On Mon, Oct 14, 2013, at 11:28 AM, Cathal Garvey wrote: > > Sure would be nice if Mozilla had an option for "only announce the > > standard vanilla web fonts".
That would be great, along with: - "only use mandatory required headers" (e.g. Host, eTags*) - "use custom request headers" (without resorting to Live HTTP Headers for each request) *thinking about this more, eTags could also be used to track users if MITMed. > User-agents are the devil, though, because whatever about other sources > of browser entropy, the User Agent is a big honking bonus score every > site gets for zero effort. Worse, most efforts to minimise User-Agents > can end up maximising them instead, and there don't seem to be any > *current* lists of "most common user-agent string" to work from to > reduce entropy. I've set mine to a super-generic-looking > Windows/Firefox setting, but as other people upgrade their browsers and > OSes and as architectures get more diverse, browser UAs are getting > more and more diverse, too.. Speaking of User-Agents being evil: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/ Alfie -- Alfie John [email protected]
