[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: Browser Fingerprinting

Boruch Baum <boruch_baum@xxxxxxx> writes:

> On 2020-04-17 10:15, Tomas Nordin wrote:
>> The fields tested as browser characteristtics were
>> ...
> Thanks. Good to know.
>> The most identifying characteristics is User Agent followed by
>> HTTP_ACCEPT Headers.
> Of course emacs-w3m and w3m have no choice but to send them, but ...
>> Browsing the web with a text based browser is not a common thing to do,
>> so from a browser fingerprinting point of view I guess the uniqeness is
>> to be expected.
> Right. That's why I suggested in my original e-mail...
>    "What might be more useful is to set variable w3m-add-user-agent to t,
>     and then set w3m-user-agent to some generic and popular user-agent
>     string."
> That leaves us with the matter of the HTTP_ACCEPT Headers. My memory is
> that the information sent in that header is very limited, just a set of
> mime-types that the server can use to send data to the client. That
> doesn't seem to me to be much from which to create a fingerprint, but it
> would be great to do a comparison. emacs-w3m does have configurable

Different browsers (mis)use this header string differently [1]. The
string lists mime types in a certain order with some optional ratings
for each. If an un-common browser has this string different from common
browsers it adds uniqueness.

[1] https://www.newmediacampaigns.com/blog/browser-rest-http-accept-headers