[LINK] BlueCava tracks individual devices, assigns creditworthiness

[Rick Welykochy]

Birch, Jim wrote:

> I've been thinking vaguely about a FF plugin that lies about your
> browser to websites, especially technically irrelevant stuff like
> plugins and fonts, that provide a high level of identification.  What
> would be cool would be a set of standard signatures in a data file that
> would be swapped at random but used by multiple computers.

I've had a read and a bit of a think about thwarting the
fingerprinting mechanism.

Simply setting up a fake profile within your browser can still
provide a (nearly) unique fingerprint. If that profile does not change
over time, you have been successfully fingerprinted, albeit with
fake data.

The ideal plug-in would change the profile data with each web
request. The fingerprint could then theoretically never repeat,
being unique for each web request.

Another approach is a "universal fingerprint" plug-in, that sends
the same profile data by all users. Once such a plug-in is in
widespread use, there would be heaps of different machine/browser/OS
combos in the wild all having exactly the same fingerprint, which
would go some way towards defeating the mechanism. This approach
would seem to be quite powerful, easy to implement and very low
overhead. The implementers could have fun with the content that
is returned for the profile info, e.g. the User Agent could read
"Keep-Your-Hands-Off/1.0 (Mozilla compatiable)", etc.etc.


cheers
rickw




-- 
_________________________________
Rick Welykochy || Praxis Services

aibohphobia  -  the fear of palindromes