I'm looking at ways to potentially reduce tracking via browser fingerprints.
When I go to that url in CentOS FireFox - my browser is very distinct.
For me I believe this is largely caused by gstreamer. I run a modern gstreamer, not the CentOS packages gstreamer.
My modern gstreamer also includes a lot of the patent-encumbered codecs, and on that eff project page, I can see them being reported by the GStreamer plugin as supported, making my firefox very unique and subject to tracking via browser fingerprint.
I'm not sure there is anything I can do about that, other than going back to stock gstreamer which I can't do because I need gstreamer support for some codecs not supported by stock CentOS gstreamer.
I think for anything that is a plugin, I think the browser should ask the user. That would make browser fingerprinting more difficult.
One of the plugins though that is detected is from rhythmbox.
I didn't even know there was a rhytmbox plugin for firefox.
/usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so
It is part of the core rhythmbox package.
I certainly have no need for it, and I doubt very many people do.
It seems to me that maybe that plugin should be part of a sub-package to rhythmbox rather than rhythmbox itself, strictly from a security perspective so that if there is an exploitable bug in it, it will only be a vector for those who actually want that plugin.
Does anyone actually use that plugin for anything? Maybe it should just be removed from the Fedora / RHEL / CentOS world.