This code change will reduce browser uniqueness by "cloaking" uncommon plugin names from ugins enumeration. Websites can still check whether a particular hidden plugin is installed by directly querying ugins like ugins. This change does not disable any plugins it just hides some plugin names from enumeration. Starting in Firefox 28 ( bug 757726), Firefox restricts which plugins are visible to content enumerating ugins. The PluginDetect JS library was used to check for 8 common plugins on that platform, plus extra code to estimate the Acrobat Reader version. In all cases, data was either collected or inferred via HTTP, or collected by JS code and posted back to the server via AJAX.
The following data is taken from the published paper, :Įntropy of various pieces of browser information Variable (This means that, choosing a browser at random, at best one in 286,777 other browsers will share its fingerprint.) In their study, they placed a lower bound on the fingerprint distribution of 18.1 bits of entropy.
We need to go through these, one by one, and do what we can to reduce the number of bits of information (entropy) it provides. how useful they are in uniquely identifying a browser): things like UA string, what addons are installed, and the font list of the system. This does not include cookies! They ranked the various bits of information in order of importance (i.e. They found that, over their study of around 1 million visits to their study website, 83.6% of the browsers seen had a unique fingerprint among those with Flash or Java enabled, 94.2%. The EFF published an excellent study in May, detailing some of the various methods of fingerprinting a browser.
0 kommentar(er)
