LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Does it make sense to pretend we're Windows/Mac/Android users to thwart fingerprinting? (https://www.linuxquestions.org/questions/linux-security-4/does-it-make-sense-to-pretend-were-windows-mac-android-users-to-thwart-fingerprinting-4175729029/)

JASlinux 09-17-2023 03:01 AM
Does it make sense to pretend we're Windows/Mac/Android users to thwart fingerprinting?
 
I was struck seeing the Windows user agent in Linux Tor. Then I realized there might be strategic reason for this.

Facebook has changed recently to only permit the mobile versions with an Android user agent.

If pernicious sites think we're using a standard Windows device, will we be less targeted as Linux users?

Theoretically is it not true that if they know we're using Linux, malware can be intended specifically for us, as Windows intrusions won't affect a Linux system?

https://tor.stackexchange.com/questi...ser-user#15410

pan64 09-17-2023 04:00 AM
browsers (and other things) usually try to identify the running system in order to optimize the user experience.
The only question is: who is that user (and what does "optimize" mean for that user).

teckk 09-17-2023 10:29 AM
The only reason to present a fake user agent in your request header is to get the page that you want. If a server is serving up different pages depending on user agent. Or, if a server is refusing a particular web browser/platform for some reason. Python using urllib will many times be refused without a user agent in the request header.

It does not stop a server from browser/OS fingerprinting you. It is not for security, but to get the user experience that you want.

Another reason to present a fake user agent is for content delivery. Many video sites will present video in a different format based on user agent. An iPhone user agent will get you a .m3u8 playlist file. Very useful to have the master segment playlist.

It's a tool in your tool box to use to get the content the way that you wish it. Maybe, not always.

There are a dozen threads on LQ about this.

uteck 09-17-2023 12:00 PM
A lot of fingerprinting is just general data gathering for advertising which may ultimately be useless, but they still gather it since it is easy to do so and the advertising networks ask for it.
Unless you are randomizing your user agent each time, they will still have a fingerprint for your browser. Overall there is little you can do stop it, and it really has little impact on your experience.

Firefox limits cookies to the site they originated from so they can't be used to track you across sites, which is better privacy protection then Chrome offers.

JASlinux 09-25-2023 10:21 PM
Quote:
Originally Posted by teckk (Post 6454286)

It does not stop a server from browser/OS fingerprinting you. It is not for security, but to get the user experience that you want.
We still have an interesting paradox:

The default for Tor on Android mobile is your mobile device, but if you request a desktop user agent (by toggle switch) you see a Linux 64 string.

Yet in Linux the default is a Windows string.

That seems too surface to be an accident.


All times are GMT -5. The time now is 12:50 PM.