Fingerprinting 2.0: User Agent - follow up to #12097 #12638
Description
Description
[Follow up to #12097]
Test plan for both Desktop and Android (per #9190 (comment)):
per @pes10k comment:
i've added a user-agent row to https://dev-pages.brave.software/farbling.html
Things to check:
- using an android device, hit the "generate fingerprints" button, then click on one of the hash values in that row and make sure that in the popup it says "android device" and not any particular device model
- in "strict" blocking, you should get different fingerprints across top-level origins and sessions (there aren't a huge number of possible random values here, so if you see an identical fingerprint (for the user-agent row only), its worth checking on the sibling page or on another session to see if you get another fingerprint then)
Original issue description
This is a sub-issue of the larger fingerprint defense reorganization issue: #8787
User Agent String
NavigatorID.userAgent
default protections:
- for devices with OS version numbers, always report
MAX(current minor version number, latest version number as of build) - (only for android) don't report device name in UA, only return "android device" (same as what DDG browser does)
max protections:
- return chrome default UA for each platform
- At end of UA, add [0, 5] additional whitespace characters, as determined by eTLD+1 seed (only for JS reflected value)
(other notes for future consideration)
In default mode, we could probably get by safely with adding [0, 5] additional whitespace characters, as determined by eTLD+1 seed (only for JS reflected value), but for the first time out, lets be very very conservative with the UA and not make any "clever" changes like that.
Also, we could probably get by with adding [0, 3] additional whitespace characters between UA segments, but again, for the first change, lets be conservative.