service and user-agent disclosure - please consider privacy
Richard
rz at linux-m68k.org
Mon Jan 9 23:13:09 UTC 2012
Hi,
many of the different user agent and service banners are way too detailed
for my taste.
It sucks privacy wise - disclosing Fedora version, CPU, kernel version,
browser version and a few other details mindlessly included in many user
agent/service banners would in many cases allow near foolproof tracking
even without cookies or paypal/fb bugs.
Of course I can individually opt out of this brain damage, but what are the
options of a single individual - ?
* use fake Internet Explorer user agent identification: my browser will get
suboptimal and broken page content and I will "improve" MS market share,
not exactly my intention.
* use custom user agent string - usually achieves the opposite effect making
myself even easier trackable. That is, unless a large majority of Fedora
users will use the same standardized UA string I will be still very easilly
trackable.
* write my own browser or extension which rotates user agent strings smartly,
making sure it manages cookies and tcp/ip fingerprints consistently with rotating
user agent strings. Not the easiest thing - anyone knows an extension which
actually does that? At least reset TCP sequence number generation?
* run TOR for everything, make myself prime suspect and enjoy broken service
* more ideas??
Then consider how much easier it would be for Fedora and other distros to
limit information disclosure by user agents and service banners as default
or optional policy.
I would argue it should be default policy for desktops. Since most Linux
desktops will also run quite a few services those should have a privacy-aware
policy as well but as long as the policy is switchable it should not hurt.
It has a long tradition to proudly announce every detail of your soft & hardware
as well as familiar background and pets in user agent strings but for most users
is it not such a good thing to do today.
Richard
---
Name and OpenPGP keys available from pgp key servers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120110/f2547002/attachment.sig>
More information about the devel
mailing list