|
Of course the user can choose software that sends no cookies or she can remove cookies from headers with a proxy if the user-agent itself (e.g., "modern" browser) cannot be controlled adequately. There is some relief for the location issue. It is not too difficult to discover alternate geolocated IP addresses for websites that choose to employ such strategies. Further, proxies, even just Tor with a proper config file, can give the user a specific geolocation of the user's choosing. Do users choose different user-agents for different web usage? On smartphones we routinely see users choosing a variety different applications for different purposes, e.g., an online shopping app versus a news reading app. For example, if the user is engaged in online shopping, then she almost certainly will need to enable Javascript and cookies. However, if the user is reading^1 news on small news websites or nontechnical blogs (to use your examples) then IME neither Javascript nor cookies are required. Using the same application (the same "modern" browser) for both purposes, and with Javascript and cookies enabled, is, IME, from a technical standpoint, unnecessary. The text of the articles can be retrieved and read with much simpler software; none of this software needs Javascript nor cookies to perform its respective task. 1. The situation changes if the user is "viewing" news (photojournalism) or "watching" news (autoplaying videos). IME, neither Javascript nor cookies are required, however short of the user writing custom Javascript to process page contents, employing some software, e.g., standard UNIX utilities, other than a modern browser, to extract the image or video URLs, is sometimes necessary. |
Well, to push this a step farther, the great thing about extensions like uMatrix are that you can turn off Javascript+Cookies on a site-specific basis. So I know people who would feel like it was too cumbersome to juggle two browsers at the same time, but who don't have the same aversions to saying, "oh sure, I could turn Javascript and cookies off by default, but turn them on for this one specific video/shopping site."
> There is some relief for the location issue.
Definitely. I didn't want to go too in depth here, but this one of the things I'm getting at when I say Panopticlick shouldn't be the only thing people look at. Panopticlick doesn't even consider geolocation around IP addresses at all, so there's an entire vector there where Panopticlick won't tell you whether or not you're vulnerable.
There's a world of considerations here that are just hard to fit into a single comment.
> employing some software, e.g., standard UNIX utilities, other than a modern browser, to extract the image or video URLs, is sometimes necessary.
cough youtube-dl cough
If you're a user who's comfortable with the terminal, this can be a game changer even ignoring the privacy aspect. I see people all the time on HN complain about bookmarking a video and having it disappear later. Not a problem if you download them.
If you want to go even farther and you're comfortable with Bash scripting, youtube-dl even has options around managing playlists, so you can kind of "subscribe" to ongoing playlists/channels and treat them like podcast RSS feeds.
But with that I'm straying off topic.