How does the EFF Cover Your Tracks test determine browser uniqueness and what signals does it use?
Executive summary
Cover Your Tracks is the Electronic Frontier Foundation’s interactive successor to Panopticlick that evaluates how uniquely a browser appears to trackers by collecting a wide set of browser- and device-level signals and reporting a combined “bits of identifying information” score for uniqueness [1] [2]. The tool both reports which tracking techniques are visible to a site and compares a visitor’s fingerprint against observed populations to indicate how easily that fingerprint could single a user out [3] [4].
1. What the test does: mimic trackers and measure uniqueness
Cover Your Tracks runs a suite of tests designed to “show you how trackers see your browser” by mimicking the kinds of data that commercial trackers collect and then estimating how rare that combination of characteristics is among visitors the EFF has observed; results include a summary of protections in place and a uniqueness estimate expressed in bits derived from combining individual metrics [5] [1] [2]. The project explicitly positions itself as both an educational tool and a measurement platform, building on Panopticlick’s research legacy to demonstrate that seemingly small or stable signals can be stitched together to form a device fingerprint [6] [4].
2. The signals Cover Your Tracks collects and reports
The site surfaces traditional HTTP-level headers (like User-Agent and language), browser settings, and a host of client-side probes such as screen resolution, installed fonts, canvas and WebGL rendering hashes, AudioContext fingerprints, and lists of installed add‑ons or privacy protections — all of which trackers can combine to form a fingerprint [4] [2] [3]. The tool’s “detailed view” and learning pages explain that these metrics include both the obvious elements browsers send to access pages and subtler runtime measurements that reveal hardware and rendering differences that are often more persistent than cookies [6] [4].
3. How uniqueness is calculated and presented
Cover Your Tracks aggregates the individual measurements into a combined metric: the “bits of identifying information” score, which summarizes how many bits of entropy the collection of signals provides — effectively an estimate of how many other browsers would share the same fingerprint in the observed sample [2]. The site also reports per-metric prevalence by comparing observed values against a rolling epoch of visitor data so users can see which characteristics are rare (and therefore more identifying) and which are common (and therefore less useful to trackers) [7] [3].
4. Methodology, sources, and software components
EFF’s materials say the project uses fingerprinting tests developed over years (crediting libraries such as Fingerprint2 and collaborators like Aloodo for parts of the tracker tests) and documents a methodology intended to “mimic trackers” while providing explanatory material so users can learn how each signal is used [2] [6]. The project code and operational details are public on GitHub, and the About/learn pages explicitly encourage users to test different browsers and extensions to see how protections change fingerprint visibility [7] [1].
5. Limitations, caveats, and opposing perspectives
The EFF warns that protections themselves can become identifying: a unique combination of privacy add‑ons or randomized signals may create a “mystery user” fingerprint that stands out rather than blending in [4]. Independent writeups and vendors note that Cover Your Tracks is a public testing domain whose visits can be observed and correlated by sites, and defensive actors may treat traffic to fingerprint-testing domains as reconnaissance — an operational angle raised by commercial anti-fraud vendors suggesting detection heuristics for such testing workflows [8]. The EFF’s tool is educational and comparative; it reports what it measures but cannot prove how any particular commercial tracker will use those signals in a real campaign, and its uniqueness estimates depend on the EFF’s observed population and methodology [1] [3].
6. Practical takeaway and hidden incentives
Cover Your Tracks is authoritative as an open, research-driven demonstration of how many ordinary browser signals combine into a fingerprint and why some privacy measures work better than others; its public design and GitHub presence support reproducibility and user testing [6] [7]. Readers should also be aware that commercial anti-fraud vendors view public fingerprinting tools as potential reconnaissance and may react to visits accordingly, which highlights a tension between transparency for privacy researchers and signals that defensive systems treat as suspicious [8]. The EFF frames the tool as empowering users to balance privacy and convenience and to evaluate mitigation strategies such as tracker blockers or privacy-focused browsers [4] [9].