Does it make sense to pretend we're Windows/Mac/Android users to thwart fingerprinting?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does it make sense to pretend we're Windows/Mac/Android users to thwart fingerprinting?
I was struck seeing the Windows user agent in Linux Tor. Then I realized there might be strategic reason for this.
Facebook has changed recently to only permit the mobile versions with an Android user agent.
If pernicious sites think we're using a standard Windows device, will we be less targeted as Linux users?
Theoretically is it not true that if they know we're using Linux, malware can be intended specifically for us, as Windows intrusions won't affect a Linux system?
browsers (and other things) usually try to identify the running system in order to optimize the user experience.
The only question is: who is that user (and what does "optimize" mean for that user).
The only reason to present a fake user agent in your request header is to get the page that you want. If a server is serving up different pages depending on user agent. Or, if a server is refusing a particular web browser/platform for some reason. Python using urllib will many times be refused without a user agent in the request header.
It does not stop a server from browser/OS fingerprinting you. It is not for security, but to get the user experience that you want.
Another reason to present a fake user agent is for content delivery. Many video sites will present video in a different format based on user agent. An iPhone user agent will get you a .m3u8 playlist file. Very useful to have the master segment playlist.
It's a tool in your tool box to use to get the content the way that you wish it. Maybe, not always.
Distribution: Ubuntu based stuff for the most part
Posts: 1,177
Rep:
A lot of fingerprinting is just general data gathering for advertising which may ultimately be useless, but they still gather it since it is easy to do so and the advertising networks ask for it.
Unless you are randomizing your user agent each time, they will still have a fingerprint for your browser. Overall there is little you can do stop it, and it really has little impact on your experience.
Firefox limits cookies to the site they originated from so they can't be used to track you across sites, which is better privacy protection then Chrome offers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Does it make sense to pretend we're Windows/Mac/Android users to thwart fingerprinting?
