The goal of this project is to measure and study how uniquely identifiable web browsers are. All of the data for the project will be collected in an anonymized form which ensures that it is not Personally Identifiable Information, nor otherwise likely to lead to the identification or tracking of any web users..
In this policy, "EFF" and "we" refer to EFF staff, board members, cooperating attorneys, interns, volunteers, and consultants, all of whom are bound by law or contract to keep information they receive as part of their assistance to EFF confidential.
Information Gathered by EFF's Panopticlick Website
In general, Panopticlick collects anonymous data about the configuration of computers, operating systems, browsers and plugins. If you click the "test me" button, this type of information will be collected from your browser. Although these kinds of data may form a `fingerprint' that could in principle be combined with information about page requests and identifying details in order to track people's browsing habits, EFF will never do so.
The specific `fingerprint' information we collect is:
- The user agent string from each browser
- The HTTP ACCEPT headers sent by the browser
- Screen resolution and color depth
- The Timezone your system is set to
- The browser extensions/plugins, like Quicktime, Flash, Java or Acrobat, that are installed in the browser, and the versions of those plugins
- The fonts installed on the computer, as reported by Flash or Java.
- Yes/no information saying whether the browser accepts various kinds of cookies and "super cookies"
In addition, we collect several kinds of `housekeeping' information to assist us in analyzing the fingerprint data. The housekeeping information is:
- Encrypted IP addresses
CookiesPanopticlick sets a cookie that persists for 3 months for the sole purpose of determining how often browser characteristics change, and how often they stay the same, when a browser returns over time. If your browser is configured to accept cookies, and you return to Panopticlick several times, the cookie will be used to link the data from your visits together. To learn how to limit, manage or block any website from using cookies to track your browsing, read more here.
IP addressesPanopticlick does not log IP addresses, but we do compute cryptographic "keyed hashes" or HMACs of each IP address, using a key which we periodically discard. This hashed IP will allow us to collect an anonymous dataset about how often browsers that change IP address could have been followed using a fingerprint.
TimestampsPanopticlick collects a "fuzzy" timestamp, rounded to the nearest hour, each time it is visited. This will be used to measure how fast browser fingerprints change, but for no other purpose.
EFF's Use of Information from Panopticlick
In general, EFF uses the information provided by you to further its mission, protect privacy, defend freedom, and protect your rights in the digital world.
We may look at technical information to diagnose problems with our server and to administer the Panopticlick website.
Panopticlick has no Third-Party Service Providers.
Sharing of Panopticlick dataEFF may publish or share aggregated, statistical data from the Panopticlick project in order to facilitate privacy research, educate people about privacy problems, and to aid in the development of privacy-enhancing technologies. We have gone to great lengths to ensure that Panopticlick does not produce any records about anyone's browsing habits or the identities of any individual visitors, so we will never be in a position where we could share any such records.
EFF employs industry standard security measures to protect the loss, misuse, and alteration of the information under our control.
Although we make good faith efforts to store information collected by EFF in a secure operating environment, we cannot guarantee complete security. Information collected by EFF will be maintained for a length of time appropriate to our needs.