over exploits that use your user agent as identification (can you access the user agent from JS? (I'm assuming that's what most of the exploits exploit))
2. true (but bruh services that do that lose my respect)
3. not entirely true, if you want to hide your "identification" you should take way more steps than just changing your user agent. Fingerprint does not only depend on that. And changing it just harms aggregated data collection, like platform usage share reports.
it's a part of the whole story, but the topic is that data
You can get a decent heuristic by trying functions in JavaScript that only particular browsers support.. Not too dissimilar from blind SQL injections actually
If your threat model is about security, disable js entirely. If its about privacy / anonymity, use Tor
Обсуждают сегодня