[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How can a site still determine my browser language? [Mofify Headers]


On Mon, May 19, 2008 at 06:52:06PM -0700, Steven wrote:
> Hi,
> I have been using Privoxy and Tor for a while and came across this strange 
> phenomenon lately. Privoxy is configured to
> - hide-accept-language
>   Fake these language settings: en_US
> - hide-referrer
>   Fake as the root directory of the site
> - hide-user-agent
>   User Agent string to send:
>   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> - session-cookies-only
>   (and I delete cookies manually anyway before each try)

> real browser is German. But how can Google detect that? There are no other 

Privoxy does not handle https, nor does it claim to do so.
If altering Headers, Privoxy cannot deal with https traffic. So, as a result,
if google (or whoever) is accessed via https, the browser will send the headers
it reads in it's configuration. Some sites might just spawn one https connection
within all the ordinary http, just to check if headers are alike.
You can take care of that either in about:config or use a tool. 
I think firefox rewrites it's config in case of an update or for whatever reasons
the creators have decided to. 
There is an add-on called "modify headers" dealing with headers quite reliably.
Makes more sense to set the headers to something reasonable, else the purpose is
contradicted. Also pleasse take care that settings in Privoxy are the same as the
ones in "modify headers" else the effect is again contradicted. Or rather dismiss
this particular feature in Privoxy if using "modify headers".
To be found at addons.mozilla.org.
To take care of cookies you might consider another addon called "cookie culler" to
be found under the same address.
There actually is an option under Firefox-> Preferences -> Privacy -> Private Data
called "Always clear my private data when I close Firef..." at your choice, wiping
out fairly much or all what a data munger like google likes to know.
If you wish to stay anonymous against google, you NEVER, and this is literally NEVER
EVER login there without shelter and without tor.
There also is a recommended list of tools/addons to use with tor somewhere on tor's
Check your headers in http(s) at:

can be quite startling :)
scroll down to bottom, http, https check.

> Thanks,
> Steven