinting in addition to that.

Panopticlick 2

We reviewed the first version of Panopticlick back in 2010, and found it to be an interesting, but somewhat limited, privacy tool. It helped raise awareness for what browsers reveal about your computer and you though and that is a good thing.

The new version of Panopticlick adds additional tests to the online tool that improve its value. The following tests have been added to the new version:

1. Canvas Fingerprinting test.
2. Touch-capability test.
3. Whether you are protected from tracking by ads or by invisible beacons.
4. Do Not Track Compliance.

The test works in most cases, but may fail if security software or browser add-ons are installed that block certain technologies from working on the site. If you run NoScript for instance, you won't be able to complete the test unless you whitelist the main site, and even then, you are protected from some of the tests.

The new results page displays an overview at the top. It highlights the following information:

1. If the browser blocks tracking ads.
2. If the browser blocks invisible trackers.
3. Whether the browser unblocks third-parties that promise to honor Do Not Track.
4. If the browser protects against fingerprinting.

You may open detailed results to get results for each of the tests conducted by the service.Here is a quick overview of all tests run by it:

• Supercookie test
• Canvas Fingerprinting test.
• Screen Size and Color Depth.
• Browser Plugin details.
• Time Zone.
• Do Not Track Header enabled.
• HTTP Accept Headers.
• WebGL Fingerprinting.
• Language
• System Fonts.
• Platform.
• User Agent.
• Touch Support
• Cookies.

Most tests return without value if you have disabled JavaScript. In fact, the only tests that return information are Do Not Track, HTTP Accept Headers, User Agent and whether cookies are enabled. All other tests fail without JavaScript.

The addition of new tests make sense, but there are still tests missing. Panopticlick does not test for WebRTC leaks for instance.

Panopticlick 2.0 may suggest tools depending on the scan results. According to the EFF, it may suggest tools such as Privacy Badger, Adblock or Disconnect depending on platform and test results.

Now You: How does your browser test?