[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Browser Fingerprinting
Boruch Baum <boruch_baum@xxxxxxx> writes:
> On 2020-04-17 10:15, Tomas Nordin wrote:
>> The fields tested as browser characteristtics were
>> ...
>
> Thanks. Good to know.
>
>> The most identifying characteristics is User Agent followed by
>> HTTP_ACCEPT Headers.
>
> Of course emacs-w3m and w3m have no choice but to send them, but ...
>
>
>> Browsing the web with a text based browser is not a common thing to do,
>> so from a browser fingerprinting point of view I guess the uniqeness is
>> to be expected.
>
> Right. That's why I suggested in my original e-mail...
>
>
> "What might be more useful is to set variable w3m-add-user-agent to t,
> and then set w3m-user-agent to some generic and popular user-agent
> string."
>
> That leaves us with the matter of the HTTP_ACCEPT Headers. My memory is
> that the information sent in that header is very limited, just a set of
> mime-types that the server can use to send data to the client. That
> doesn't seem to me to be much from which to create a fingerprint, but it
> would be great to do a comparison. emacs-w3m does have configurable
Different browsers (mis)use this header string differently [1]. The
string lists mime types in a certain order with some optional ratings
for each. If an un-common browser has this string different from common
browsers it adds uniqueness.
[1] https://www.newmediacampaigns.com/blog/browser-rest-http-accept-headers