Security/Anonymous Browsing: Difference between revisions

Jump to navigation Jump to search

Security/Anonymous Browsing (view source)

Revision as of 11:30, 28 June 2010

974 bytes added ,  28 June 2010
→‎User Agent
Line 98: Line 98:


==User Agent==
==User Agent==
User agent can be handled two different ways. One way would be to simply reduce the amount of entropy provided by the standard user agent headers. There is a [https://bugzilla.mozilla.org/show_bug.cgi?id=http-fingerprint bug for this], but some high-entropy items may end up being too useful to drop, such as the operating system and Accept-Language.
The other way to handle this would be to assume that there is no way to prevent a remote website from determining if a user is in anonymous browsing mode by testing for any of the other protections in this document. If this is the case, then anonymous mode could simply pick its own uniform user agent string that is determined to be one of the more common Firefox user agent strings currently in use. This is the approach taken by Torbutton. However, providing an anonymous browsing mode that makes it difficult to determine if anonymous browsing is enabled has numerous obvious advantages, so this may not be an option.


==HTTP Headers/Activity==
==HTTP Headers/Activity==
Mikeperry
70

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/234177"

Navigation menu