nikn...@riseup.net wrote:
They can? How does not running certain scripts add to your fingerprint? Servers would have to be explicitly checking for that.
I imagine it wouldn't be that hard to keep track of which visitors don't request files hosted on the same (or friendly) servers. I imagine all one really needs to do is get access to the request logs to build and maintain a reasonable set of visitor browser 'fingerprints' and then offer different pages based on the suspected fingerprint.
Since browsers typically request everything needed to build a rendered page at roughly the same time, one could give a narrow time window in which the requester must request the page's files. Not requesting Javascript files, Flash files, advertisement graphics files, etc. at all (not even to check to see if the file has changed as one might do to show cached downloads) could mark one as probably running something like NoScript, a Flash blocker (or no Flash player installed), ad blockers, and so on.
The site could retaliate against such blockers by changing what the visitor ultimately gets. Not requesting ad graphics? You get more textual ads. Not requesting Javascript files? You get more CSS that is more likely to be seen as annoying perhaps by animating this or that. Maybe you get a different page altogether; a page which says that unless you enable Javascript, disable your ad-blocker, or whatnot you won't get the main site information you probably came to see.
Then again it should be simple to defend against this by requesting and ignoring the files one doesn't intend to do anything with, or requesting time/datestamps on such files to simulate a cached file check. This could be a total waste of bandwidth to be sure, but a convenient way around such profiling/filtering.
