Home | View fingerprints | Statistics | Blog (RSS)

What we will do with this data: ethical use and details of retention.

The fingerprint data collected will be mined for information such as: what browsers are most common, how many browsers are using Tor and what version, and what the most effective fingerprinting techniques are.

We do this as part of ongoing research in the area of browser fingerprinting, as well as to provide statistics (such as those on the statistics page) to clients of the website. A paper(s) may be published in the future that discusses fingerprints collected by this website but such research will not provide user identification, information that could be used to deanonymise Tor clients or tracking data that could be employed to track users based on data collected here.

Data may be shared with other researchers upon their request but under the same conditions as for publication. Additionally it's possible some fingerprint data (such as user-agent string) may be used in fingerprint spoofing software in the future. If cookies are enabled we associate all the fingerprints for a user with those shared by the same cookie; the purpose of this is to prevent resubmission of a fingerprint from being counted and to provide the ability to look at and compare previous fingerprints easily. You may disable cookies if you do not wish this to occur. Fingerprints collected are publicly available on the website, but to view a fingerprint you need to know the designated UUID, which is extremely hard to guess but it is still feasible that anonymised data, as previously indicated, could be read from this site. However, if you don't share your fingerprint it is unlikely to be viewed by anybody except you through the website, although researchers can and will be accessing the fingerprint data as listed above.

Currently the database has not been shared with anybody. We have received no requests from law enforcement for the database or any other data. We will do our best to prevent theft or misuse of collected data, however, such incidents are still possible.

To reiterate: We will not attempt to deanonymise Tor clients nor will we attempt to track users across other websites using data gathered here. That being said as part of the fingerprinting process we embed scripts from other sites that may (or may not, we don't know) include tracking code or collect information used to track you; in particular scripts the scripts we are unsure about are ones to display a Facebook/Twitter/Reddit share button and scripts to display a Google ad.

Thank you for participating in this project. We will place links to any published research here to allow users to confirm that we are following the usage policy.

Information we collect

When a client submits themselves to fingerprinting we collect several pieces of data about them.

Fingerprint data

We collect the results of all the fingerprint tests. This may include:

Cookies

This site makes use of cookies. One cookie is set to expire when the browser closes, this is used only to check whether cookies are enabled. Another cookie set to expire after 30 days, for the main purpose of preventing double counting of fingerprints. Additionally a session cookie may be set when submitting a fingerprint, this is used to keep track of which CAPTCHA you were shown on the CAPTCHA page.

IP addresses

The salted hash of IP addresses is collected for most clients. For clients who are using Tor (and hence whose IP address is hidden) we instead store the entire IP address of the exit-node they used.

Timestamps

The date and time that a fingerprint was taken is stored along with the fingerprint.

Disclaimer

This privacy policy may change at any time, for instance, when a new test is added we will change the policy to reflect collection of results of the new test. We do not collect contact details of clients so it is impossible for us to notify you of changes.