alpha vs stable branding entropy
Since 8.5a7 (Jan 30th 2019) and 9.0a1+ (Mar 21 2019), TB alpha builds got a different chrome://branding/content/about-wordmark.svg
- one that says "nightly"
This file can be read and measured: easily distinguishing alpha from stable users
Note: there will always be easy entropy between major ESR versions (such as feature detection changes e.g. between ESR60 vs ESR68).
This is about the (much longer?) periods where alpha and stable are on the same ESR base - like right now. While there will possibly be some changes between these, FP'ers would have to work hard and keep up to date: and not all would necessarily be FP'able. Whereas this method (measuring a contentaccessible
resource) means no upkeep and 100% reliable.
Whether or not TB stays on ESR cycles or moves to 4-weekly cycles has an impact.
For TB alpha users (I assume a small percentage and thus the entropy would be very high), it would be nice to lock this off.
I'm not even sure where this is used, if at all: I don't see it displayed anywhere (it's not in about:tor or Help>About Tor Browser). I'm sure there was a reason it was changed, I just don't know that reason. Would limiting this particular branding to system principal content work?
PoC You can see it in action at https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#useragent
The svg is displayed under [css] branding
and the js determination and measurements are under [re[/]](/]) browser
I'll post a pic and leave it up to you guys