[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!

On Mon, Sep 28, 2015, at 10:44 AM, Alexis Wattel wrote:
> The User-Agent and Accept headers gave me a unique fingerprint on
> https://panopticlick.eff org/. 

Yes, they are unique for Orfox users.

> They should be set to the same as the Tor Browser. There's no point in
> identifying the client as a mobile user if you seek anonymity; and the
> User-Agent is the one most basic way to track browsers besides IP
> addresses. 

We made a conscious choice to not use the same user-agent as Tor
Browser, since there are other things like screen-size, for instance,
that we cannot make the same. Our goal is to have the same user-agent as
Firefox for Android, which we do, and which has tens of millions of
> The Accept headers are plain and simple leaked from the device. 

What do you mean leaked? Are you saying the Accept headers are unique
for your device, or just for Orfox/Firefox for Android? I think it is
the latter, and it is not a leak.

> Could easily pass as a honest mistake if this issue had not already been
> reported 2 years ago about Orweb. 

Trust me when I say that the work we have done here is way beyond Orweb
in many ways. Orweb didn't allow us to change the user-agent and accept
headers fully. With Orfox, we are using the fully compiled Gecko engine
from Tor Browser source. 

The few areas that differ are ones like this, where we made a choice to
have mobile web access be the default, based on this user-agent.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to