I'm looking at ways to potentially reduce tracking via browser fingerprints.
https://panopticlick.eff.org/
When I go to that url in CentOS FireFox - my browser is very distinct.
For me I believe this is largely caused by gstreamer. I run a modern
gstreamer, not the CentOS packages gstreamer.
My modern gstreamer also includes a lot of the patent-encumbered codecs,
and on that eff project page, I can see them being reported by the
GStreamer plugin as supported, making my firefox very unique and subject
to tracking via browser fingerprint.
I'm not sure there is anything I can do about that, other than going
back to stock gstreamer which I can't do because I need gstreamer
support for some codecs not supported by stock CentOS gstreamer.
I think for anything that is a plugin, I think the browser should ask
the user. That would make browser fingerprinting more difficult.
One of the plugins though that is detected is from rhythmbox.
I didn't even know there was a rhytmbox plugin for firefox.
/usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so
It is part of the core rhythmbox package.
I certainly have no need for it, and I doubt very many people do.
It seems to me that maybe that plugin should be part of a sub-package to
rhythmbox rather than rhythmbox itself, strictly from a security
perspective so that if there is an exploitable bug in it, it will only
be a vector for those who actually want that plugin.
Does anyone actually use that plugin for anything? Maybe it should just
be removed from the Fedora / RHEL / CentOS world.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
