Re: User-Agent strings, privacy and Debian browsers
On Sep 22, 2007, at 8:18 PM, Peter Eckersley wrote:
On Sep 22, Marco D'Itri <md@Linux.IT> wrote:
On Sep 22, Peter Eckersley <firstname.lastname@example.org> wrote:
This means, in practice, that many sites will be able to track
Debian users by their User-Agent, even if (say) the user is blocking
cookies or limiting them to a single session and is changing IP
This is highly debateable. There may be tens or thousands of users of
the same package visiting a web site.
I've seen reports from very large sites indicating that User-Agent
strings are almost as useful as cookies for tracking their users.
There is no question that many, if not all, web sites that track
visitors use the UA string in some way or other. Often it is used for
tracking and more commonly it is used to create work-arounds for non-
standard compliance. For example IE 6 has some quirky CSS behavior
that people often have to consider. Or people use the UA string with
the IP and create a hash that is the 'signature' of the visitor. This
of course breaks easily but it is still done.