Panopticlick: You Are A Beautiful And Unique Snowflake

We all like to think we’re unique, but when it comes to remaining anonymous online that’s probably not such a good idea. By now, it’s common knowledge that advertising firms, three-letter agencies, and who-knows-who-else want to know what websites you’re visiting and how often. Persistent tracking cookies, third-party cookies, and “like” buttons keep tabs on you at all times.

For whatever reason, you might want to browse anonymously and try to plug some of the obvious sources of identity leakage. The EFF and their Panopticlick project have bad news for you.

The idea behind Panopticlick is simple: to try to figure out how identifiable you are even if you’re not accepting cookies, or if you’ve disabled Flash, or if you’re using “secure” browsers. To create a fingerprint of your browser, Panopticlick takes all the other little bits of identifying information that your browser gives up, and tries to piece them together.

For a full treatment of the project, see this paper (PDF). The takeaway from the project is that the information your browser gives up to servers can, without any cookies, specifically identify you.

fooFor instance, a server can query which plugins your browser supports, and if you’ve installed anything a tiny bit out of the ordinary, you’re fingerprinted. Your browser’s User Agent strings are often over-specific and tell which browser sub-sub-sub version you’re running on which OS platform. If you’re running Flash, it can report back which fonts you’ve got installed on your system. Any of these can be easily as rare as one-in-a-million. Combining them together (unless they’re all highly correlated) can fingerprint you uniquely.

You can’t necessarily win. If you disable Flash, the remote site doesn’t get your font list, but since only one in five browsers runs with Flash disabled, you’re still giving up two bits of information. If you run a “privacy-enhancing” niche browser, your chances of leaving a unique fingerprint go through the roof unless you’re also forging the User Agent strings.

I ran the Panopticlick experiment twice, once with a Firefox browser and once with an obscure browser that I actually use most of the time (dwb). Firefox runs a Flash blocker standard, so they didn’t get my font list. But still, the combination of browser plugins and a relatively new Firefox on Linux alone made me unique.

It was even worse for the obscure browser test. Only one in 1.4 million hits use dwb, so that alone was bad news. I also use a 4:3 aspect-ratio monitor, with 1280×1024 pixels at 24-bit color depth, which is apparently a one-in-twenty-four occurrence. Who knew?

fooFinally, I tried out the Tor browser, which not only routes your traffic through the Tor network, but also removes a lot of the specific data about your session. It fared much better, making me not uniquely identifiable: instead only one in a thousand. (Apparently a lot of people trying out the Panopticlick site ran Tor browser.)

If you’re interested in online anonymity, using something like Tor to obscure your IP address and disabling cookies is a good start. But Panopticlick points out that it may not be enough. You can never use too many layers of tinfoil when making your hat.

Try it out, and let us know in the comments how you fare.

3D printed Christmas cookies


Here is yet another way to get into the holiday spirit at your local Hackerspace (or at home if you’re happen to have your own 3D printer). [Ralph Holleis] wrote in to show off his 3D printed Christmas cookies. The majority of the info on this project comes from the video embedded after the break. The extruder head he’s using includes a syringe which is filled with what we assume is Spritz Cookie dough. It is squeezed out in a pattern before heading to the oven for baking.

[Ralph] mentioned that he’s using UNFOLD Pastruder as the print head. We looked and couldn’t find that exact design, but it seems like it might be related to this Claystruder head designed by a user named [Unfold]. If you have the exact link to the extruder design seen above please let us know in the comments section.

If you don’t already have this type of head it’s just a matter of printing the mounting brackets and buying a syringe to match. But you’ll also need compressed air and a valve to regulate the flow of dough. It might be easier just to print your own cookie cutters. This is a great project for people who don’t have access to a laser cutter for gingerbread house work.

Continue reading “3D printed Christmas cookies”

Potentially explosive spritz cookies

Do you recognize the shapes of these spritz cookies? Theoretical physicists and nuclear engineers might. They are representative of a hydrogen atom in several different states. Oh, and they’re delicious. [Windell] over at Evil Mad Scientist Labs cut his own spritz cookie discs in order to bake the hydrogen look-a-likes.

To bring you up to speed: spritz cookies are not rolled out and cut with a cookie cutter – although you could print your own cutters in these shapes if you wanted to. Instead, a cookie press is used to squeeze out dough onto a baking sheet. The press looks like a very wide syringe. The dry dough is packed into a cylinder, and a ratcheting ram presses it toward the business end. A disc with wisely placed slits lets the dough squeeze out into the final shape.

We made some shamrocks for St. Patrick’s Day, but now we’re wondering if we can make our own Hackaday logo cookies. [Windell] grabbed some melamine dinner plates to use as raw material for his custom discs (remember to use food safe material). He then designed the cutouts in Inkscape and headed over to the laser cutter to fabricate the disc. We don’t have a laser cutter but we’d bet you can do a similar, but slower, job with a drill and a lot of filing/sanding.

[via Dangerous Prototypes]