Browser Extension and Login-Leak Experiment

Privacy Policy

This privacy policy was inspired by the EFF Panopticlick privacy policy.

Information Collected by our Website

We collect anonymous data about the configuration of computers, operating systems, browsers and their plugins, extensions, as well as websites the user is currently logged in. If you click the "I agree, test my browser" button, this type of information will be collected from your browser. Furthermore, we generate a random large number to identify your experiments (experiment ID), and we store it in the local storage (localStorage) of the browser – this identifier is also stored with the data we collect.

The specific information we collect includes:

  • Experiment ID
  • The user agent string from your browser
  • Screen resolution and available screen size
  • The timezone your system is set to
  • The browser plugins, like Quicktime, Flash, Java or Acrobat, that are installed in the browser, and the versions of those plugins
  • The fonts installed on the computer, as reported by JavaScript
  • The image generated by canvas fingerprinting
  • The image generated by WebGL fingerprinting
  • Your system language (e.g. en-US)
  • The list of extensions enabled in your browser (such as AdBlock, Pinterest, or Ghostery)
  • The list of websites where you are logged in (sites as Facebook, Airbnb or Dropbox, limited to these websites)

Housekeeping information

We collect several kinds of 'housekeeping' information to assist us in analyzing the collected data, such as cookies, hashed IP addresses, browser fingerprint (generated by fingerprintjs2), timestamps.

Our site sets a unique identifier in the localStorage for the sole purpose of determining how often browser characteristics change, and how often they stay the same, when a user performs several experiments over time. If your browser is configured to accept such identifiers, and you return to our website to perform experiments several times, this identifier will be used to link the data from your visits together.

You can delete your previous identifier with this button below:

  Make my data anonymous

Anonymization is now done! ×

We have erased your identifier. Your browser will be assigned a new one when you run the test again.

We do not log IP addresses, but we do compute HMAC-SHA-256 of each IP address. This hashed IP will allow us to collect an anonymous dataset about how often browsers that change IP address could have been followed using a fingerprint.

We collect a timestamp each time the test is run, and also the regular browser fingerprint calculated by fingerprintjs2. This is mainly based on collected information we mentioned above (consult the library for more information), and we store the browser fingerprint hashed with HMAC-SHA256.

Sharing of data

We only used the collected data for our own research, and don’t share it with anyone.


Inria employs industry standard security measures to protect the loss, misuse, and alteration of the information under our control.

Although we make good faith efforts to store information collected by Inria in a secure operating environment, we cannot guarantee complete security. Information collected by Inria will be maintained until our project ends (at most until December of 2019). At the end of the project, all the data will be deleted.

  Back to the main page

Browser Extension and Login-Leak Experiment – © 2019 all rights reserved – Website designed by Gábor Gulyás