User-Agent strings, privacy and Debian browsers
Consider for a moment a typical User-Agent string sent by a Debian web browser:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 Iceape/1.1.4 (Debian-1.1.4-1)
Unfortunately, the fact that this information identifies a specific
package and version of that package means that Debian users (already a
select group) have their browsing identities further distinguished by
their User-Agent strings.
This means, in practice, that many sites will be able to track Debian
users by their User-Agent, even if (say) the user is blocking cookies or
limiting them to a single session and is changing IP address regularly.
What do people think of picking a single User-Agent string for all
versions of all of Debian's Gecko-based browsers?
Would there be any serious harm in terms of browser debugging? Are
there many sites which usefully treat different Gecko browsers
differently?
As a far more hypothetical question, what would people think of picking
a single User-Agent for Gecko-based browsers for a larger set of
GNU/Linux distributions? Obviously, there is much more politics there,
because any distributions that joined would be losing the ability to
measure their desktop market share by looking at web statistics.
--
Peter Eckersley pde@eff.org
Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
Reply to: