On Mon, Sep 28, 2015, at 10:44 AM, Alexis Wattel wrote: > The User-Agent and Accept headers gave me a unique fingerprint on > https://panopticlick.eff org/.
Yes, they are unique for Orfox users. > They should be set to the same as the Tor Browser. There's no point in > identifying the client as a mobile user if you seek anonymity; and the > User-Agent is the one most basic way to track browsers besides IP > addresses. We made a conscious choice to not use the same user-agent as Tor Browser, since there are other things like screen-size, for instance, that we cannot make the same. Our goal is to have the same user-agent as Firefox for Android, which we do, and which has tens of millions of users. > The Accept headers are plain and simple leaked from the device. What do you mean leaked? Are you saying the Accept headers are unique for your device, or just for Orfox/Firefox for Android? I think it is the latter, and it is not a leak. > Could easily pass as a honest mistake if this issue had not already been > reported 2 years ago about Orweb. Trust me when I say that the work we have done here is way beyond Orweb in many ways. Orweb didn't allow us to change the user-agent and accept headers fully. With Orfox, we are using the fully compiled Gecko engine from Tor Browser source. The few areas that differ are ones like this, where we made a choice to have mobile web access be the default, based on this user-agent. +n -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
