Chrome extension ChromeDust fights browser fingerprinting

See "Combatting Browser Fingerprinting with ChromeDust" at http://css.csail.mit.edu/6.858/2013/projects.html.

 

Interesting. However, after installing it I couldn't see any effect on ip-check.info

 

Was HTTPSB active? Chrome API does not allow more than one extension to change the HTTP headers. So this is either HTTPSB stripping cookies and referer from the headers, or ChromeDust editing user agent string from the headers, but not both.

 

Yes, HTTPSB was active. However, I also tried it with HTTPSB disabled and didn't see any difference ... Nevertheless, perhaps its features could be implemented in HTTPSB, too?

 

I have been thinking implementing this since early in the project, but I have to admit I have a hard time to come up with the optimal solution. I don't want the project to come up with its own hard-coded list of User-Agent strings, I just can't afford to maintain such a list, and assign myself the responsibility of picking these User-Agent strings which choices would always be something debatable.

So my thought is currently to allow the user himself to enter say, up to 10 strings which HTTPSB will shuffle randomly, so that takes care of the project having to maintain a list. User take care of its own list, hopefully with good advices from the community.

I also want to avoid too many settings, so this is where my mind is not set: the minimum set of settings which address the fingerprinting issue re User-Agent string but which will not bloat the Settings page (and confuse the user).