I’m looking at ways to potentially reduce tracking via browser fingerprints.

https://panopticlick.eff.org/

When I go to that url in CentOS FireFox – my browser is very distinct.

For me I believe this is largely caused by gstreamer. I run a modern gstreamer, not the CentOS packages gstreamer.

My modern gstreamer also includes a lot of the patent-encumbered codecs, and on that eff project page, I can see them being reported by the GStreamer plugin as supported, making my firefox very unique and subject to tracking via browser fingerprint.

I’m not sure there is anything I can do about that, other than going back to stock gstreamer which I can’t do because I need gstreamer support for some codecs not supported by stock CentOS gstreamer.

I think for anything that is a plugin, I think the browser should ask the user. That would make browser fingerprinting more difficult.

One of the plugins though that is detected is from rhythmbox.

I didn’t even know there was a rhytmbox plugin for firefox.

/usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so

It is part of the core rhythmbox package.

I certainly have no need for it, and I doubt very many people do.

It seems to me that maybe that plugin should be part of a sub-package to rhythmbox rather than rhythmbox itself, strictly from a security perspective so that if there is an exploitable bug in it, it will only be a vector for those who actually want that plugin.

Does anyone actually use that plugin for anything? Maybe it should just be removed from the Fedora / RHEL / CentOS world.