Those with no technical knowledge generally believe that they are anonymous when simply browsing the Web. Those who know more might recognize that IP addresses can be used to do some rough targeting, while browser cookies can be used to track someone across sessions and across IP addresses. But what if your browser itself—even with cookies off and IP addresses out of the picture—was leaving a digital fingerprint at every site you visit?

That possibility lies behind a new experiment from the Electronic Frontier Foundation, something called "Panopticlick." (Insert your favorite Bentham/Foucault joke here.)

Panopticlick measures the unique characteristics of your particular browsing setup, logs them, and then tells you just how unique that signature is. The project has just started, but it has already racked up over 40,000 results.

So far, my own browser fingerprint is totally unique. Even if I surf with cookies disabled, and even if I move locations to change my IP address, crafty advertising networks can still theoretically know exactly who I am.

Browsers provide all sorts of details to websites that request them. There's the well-known "user agent string" that specifies the browser and computing platform being used, of course, but my own user agent string was not particularly unique. Much more incriminating were the details of my particular browser plugins (only 1 in 20,830 browsers have an identical plugin load) and the list of my system fonts (1 in 13,886).

Websites can also access data on time zone, screen size, color depth, and more. Together, the data can be surprisingly unique.

According to the EFF, "Adding your information to our database will help EFF evaluate the capabilities of Internet tracking and advertising companies, who are already using techniques of this sort to record people's online activities. They develop these methods in secret, and don't always tell the world what they've found. But this experiment will give us more insight into the privacy risk posed by browser fingerprinting, and help web users to protect themselves."