Hide Forgot
(Filed under "Firefox" component but applicable to all web browsers) Description of problem: Panopticlick is a tool that shows how unique your browser fingerprint is. If it is unique, then a site owner or advertisement company can identify you because of that. Currently, some browser plugins shipped with Fedora 16 give very detailed version information which increases the chance on a unique browser fingerprint. Examples: - IcedTea-Web Plugin (using IcedTea-Web 1.1.4 (fedora-4.fc16-x86_64)) - VLC Multimedia Plugin (compatible Totem 3.2.1) Interestingly, the Gecko build identifier in the user agent string seems to be generic: - Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 I believe that Fedora should try to minimize the bits of information that plugins identify themselves with to protect the privacy and anonymity of the user. Version-Release number of selected component (if applicable): 9.0.1 How reproducible: Always Steps to Reproduce: 1. Install icedtea-web, totem-mozilla or any other bundled plugins 2. Visit https://panopticlick.eff.org/ 3. Click 'Test Me' Actual results: Expected results: Additional info:
The plug-in versions are provided by plug-ins themselves, we can't change the exposed plug-in version string. If you believe Firefox should filter the plugin version strings, please file a bug at bugzilla.mozilla.org and try to find support there.
(In reply to comment #1) > The plug-in versions are provided by plug-ins themselves, we can't change the > exposed plug-in version string. Are you saying that the plug-in itself provides the string "(fedora-4.fc16-x86_64)"? I don't believe so. Also, given that RH developers are working on both Totem and IcedTea, the statement that "we can't chag the plug-in version string" is doubtful. > If you believe Firefox should filter the plugin > version strings, please file a bug at bugzilla.mozilla.org and try to find > support there. This is already discussed in https://bugzilla.mozilla.org/show_bug.cgi?id=566423 .