- From: Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com>
- Date: Fri, 3 Dec 2010 08:38:00 +0000
On Thu, Dec 2, 2010 at 9:53 PM, Benjamin Hawkes-Lewis <bhawkeslewis at googlemail.com> wrote: > Allowing UAs explicitly to provide information via dedicated optional > fields is different to requiring UAs them to leak it in the course of > providing another service (such as spelling). It's worth noting that in practice UAs have identifying traits that can leak through feature/bug detection (e.g. "typeof opera", testing if vendor-prefixed styles are applied, conditional comments and compilation, and so forth). In the case of UAs like Konqueror and Internet Explorer, UA identification is a good proxy for OS detection too. Other than helping and encouraging privacy-conscious users to disable untrusted JS, I don't think UAs can do much about that. To a lesser extent, such traits are also an issue at the HTTP level. -- Benjamin Hawkes-Lewis
Received on Friday, 3 December 2010 00:38:00 UTC