This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Need to spec navigator.plugins, since everyone implements it and nobody else is speccing it.
Man, this is a horrible fingerprinting vector. See also: https://bugzilla.mozilla.org/show_bug.cgi?id=757726 That bug suggests randomising the order and limiting the enumerable list to only well-known values, but still leaving rare plugins in the list so they can be tested for. (It similarly limits navigator.mimeTypes, obviously.) This seems insufficient for any serious attempt at preventing fingerprinting.
bz: You really think we should keep this around? Is there not some way we can keep it around in a Web-compatible way that is just the same on every browser?
*** Bug 22554 has been marked as a duplicate of this bug. ***
I don't know. I do know we've had sites break on us when we broke something about navigator.plugins (largely by failing to instantiate Flash as needed). I can't speak to navigator.mimeTypes... From a purely theoretical perspective, I would love these to die a horrible death. I'm just not sure I can remove them from Gecko any time in the next several years, say. :( We _are_ hoping to get away without plug-ins entirely in Servo, though.
Ok well I guess I'll spec it for now.
Checked in as WHATWG revision r8036. Check-in comment: navigator.plugins and company http://html5.org/tools/web-apps-tracker?from=8035&to=8036