Privacy Policy


We take privacy very seriously and would like to inform you about all data that is processed during your website visit or your participation in our study. We will never share your personal data with third parties. If you have any further questions, contact us at cs1-browser-fingerprint@fau.de.

Data that is stored during website visits

Each time you access our website, your browser automatically sends following information to our Web server:

These data are automatically stored in so-called log files of our Web server and only used for technical purposes. Neither a comparison with other data, nor a disclosure to third parties (not even in part) will take place. We only consider to analyze these data if we become aware of unlawful or unauthorized uses of our website (e.g., attacks). The storage period is 12 months (duration of the study).

Cookies

Our website uses cookies to store the language preference of its visitors. Using our website, or participating in our study, with disabled cookies is possible. The lifespan of cookies regarding the language preference is 2 weeks.

Data that is stored during study participation

E-Mail addresses

The email addresses of participants will be deleted from our database as soon as their participation ends. All gathered data during the participation will thus be anonymized. We distinguish between the following two points in time when we delete email addresses:

  1. You visit the unsubscribe link in one of our weekly emails. In this case, your email address will be deleted immediately.
  2. You are still registered when our study ends. We will inform you automatically about the end of our study in a last email and delete your email addresses immediately after sending.

Publication of anonymous browser fingerprints for research purposes

The ultimate goal of our study is to investigate the effectiveness of countermeasures against browser fingerprinting based on real data. We also would like to enable other research groups to do the same. Participants can state explicitly during their registration if they agree with the publishing of their anonymous browser fingerprint data for research purposes (opt-in). If not, their data will only be evaluated for the purpose of this study and only by the members of the study team.

Survey

Participants can take part in a voluntary survey after confirming their email address. The evaluation of this survey will only take place in an anonymous and aggregated form. We will never publish individual records of this data.

Browser Fingerprints

If you have signed up for the study, you will receive emails from us with personalized links to a prepared subpage of our website where your fingerprint will be measured and stored on our server. The gathering of the following data to determine your browser fingerprint happens only on that specific subpage:

HTTP
Accepted header, encoding, language; DoNotTrack preference; user agent; IP address
Browser
User agent, browser name, browser version, browser vendor, oscpu, platform, installed plugins, mime types, ajax, timezone, languages, Silverlight version, Java support, cookie Support, Google Gears support, PDF reader, screen resolution, color depth, device pixel ratio, cookie behavior, DoNotTrack preference, .NET version, online, geolocation support, Active X support, Vibrate API support, Crypto API support, Security Policy support, FM Radio API support, User Media support, Adblocker support
Fonts
List of all installed, or if Flash is not installed, or at least detectable fonts; number of fonts
Flash
is Flash installed; operating system; language; vendor; player type; screen resolution; screen color; DPI; 32 bit support; 64 bit support; touch screen type; CPU architecture; is access to audio and video components forbidden; is communication supported; is encoding of audio streams via microphone supported; are embedded videos supported; is a Input Method Editor (IME) installed; is a MP3 decoder installed; is printing supported; are screen broadcast applications via Flash Media Server supported; is audio streaming supported; is video streaming supported; are native SSL sockets supported, is decoding of video streams (e.g., via web cam) supported; is access on hard drive allowed; max. supported H.264 level
WebRTC
is WebRTC supported; is screen capturing supported; are WebRTC-capable devices enumerable; is WebRTC Audio supported; is WebRTC video supported; local IP address(es); public IPv6 address; public IPv4 address; are bidirectional end-to-end data channels supported; is Stream Control Transport Protocol supported
Storage
are local, session, and global storage as well as Indexed DB, OpenDatabase, and IE Add Behavior supported; Temporary storage (bytes)
Constants
E, Pi, Sqrt(2), Sqrt(0.5), Ln(2), Ln(0.5), Log_2(E), Log_10(E)
Audio
is Audio API supported; is destination property available; sample rate; state of Audio API after init; is MozAudioChannelType available; number of audio channels for up/down mixing; number of max. available audio channels; modes regarding matching of input and output; type of channels; number of inputs; number of outputs
Battery
is Battery API supported; battery level of device; is device charging; time till device is fully charged; time till device is discharged
Graphic
Canvas fingerprint; WebGL fingerprint; is canvas winding supported; WebGL constants

Social media buttons

On the page where you measure your fingerprint, we provide so-called social media buttons to share our website in social networks and messengers if your browser has JavaScript enabled.

We use Shariff, a solution by German computer magazine c't and heise online that provides privacy for visitors that neither want to make use of these buttons, nor their browsing data to be leaked to social networks. There will be no connection and no data exchange with servers of social networks, unless you explicitly click on one of the buttons (except email, it only opens your local email client).

Those who want to make use of these buttons will transmit data (e.g., IP address, referrer URL) to Web servers of the respective social network by clicking on the corresponding buttons (except email). Furthermore, your social media account provider will be able to analyze your browsing behavior and link it with your user ID and also with further data if you decide to use social media buttons (in general).

In the following, you can see every company for which we provide a corresponding social media button as well as a link to their privacy policy and the country your data will be transmitted to: