service and user-agent disclosure - please consider privacy

Richard rz at linux-m68k.org
Mon Jan 9 23:13:09 UTC 2012 

Hi,

many of the different user agent and service banners are way too detailed
for my taste. 

It sucks privacy wise - disclosing Fedora version, CPU, kernel version, 
browser version and a few other details mindlessly included in many user
agent/service banners would in many cases allow near foolproof tracking
even without cookies or paypal/fb bugs.

Of course I can individually opt out of this brain damage, but what are the
options of a single individual - ?
* use fake Internet Explorer user agent identification: my browser will get
  suboptimal and broken page content and I will "improve" MS market share,
  not exactly my intention.
* use custom user agent string - usually achieves the opposite effect making
  myself even easier trackable. That is, unless a large majority of Fedora
  users will use the same standardized UA string I will be still very easilly
  trackable.
* write my own browser or extension which rotates user agent strings smartly, 
  making sure it manages cookies and tcp/ip fingerprints consistently with rotating
  user agent strings. Not the easiest thing - anyone knows an extension which
  actually does that? At least reset TCP sequence number generation?
* run TOR for everything, make myself prime suspect and enjoy broken service
* more ideas??

Then consider how much easier it would be for Fedora and other distros to 
limit information disclosure by user agents and service banners as default
or optional policy. 

I would argue it should be default policy for desktops. Since most Linux
desktops will also run quite a few services those should have a privacy-aware
policy as well but as long as the policy is switchable it should not hurt.

It has a long tradition to proudly announce every detail of your soft & hardware
as well as familiar background and pets in user agent strings but for most users 
is it not such a good thing to do today.

Richard

---
Name and OpenPGP keys available from pgp key servers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120110/f2547002/attachment.sig>

More information about the devel mailing list