[CentOS] librhythmbox-itms-detection-plugin.so

Sun Nov 8 12:34:42 UTC 2015
Alice Wonder <alice at domblogger.net>

I'm looking at ways to potentially reduce tracking via browser fingerprints.


When I go to that url in CentOS FireFox - my browser is very distinct.

For me I believe this is largely caused by gstreamer. I run a modern 
gstreamer, not the CentOS packages gstreamer.

My modern gstreamer also includes a lot of the patent-encumbered codecs, 
and on that eff project page, I can see them being reported by the 
GStreamer plugin as supported, making my firefox very unique and subject 
to tracking via browser fingerprint.

I'm not sure there is anything I can do about that, other than going 
back to stock gstreamer which I can't do because I need gstreamer 
support for some codecs not supported by stock CentOS gstreamer.

I think for anything that is a plugin, I think the browser should ask 
the user. That would make browser fingerprinting more difficult.

One of the plugins though that is detected is from rhythmbox.

I didn't even know there was a rhytmbox plugin for firefox.


It is part of the core rhythmbox package.

I certainly have no need for it, and I doubt very many people do.

It seems to me that maybe that plugin should be part of a sub-package to 
rhythmbox rather than rhythmbox itself, strictly from a security 
perspective so that if there is an exploitable bug in it, it will only 
be a vector for those who actually want that plugin.

Does anyone actually use that plugin for anything? Maybe it should just 
be removed from the Fedora / RHEL / CentOS world.