Bug #903
Privacy problem - Browser fingerprinting
| Status: | New | Start date: | 03/20/2013 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
I have previously reported the issue here - https://github.com/guardianproject/Orweb/issues/34 , now wondering which place is the correct one.
Copied over for your convenience:
Please consider https://panopticlick.eff.org/ - the result is that every single orweb user can be identified.
The biggest problems:
- User-agent should be set to a value that is widely used and not unique. The default "android" will frequently include details like brand, model and build number. Predefined "Firefox5" is does not appear to match any real world browser.
- HTTP headers: seems utf-16 is the privacy culprit here, rarely ever used and pehraps should be filtered
- screen-size/color-depth gives away too much of information.