Improve fingerprint of the Unsafe Browser
Originally created by Tails on #5412 (Redmine)
{{toc}}
Next steps
Avoid Tails-specific DNS requests
One can see e.g. with Wireshark that the Unsafe Browser sends DNS
requests for amnesia and tails.boum.org on the network. This should
clearly not happen.
Next thing to do: research why this happens.
Improve fingerprint of the request made to get the captive portal
For the WiFi hotspot and probably ISP, the recommended way of using the Unsafe browser only to login in the portal and then use only Tor is fingerprintable.
What clearnet request do people do to get the captive portal?
Next thing to do: research how we can improve the network fingerprint of that principal usecase.
Done
As a first step, we wanted to make the Unsafe Browser look like a default Debian Iceweasel ESR. This was done by removing all add-ons.
Related issues
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information