[linux-elitists] Browser fingerprinting
Alfie John
alfiej at fastmail.fm
Sun Oct 13 17:45:02 PDT 2013
On Mon, Oct 14, 2013, at 11:28 AM, Cathal Garvey wrote:
> > Sure would be nice if Mozilla had an option for "only announce the
> > standard vanilla web fonts".
That would be great, along with:
- "only use mandatory required headers" (e.g. Host, eTags*)
- "use custom request headers" (without resorting to Live HTTP Headers
for each request)
*thinking about this more, eTags could also be used to track users if
MITMed.
> User-agents are the devil, though, because whatever about other sources
> of browser entropy, the User Agent is a big honking bonus score every
> site gets for zero effort. Worse, most efforts to minimise User-Agents
> can end up maximising them instead, and there don't seem to be any
> *current* lists of "most common user-agent string" to work from to
> reduce entropy. I've set mine to a super-generic-looking
> Windows/Firefox setting, but as other people upgrade their browsers and
> OSes and as architectures get more diverse, browser UAs are getting
> more and more diverse, too..
Speaking of User-Agents being evil:
http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
Alfie
--
Alfie John
alfiej at fastmail.fm
More information about the cypherpunks
mailing list