The goal of this add-on is to measure and study the diversity of web browsers and establish statistical profiles of browser fingerprints. All of the data for the project will be collected in an anonymized form which ensures that it is not Personally Identifiable Information*, nor otherwise likely to lead to the identification or tracking of any web users.
*Personally identifiable information (PII) is any data that could potentially identify a specific individual.
We are committed to protecting the privacy of visitors to our website. In this policy, "we" refers to the INRIA researchers and students who are bound to keep information they receive confidential.
What happens when I install this extension?
The extension will connect to the AmIUnique website every 4 hours and collect the browser fingerprint of your device. This way, we can study the temporal evolution of your fingerprint by registering any changes directly with the server.
Information Gathered by the amiunique Website
For the needs of our research project (defined here), amiunique collects anonymous data about the configuration of computers, operating systems, browsers and plugins. If you install this add-on, this type of information will be collected from your browser. Although these kinds of data may form a fingerprint that could in principle be combined with information about page requests and identifying details in order to track peoples browsing habits, we will never do so.
The specific fingerprint information we collect is:
- the User agent header: HTTP header sent to the server that contains information regarding your browser and operating system
- the Accept header: HTTP header sent to the server that contains information regarding the type of media that are acceptable for the response
- the Connection header: HTTP header sent to the server that contains specific options that are desired for that particular connection
- the Encoding header: HTTP header sent to the server that lists the compression methods supported by the browser
- the Language header: HTTP header sent to the server that indicates the preferred languages for the response
- a picture rendered with the HTML Canvas element: Rendering of a specific picture with the HTML5 Canvas element following a fixed set of instructions. The picture presents some slight noticeable variations depending on the OS and the browser used.
- a picture rendered with WebGL: Rendering of specific 3D forms following a fixed set of instructions. The picture presents some slight noticeable variations depending on the device of the user.
- the presence of AdBlock: Test to find out if the AdBlock extension is installed
- the list of fonts: Flash attribute that gives the entire list of fonts installed on the operating system (flash.text.Font.enumerateFonts(true))
In addition to these data, we collect several kinds of housekeeping information to assist us in analyzing the fingerprint data. The housekeeping information is:
- Encrypted IP addresses
Our practices and purposes for collecting these housekeeping records are discussed below:
amiunique does not log IP addresses, but we do compute hashes of each IP address. This hashed IP will allow us to collect an anonymous datasetabout how often browsers that change IP address could have been followed using a fingerprint.
amiunique collects a "fuzzy" timestamp, rounded to the nearest hour, each time it is visited. This will be used to measure how fast browser fingerprints change, but for no other purpose.
Our Use of Information from amiunique
We will analyze the collected data in order to establish what are realistic profiles for browser fingerprints. The purpose of this analysis is to set an automatic procedure to proactively diversify user platforms in a realistic manner. amiunique has no Third-Party Service Providers.
Sharing of amiunique data
We may publish or share aggregated, statistical data from the amiunique project in order to facilitate privacy research, educate people about privacy problems, and to aid in the development of privacy-enhancing technologies. We have gone to great lengths to ensure that amiunique does not produce any records about anyones browsing habits or the identities of any individual visitors, so we will never be in a position where we could share any such records.
In a general way, INRIA commits to carry out technical and organizational means to protect all information we gathered against illegal or fortuitous destruction, fortuitous loss, alteration, diffusion or unauthorized access. Nevertheless, INRIA shall be required to divulgate any information to comply with any applicable law or rules, or to respond to any administrative or judiciary order.
Although we make good faith efforts to store information collected in a secure operating environment, we cannot guarantee complete security. Information collected will be maintained for a length of time appropriate to the needs of this research project.