On Mon, Oct 14, 2013, at 11:28 AM, Cathal Garvey wrote:
Sure would be nice if Mozilla had an option for "only announce the standard vanilla web fonts".
That would be great, along with: - "only use mandatory required headers" (e.g. Host, eTags*) - "use custom request headers" (without resorting to Live HTTP Headers for each request) *thinking about this more, eTags could also be used to track users if MITMed.
User-agents are the devil, though, because whatever about other sources of browser entropy, the User Agent is a big honking bonus score every site gets for zero effort. Worse, most efforts to minimise User-Agents can end up maximising them instead, and there don't seem to be any *current* lists of "most common user-agent string" to work from to reduce entropy. I've set mine to a super-generic-looking Windows/Firefox setting, but as other people upgrade their browsers and OSes and as architectures get more diverse, browser UAs are getting more and more diverse, too..
Speaking of User-Agents being evil: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/ Alfie -- Alfie John alfiej@fastmail.fm