So I hit the "test me" page with several different kinds of browsers to see what kind of results I would get. The results are given below (all Firefox browsers below have the NoScript extension). In terms of security, these are like golf scores: you want low numbers in the second (BII="bits of identifying information") and third (NIF="number of identical fingerprints") columns. And in terms of security, being unique is bad (it makes it easy to identify you).
| browser/platform | BII | NIF |
|---|---|---|
| MSIE7 on XP | 17.64 | unique in 204,788 |
| Firefox 3.6 on XP | 8.62 | one in 392 |
| Firefox 3.6 on Ubuntu | 12.64 | one in 6,364 |
| MSIE6 via wine on Ubuntu | 17.66 | unique in 207,713 |
| lynx on Ubuntu | 14.67 | one in 26,001 |
| elinks on Ubuntu | 17.67 | unique in 208,111 |
| wget on Ubuntu | 9.57 | one in 761 |
| curl on CEntOS | 17.67 | unique in 208,688 |
Firefox 3.6 on XP did pretty well, so I captured the HTTP request headers from that browser:
GET / HTTP/1.1
Host: vmware:8000
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Then I installed the Modify Headers extension to Firefox on Ubuntu and set the User-Agent header to the value from the request headers above. After doing that, Firefox 3.6 on Ubuntu got panopticlick scores like Firefox 3.6 on XP.
An interesting side effect of this is that the Firefox Add-Ons site uses the User-Agent header. So if you do this and want to add extensions later, you will probably need to disable the header. And I've just done this today, so I don't yet know what effect this will have on updating extensions.
1 comment:
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
As a request header helps give me scores under 900 :)
Post a Comment