It appears that it's easy to uniquely identify a user through all the infos returned by their browser:
Are there ways to "anonymify" a browser like Chrome or Firefox so that only the most basic infos are sent to the server?
What about web proxies like Squid, Privoxy, Proxomitron, etc.? Are they able to strip most of the infos?
Thank you.
The kind of information used by Panopticlick isn't the sort of thing that proxies can obscure (only the User Agent string and HTTP_ACCEPT Headers can be influenced by them).
If you're looking for a basic non-unique browser (but don't mind your IP being visible), a basic all-defaults install of Windows plus browser on a VM works reasonably well.
If you need "strong" anonymity, i.e. want to hide even your IP, look into the Tor Project ( http://www.torproject.org/ ).
If you want to browse anonymously, you must also refrain from using most browser plug-ins and most scripting. Proxies, VPNs, and Tor can help but will not be able to protect your anonymity if you do not also follow several other precautions. Consider using the Tor browser bundle for starters.
The Tor Project has some helpful recommendations on browsing habits that you will need to change in order to truly have any chance at remaining anonymous.
Also keep in mind that blending in with the crowd will work to your advantage. If, for example, you configure NoScript to disable JavaScript but then allow JavaScript on specific websites, you will, in fact, be less anonymous (although I've linked to a specific question, be sure to read that entire FAQ).
Although there are many sources of information available to a website from which your browser can be identified, the ones listed on the panopticlick experiment provide a good starting point for reducing the size of your browser's fingerprint. Focus on the characterstics that contain the most bits of identifying information.
Many of those characteristics rely on the execution of javascript code, which you can easily disable in most browsers, although that would severely impact your browsing experience. A more subtle approach would be to selectively allow javascript on websites you trust, for instance by using the Firefox plugin NoScript. Alternatively, since these scripts are executed locally, you can allow them to run and merely prevent the results from being sent back to the server by disabling AJAX. Details on how to accomplish this can be found here.
Another large source of entropy could be the user agent. Not using an exotic browser version or operating system would help, but may be inconvenient. You can also set the user agent manually, from the browser settings or through plugins, to gibberish, although you may be uniquely identified by that, or to a more common string. Shortly after the paniopticlick website was launched, the most frequent user agent in the project's dataset was 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7', but that information is both skewed and outdated. Ideally, you'd have to find more recent data elsewhere.
The HTTP_ACCEPT headers are far less customisable, but you may be able to reduce the entropy a little bit by keeping the number of preferred languages to a minimum or by switching away from an uncommon language. These settings are usually accessible from within the browser. Many websites are only available in one language and will ignore these settings anyway.
Note that these measures don't prevent tracking altogether; they merely reduce the size of your browser's fingerprint. IP addresses, cookies etc. can still be used as identifying information.
