Standard on anonymized browser behaviour
Hello. There is no dobt that browsers are fingerprintable. In my study (ticket #13400 (moved) ,article http://geektimes.ru/post/244484/comments/ in Russian, wait for english version a little) I and other commenters have fingerprinted differrent browsers on differrent systems (including tbb on win8, winxp, some linux distro, Tails and Whonix) with differrent fonts and the fingerprints were differrent on differrent systems.
I think that we need a standard of browser behaviour which must
- define a set of locally or remotely fingerprintable features (including values returned by differrent APIs, values can be measured (for example performance), behavoural patterns such as set of headers, etc...));
- define their values for any anonymized browser which comply with standard.
Also we need a standard on user fingerprinting mitigation to make it not to conflict browser fingerprinting prevention.