Re: [Bug-gnuzilla] Browser Fingerprints Solution

[Loic J. Duros]

Forwarding this to the list (I was the only one in copy.)

address@hidden writes:

> - User Agent
>
> - HTTP_ACCEPT Headers
>
> - Browser Plugin Details
>
> - Time Zone
>
> - Screen Size and Color Depth
>
> - System Fonts
>
> - Are Cookies Enabled?
>
> - Limited supercookie test
>
> - There appears to be a long list of parameters:
> http://browserspy.dk/
>
> There's another detail that I would like to stress out: consistency.
>
> Say, about a website that requires a user account.
>
> You can't randomly generate parameters every time you login, due to the very
> likely possibility of them keeping a record of them.
>
> Also, the parameters should not be distributed as the same for everyone.
>
> The user should be able to choose and also randomly generate, but also keep
> "profiles" for various sites.
>
> (Including it on the mailing list)
>
>
>
> On 2014-03-28 20:45, address@hidden wrote:
>> Also, would anyone on this list research this issue, write back results
>> to the list with a list of elements to work on to reduce fingerprinting, as
>> well as potential implementations for this (Or code submissions?)
>>
>> Just making sure that everyone knows that we need more contributors,
>> always.
>>
>> Loic
>>
>> address@hidden (Loic J. Duros) writes:
>>
>>> Julian <address@hidden> writes:
>>>
>>>> On 03/27/2014 05:52 PM, address@hidden wrote:
>>>>> I am writing to stress out the need of a solution, integrated with
>>>>> icecat, to use false browser fingerprints and result in opting-out
>>>>> from surveillance.
>>>>
>>>> Nothing wrong with adding anti-fingerprinting to IceCat, but I just
>>>> want to point out that the best way to stop fingerprinting (and
>>>> surveillance in general) is to use the Tor Browser Bundle at its
>>>> default settings. IceCat can never be as good at stopping tracking as
>>>> that, for various reasons.
>>>
>>> Actually, if we are talking about fingerprinting strictly rather than
>>> pure anonimity, I'm not sure how the tor browser fares (I remember the
>>> tor browser draft mentioned fingerprinting at some point.) Anything that
>>> modifies the behavior of your browser has an effect on
>>> fingerprinting. This includes the measures (addons, fixes) taken to
>>> block third-party requests, disable a global js variable, and the like.
>>> The more the browser is out of the ordinary the more unique its
>>> fingerprint. The best way to get a browser to have a more common
>>> fingerprint is to have it masquerade as a common browser, running in a
>>> common operating system, with the expected behavior of a browser, etc,
>>> ...
>>>
>>> Running stuff that will make your browser more private will make your
>>> fingerprint more unique... So it's just a matter of finding the right
>>> balance (you still don't want to leak private data), or finding a way to
>>> mess with the values/mechanisms used for fingerprinting.
>>>
>>> Anyway, this is just my personal opinion which I haven't verified
>>> recently (more like a year and a half ago.)
>>>
>>> --
>>> http://gnuzilla.gnu.org
>>
>> --
>> http://gnuzilla.gnu.org