Comment by paulddraper

2 years ago

MDN doesn't like it

> Browsers set required values for this header according to their active user interface language. Users rarely change it, and such changes are not recommended because they may lead to fingerprinting.

> The content of Accept-Language is often out of a user's control (when traveling, for instance). A user may also want to visit a page in a language different from the user interface language.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Ac...

:shrug:

3 comments

paulddraper

hsbauauvhabzb 2 years ago

There are a million metrics that can be used for fingerprinting, the notion of avoiding language detection because fingerprinting seems a bit weak - it’s pretty hard to fingerprint me if I’m not willing to fumble your site to configure my language, and I assume for non English speakers hard locking browser resolution to 1920x1080 to prevent resolution fingerprinting would presumably be a more usable limitation.

Edit: and ‘a user might not be the owner of the computer and therefore the accept language might be wrong‘ sounds like a UI problem that a ‘file -> set language’ workflow would solve.

paulddraper 2 years ago

Agreed

yosito 2 years ago

Accept-Language is far more under my control while traveling than my IP address. Especially for services that actively block VPNs.