Hi Alex, On Tue, Jul 09, 2024 at 12:31:29PM +0200, a1ex@dismail.de wrote:
On Mon, 8 Jul 2024 14:50:08 +0200 <a1ex@dismail.de> wrote:
Hi list,
Here is a simple script which runs Dillo with a random user agent on each run. I've been using it for a long time with no issues. It would be interesting to have similar functionality built-in to Dillo at some point, at least for me.
...
Thanks!, I think is a good idea to reduce fingerprinting in Dillo. Have you considered also removing the user agent header completely? I work under the assumption that each Dillo user is uniquely identifiable based on non-JS enabled, other HTTP headers, TLS behavior, TCP and network timing leaked details, unless I have evidence that suggests otherwise. I don't think the web is designed to keep users anonymous and there is only so much we can do. However, I would appreciate efforts towards reducing the fingerprinting information we are leaking. It would be nice to be able to measure it somehow, but I only find JS enabled fingerprinting estimation tests online.
Just to add to this, have you considered the idea of a user agent switcher in Dillo? It would be neat to be able to choose from different profiles and have them applied in real-time without having to restart the browser. For example, the profiles could be something like:
'Default', 'Desktop', 'Mobile', 'Random'
I thought about something like this but for the CSS media selector, not so much for the user agent. I'm not sure if switching the user agent among desktop/mobile would have a measurable effect on the page content. If you want to reduce information leaked by Dillo that can identify a user, I think a good strategy is first to make a service that can measure this information among Dillo users and show the differences it can find among users, much like the EFF does[1]. Maybe we can work with the EFF to improve the support for non-JS browsers, so we can benefit from their pool of users to estimate uniqueness. [1]: https://coveryourtracks.eff.org/ We can also make it cooperate with a Dillo plugin that can have access to network TCP packets and timing information on both ends to emulate an state actor, so we can estimate how much information is being leaked and how much we are reducing it. This is probably something that we may want to bring up to the Tor team to see which strategies the did for the Tor Browser and which ones we can apply to Dillo. See also: https://github.com/dillo-browser/dillo/issues/135 Best, Rodrigo.