[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: User-Agent strings, privacy and Debian browsers

On Sep 22, 2007, at 8:18 PM, Peter Eckersley wrote:
On Sep 22, Marco D'Itri <md@Linux.IT> wrote:
On Sep 22, Peter Eckersley <pde@eff.org> wrote:

This means, in practice, that many sites will be able to track
Debian users by their User-Agent, even if (say) the user is blocking
cookies or limiting them to a single session and is changing IP
address regularly.

This is highly debateable. There may be tens or thousands of users of
the same package visiting a web site.

I've seen reports from very large sites indicating that User-Agent
strings are almost as useful as cookies for tracking their users.

There is no question that many, if not all, web sites that track visitors use the UA string in some way or other. Often it is used for tracking and more commonly it is used to create work-arounds for non- standard compliance. For example IE 6 has some quirky CSS behavior that people often have to consider. Or people use the UA string with the IP and create a hash that is the 'signature' of the visitor. This of course breaks easily but it is still done.


Reply to: