serious privacy leak, browser signature

[ghost]

Please consider https://panopticlick.eff.org/ - the result is that every single orweb user can be identified.

The biggest problems:

• User-agent should be set to a value that is widely used and not unique. The default "android" will frequently include details like brand, model and build number. Predefined "Firefox5" is does not appear to match any real world browser.
• HTTP headers: seems utf-16 is the privacy culprit here, rarely ever used and pehraps should be filtered
• screen-size/color-depth gives away too much of information.

[n8fr8]

User-agent: we know use the Samsung Galaxy SII user-agent as the default, since that is the most common Android device. We have also updated iPhone and Firefox to the values specified by EFF's Panopticlick report as the most "anonymous" values for those browser.

HTTP Header: we are overriding accept headers now, so the utf-16 value is not there, and are now using a common default set of headers.

screen-size/color-depth is determined via javascript, and is difficult to block unless you turn off javascript. We will not be addressing that issue in the short term.