How about randomising HTTP_ACCEPT and User agent?

Posted May 17, 2010 23:52 UTC (Mon) by jrn (subscriber, #64214)
In reply to: How about randomising HTTP_ACCEPT and User agent? by saffroy
Parent article: EFF: Web Browsers Leave 'Fingerprints' Behind as You Surf the Net

> The real problem however is that information such as your web browser's ID, plugins or supported languages is often used by the web server to alter the actual content served to you (eg. to send you text in your language, or work around bugs in your browser), so there are limits to how much one wants to mess with that.

In practice, that is much less of a problem than it would seem to be. I have been browsing with chromium-browser --user-agent="Mozilla/8.0" for a few months now, and I only ran into a few problems:

. Gmail requires ?nocheckbrowser at the end of the URL or it will not use ajaxy features

. Old versions of http://www.bad-behavior.ioerror.us/ deny access to some pages. So far, every webmaster I have mentioned this to has been happy to have the reminder to upgrade.

. Facebook appears to use Content-disposition: attachment or something for its front page, rendering it inaccessible.

Thats all. I would be happy to see more people doing this, since if sites use sane behavior by default, that means one less barrier to entry for new browsers and should make it easier to change the behavior of existing browsers.