I\'m developing a browser based on Google Chromium and keeping in mind that priv

Question

I'm developing a browser based on Google Chromium and keeping in mind that privacy is freedom; but I need to know how to protect my browser's users against fingerprinting.

I was thinking about intercepting requests associated with fingerprinting, such as requests for:

1. Browser plugin details and user agent string
2. HTTP_ACCEPT headers
3. Screen size and color depth
4. Time zone and system fonts

And always sending the same (fake) response. I want to do this without breaking anything for the end user.

For instance, if a user tries to watch a video in full screen, and the site asks for screen size to resize it properly, the browser would send a fake screen size, but would actually display it at the true screen size.

Is this even possible? Is it actually possible to intercept these requests and hide this information without making the site not work properly?

Explanation / Answer

Yes, it's possible, but it's a lot harder than you think, and you'll end up breaking some things no matter what. To take your full-screen video example, it's not the website that asks for the screen size, it's Javascript running on a web page, and you can't know at the time of the request if it's going to use the size to adjust a video, or to fingerprint the browser.

The Tor browser bundle attempts to do this with reasonable success. I recommend studying it to see how it works, and how it can be improved upon.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.