70
edits
Security/Anonymous Browsing: Difference between revisions
Jump to navigation
Jump to search
→User Agent
| Line 100: | Line 100: | ||
==User Agent== | ==User Agent== | ||
User agent can be handled two different ways. One way would be to simply reduce the amount of entropy provided by the standard user agent headers. There is a [https://bugzilla.mozilla.org/show_bug.cgi?id=http-fingerprint bug for this], but some high-entropy items may end up being too useful to drop, such as the operating system and Accept-Language. | User agent can be handled two different ways. One way would be to simply reduce the amount of entropy provided by the standard user agent headers. There is a [https://bugzilla.mozilla.org/show_bug.cgi?id=http-fingerprint bug for this], but some high-entropy items may end up being too useful to drop, such as the operating system and Accept-Language. Further, dropping items from the UA string while only in Anonymous Browsing Mode would reveal the fact that the user is using the mode. | ||
The other way to handle this would be to | The other way to handle this would be to simply pick a user agent string that is determined to be one of the more common Firefox user agent strings currently in use. This is the approach taken by Torbutton. | ||
It should be noted that the Firefox minor revision and other properties can still be determined by inspecting Components.interfaces, so [https://bugzilla.mozilla.org/show_bug.cgi?id=429070 Bug 429070] would need to be fixed for these protections to have any real value. | |||
==HTTP Headers/Activity== | ==HTTP Headers/Activity== | ||