Dixel Posted August 3 Share Posted August 3 So, after fiddling with chrome.dll, I was able to edit out most of the values ClientHints API sends to servers. But the API shows as working, I think it's a good result. 4 Link to comment Share on other sites More sharing options...
Dixel Posted August 3 Author Share Posted August 3 11 hours ago, NotHereToPlayGames said: You should take serious consideration to the fact that you just created a UNIQUE fingerprint. If you want to stand out like a sore thumb, you succeeded. If your intention is to blend in with the crowd, then you should actually send the most popular field content. I agree with you, I'm still testing. But like I said, it's already a good result. I want to achieve all fields empty. But I, at least for now, don't know how to block the whole API. 3 Link to comment Share on other sites More sharing options...
Dixel Posted August 3 Author Share Posted August 3 11 hours ago, NotHereToPlayGames said: If your intention is to blend in with the crowd, then you should actually send the most popular field content. Which one do you prefer more, mine, or Dave's: NT 5.1 x86 + Chrome 124. And what exactly do you think makes it unique? The space between the brackets is empty in mine. Thanks, https://msfn.org/board/topic/185045-supermium/?do=findComment&comment=1268273 3 Link to comment Share on other sites More sharing options...
Dixel Posted August 3 Author Share Posted August 3 11 hours ago, NotHereToPlayGames said: I'll answer that. But first, can you answer why you are jumping through all of these hoops to deactivate/disable/defuse "client hints"? No problem, as may already know, ClientHints are invoked by javascript, so search for the area around the browser navigator. There are also many other useless entries like navigator.userAgentData Navigator.usb.get Navigator.bluetooth.get navigator.userAgentData is the one responsible. 3 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted August 3 Share Posted August 3 That's not what I was asking. Why do you see ClientHints as "evil and must be done away with"? I have to assume that you see them as some form of "privacy issue", that ClientHints themselves FINGERPRINT the web site visitor, is that correct? Link to comment Share on other sites More sharing options...
Dixel Posted August 3 Author Share Posted August 3 11 hours ago, NotHereToPlayGames said: That's not what I was asking. Why do you see ClientHints as "evil and must be done away with"? I have to assume that you see them as some form of "privacy issue", that ClientHints themselves FINGERPRINT the web site visitor, is that correct? Privacy issue, yes, but the most annoyance is when modern sites detect Vista and ask you to upgrade the browser, when the browser is not needed to be upgraded. Probably, you don't use those sites, I'd give some links, but you won't use them anyway, one good example is Nvidia site, it was already discussed at github. 4 Link to comment Share on other sites More sharing options...
Saxon Posted August 4 Share Posted August 4 Someone needs to write a good CH spoofer, otherwise game over. As it's slowly but surely becomes the new UA replacement. https://github.com/win32ss/supermium/issues/779 4 Link to comment Share on other sites More sharing options...
Dixel Posted August 5 Author Share Posted August 5 As we all know, starting with Chrome 122 (Final release), they can't be forced off via the known cmd flag. Members are welcome to post their ways of dealing with 'em. Probably, someone already knows a crx extension? I tend to edit each Chrome browser manually, but it's not convenient for most of the users. Also, it has some disadvantages, sometimes leading to a unique fingerprint, In all, we need a working fake CH switcher. 3 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted August 5 Share Posted August 5 (edited) This is a false problem. Low entropy (CH) values transmitted by the client without a request from the server are deducible by the User Agent itself: https://developer.mozilla.org/en-US/docs/Web/API/User-Agent_Client_Hints_API It is possible to fake the User Agent from the browser development tools and then modify the Client Hints. Disabling javascript from the browser itself blocks all client hints because the API is js. Of course, the User Agent is equally broadcast. Note that disabling javascript from an extension such as uBlock Origin does not achieve the goal as does disabling js in the browser itself. If such a "problem" is insurmountable, it is recommended to change browsers. r3dfox which can be used in your OS does not have the Client Hints API. Edited August 5 by Sampei.Nihira Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted August 5 Share Posted August 5 (edited) 27 minutes ago, Sampei.Nihira said: This is a false problem. I agree. This seems to me to be just one of those things where "undue paranoia" gets the best of us and we run in circles to prevent "theoreticals" that don't actually exist in "reality". To each their own, of course. I personally HAVE A MEANS to SPOOF CLIENT HINTS -- PROXOMITRON. I have no problem in the least in getting more MSFN Members to use PROXOMITRON - so if ClientHint "undue paranoia" is what gets us there, no skin off my back, lol. "half full" versus "half empty". Nothing more. Nothing less. Edited August 5 by NotHereToPlayGames Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted August 5 Share Posted August 5 (edited) If I search-engine-of-choice search for "client hints privacy concern", most (if not all) of the results are SEVERAL years old! Wikipedia has the below - note that it specifically cites that they are talking about when the proposal was originally published. So perhaps all of this "undue paranoia" is based on what Client Hints were ORIGINALLY supposed to be versus what they ACTUALLY ended up being ??? ??? ??? While I *do* consider this "undue paranoia", I DO SPOOF THEM VIA PROXOMITRON if nothing more than a "verification" that I CAN, not that I "need to". No clue, to be perfectly honest. As I've always stated, if you are ON the internet, then you have been FINGERPRINTED. No "if's, and's, or but's". Edited August 5 by NotHereToPlayGames Link to comment Share on other sites More sharing options...
Dixel Posted August 5 Author Share Posted August 5 14 hours ago, Sampei.Nihira said: If such a "problem" is insurmountable, it is recommended to change browsers. r3dfox which can be used in your OS does not have the Client Hints API. Thanks, but I specifically pointed out to Chrome only browsers in the topic's title. 3 Link to comment Share on other sites More sharing options...
Dixel Posted August 5 Author Share Posted August 5 13 hours ago, NotHereToPlayGames said: If I search-engine-of-choice search for "client hints privacy concern", most (if not all) of the results are SEVERAL years old! It's because they were boiling the frog very slow, now it's used up to the much wider extent. 3 Link to comment Share on other sites More sharing options...
Dixel Posted August 5 Author Share Posted August 5 14 hours ago, Sampei.Nihira said: This is a false problem. Low entropy (CH) values transmitted by the client without a request from the server are deducible by the User Agent itself: https://developer.mozilla.org/en-US/docs/Web/API/User-Agent_Client_Hints_API Thanks for your opinion, unfortunately people wouldn't agree, and one the cases is documented here. probably you didn't see it yet. https://github.com/win32ss/supermium/issues/779 4 Link to comment Share on other sites More sharing options...
Dixel Posted August 5 Author Share Posted August 5 14 hours ago, NotHereToPlayGames said: I have no problem in the least in getting more MSFN Members to use PROXOMITRON - so if ClientHint "undue paranoia" is what gets us there, no skin off my back, lol. Thanks, I will maybe consider your suggestion later on, now I bit pre-occupied with real life, I'm looking for a simple solution like modifying headers on the fly and make them switchable from presets. 4 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now