Mask browser fingerprint attributes currently exposed

Think CEF could benefit from a new feature or capability? Discuss CEF feature requests here.

Mask browser fingerprint attributes currently exposed

Postby tech5678 » Fri Aug 14, 2020 12:09 pm

Most people I speak with are under the incorrect assumption that changing the useragent makes a website think you're another device. In fact, it only fools only the most rudimentary check because many attributes of your browser and system itself are still exposed. For example, I can tell on https://whoer.net that my OS identifies itself as Windows 10.0, that I have certain windows-specific plugins, that my browser is made by Google Inc., my platform is Win32, and more. My canvas data is yet another fingerprint (read about canvas data fingerprinting) which makes it clear that I'm not, for example, on an iPhone. However all of these points of information are provided by the browser, and can be changed - if the browser supports/allows it.

Firefox has a plugin called Random User Agent, which does just that. It modifies many attributes so that remote systems actually think you're using a completely different device. The experience and what they deliver to your device on Twitter, for example, is completely different when you use Random User Agent versus just changing the useragent alone, because all of those other attributes get changed and they have no way to tell that you are not really on an iPhone, for example.

Implementing these capabilities would allow CEF enthusiasts to bypass some of the draconian rules recently put in place to try to force users to only use certain browsers and help restore CEF to its former utility.
tech5678
Techie
 
Posts: 10
Joined: Fri Aug 14, 2020 11:01 am

Re: Mask browser fingerprint attributes currently exposed

Postby magreenblatt » Fri Aug 14, 2020 4:23 pm

It is already possible to change most things in a CEF client application, and you can discover for yourself what is necessary to bypass existing fingerprinting checks on various websites. We would not support this as a ready-made feature because it would lead to an arms race with browser fingerprinting libraries. That would likely result in even more draconian and hard to work-around techniques from companies like Google that control the full stack (browser and web service).
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm


Return to Feature Request Forum

Who is online

Users browsing this forum: No registered users and 20 guests