I agree, panopticlick is not really good as a measuring point. I am randomizing most of metrics it is using and even if it detects my browser as unique, this will always be true as my data are fake and randomized each time browser tab is opened. Sure you can track me for the time tab is beeing alive, but on next visit, the results are going to be 90% different (including webgl fingerprinting) and there is no way it could correlate me with my previous visit. For it I am always a new visitor, never seen before. I could try to blend in, but why?
Another thing is "not blocking sites that honor DNT". I am sorry but I dont trust anyone based on fact web users were lied just too many times. Once DNT will be tied to hefty fines, I might reconsider, untill than everything will be blocked.
(And it is highly tasteless that eff is offering links to promote panopticlick on worse web tracking facilities of the internet - fb, google+ and twitter.)
For everyone wondering: Firefox extension Chameleon randomly spoofs your user agent. However, I would highly recommend NOT using this extension, or randomizing your user agent whatsoever - it only raises your entropy and makes you easier to track. You should be trying to make your browser look identical to everyone else's, not different.
This can by partially achieved by setting privacy.resistFingerprinting to true in Firefox's about:config. This won't stop Panopticlick from fingerprinting you. If you really want to reduce your fingerprint, try using the ghacks user.js [1]. If you want to make fingerprinting completely impossible, use the TOR browser [2].
Most users don't need to worry about this - uBlock origin blacklists most fingerprinting efforts by default.
You're assuming that trackers account for a changing UA. Are there trackers doing that? I suppose a deliberate or malicious attempt to identify me and isolate my machine could account for a randomly spoofed UA. But if I am trying to hide in plain sight from tracking software, isn't this method of UA spoofing enough to misplace my machine into different tracking categories or throw them off my scent entirely? When I run Panopticlick, UA is usually among the highest number of bits of identifying information, the rest of the identifying settings and preferences are more likely to be shared, which makes a particular device blend in.
It's very hard to fake an OS or pretend to be a separate browser. If you're focusing on disinformation, you should probably be focusing on disinformation that's harder to detect.
Fair point, that probably lowers the odds of recognition a bit, but the UA stands out because of the multiple variables that it reports in one header. At least when I ran Panopticlick a few times with various configurations, that was always the factor which gave up the most bits of identifying info.
Another thing is "not blocking sites that honor DNT". I am sorry but I dont trust anyone based on fact web users were lied just too many times. Once DNT will be tied to hefty fines, I might reconsider, untill than everything will be blocked.
(And it is highly tasteless that eff is offering links to promote panopticlick on worse web tracking facilities of the internet - fb, google+ and twitter.)