Reducing the fingerprint of the text-based web browser w3m
TL;DR: You can reduce the amount of information w3m gives about itself and the environment it is running in (and, by extension, you). It will not make you anonymous; your fingerprint will still be unique. But it may improve your privacy.
w3m ‘is a text-based web browser as well as a pager like
less. With w3m you can browse web pages through a terminal emulator window (xterm, rxvt or something like that). Moreover, w3m can be used as a text formatting tool which typesets HTML into plain text.’
You can reduce the browser fingerprint by applying the following changes to
~/.w3m/config in any AppVM you want to use w3m in. (If you have not run w3m yet, you might need to copy the config file from elsewhere.) You can also apply the same changes to
/etc/w3m/config in the relevant TemplateVM(s) to have them apply to multiple AppVMs; but make sure they are not reversed by the contents of
~/.w3m/config in any of the AppVMs. (w3m reads
user_agent Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0.
By default w3m identifies itself as
w3m/+ version number. The user agent
Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0is the most common and the one used by the Tor Browser Bundle (TBB). One in fourteen browsers fingerprinted by Panopticlick has this value.
Make w3m use the same HTTP_ACCEPT headers the TBB by adding the following lines at the end of the file:
accept_language en-US,en;q=0.5 accept_encoding gzip, deflate accept_media text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
These changes will hide your computer’s locale and some other information that may or may not be unique to the VM in which it is running. With the modifications above w3m will have the same headers as about one in fifteen browsers fingerprinted by Panopticlick.
Reminder: Do not rely on these settings for anonymity. Using w3m is all but guaranteed to make you stand out in the crowd.
PS: You still need to delete cookies manually (
~/.w3m/cookie) if you are not running w3m in a DispVM anyway. If you set w3m to not accept cookies, its fingerprint will change. (You can configure w3m to not use store cookies or accept new ones (or both), but the setting
use_cookie seems to really mean
accept_cookie and vice-versa, so maybe it is best to delete them manually for now.)
* Does someone know how to fix this?