Re: Browser fingerprinting? [message #182838 is a reply to message #182837] |
Wed, 18 September 2013 13:09 |
Scott Johnson
Messages: 196 Registered: January 2012
Karma:
|
Senior Member |
|
|
On 9/17/2013 10:06 PM, Denis McMahon wrote:
> On Tue, 17 Sep 2013 22:53:30 +0200, Marc van Lieshout wrote:
>
>> On 15-09-13 00:11, Gilles wrote:
>>> On Fri, 13 Sep 2013 19:30:18 -0400, Twayne <nobody(at)spamcop(dot)net> wrote:
>>>> If it were easy to do, it'd also be widely publicized and available.
>
>>> Thanks for the feedback.
>
>> It IS easy to do and widely available.
>
> No it's not.
>
>> Look at the firefox add-on called SecretAgent. It's at:
>> https://www.dephormation.org.uk/?page=81
>
>> It has some 150 browser identification strings aboard (Including Amaya,
>> Dillo, Bluefish), spoofs x-forwarded-for and via, spoof ETags and send
>> random Accept: headers.
>
> That's spoofing, not fingerprinting.
>
> Spoofing is easy. Fingerprinting is not. Fingerprinting is attempting to
> uniquely identify visitors to a site at the site server. Spoofing is
> trying to tell the server you're someone different in some way to who you
> really are. They're not the same thing, and while spoofing is easy,
> fingerprinting accurately and reliably is incredibly difficult.
>
> If I visit your website today using firefox on my unix pc over my adsl
> connection, and tomorrow using chrome on my android tablet over it's 3g
> connection, how are you going to fingerprint me? I don't need to use
> anything as "technical" as spoofing the browser id. You lost the game as
> soon as I started playing!
>
I think the point he was trying to make, which is what I took out of it,
was how easy it is to minimize the practical use of fingerprinting.
Spoofing and fingerprinting are related in those terms.
The easier and multiple way to spoof the harder to fingerprint a single
source reliably.
In a prior post, I think the OP, was asking for proof on how easy it is
to make fingerprinting unreliable, and one particular way was shown.
Scotty
|
|
|