Tor goes the way of trying to make everyone look the same to defend against browser fingerprinting.
Wouldn't a simple addon that changes/adds as much information as possible randomly in short time intervals also do the trick? Are there downsides to this?
I am thinking about spoofing random fonts, addons (or addon version numbers), user agents (there is already an addon doing this).
Are there projects trying to do this? What are the downsides to this approach?
EDIT: Comparing this approach to the approach which TOR uses (everybody looks the same) On request I'll add what in my opinion this approach does better. You can't personalize your browser when using the approach "I want to look like anyone else". When just adding very much random plugin/fonts (whatever is possible information), which changes from time to time you can also personalize your browser. Sure, your personalized addons etc. won't change as quickly as the other random stuff, but now the server would have to check for every fingerprint, if there are any other fingerprints, where any of the information he uses to generate the fingerprint coincide with the new one. This sounds like a hell lot of work for me with a positive probability of getting false positives (associating two fingerprints with each other that aren't from the same user).
This approach is already used to some extinct as I see it. When wanting to be private, you will try to change your IP adress for example so it can't be tracked to you. Also changing the user agent is done (and there are already addons doing it in specific time intervals and randomly).
But why can't we pursue this approach: lets say we pic the 50 most popular addons/fonts, and always spoof having a random number of them installed in some random version
This isn't just limited to addons/fonts (I only read that information about these are often used for fingerprinting), but one could extend this approach to any information the browser sends. You'd have to send some real information (like window size) to have the site work properly. But then the fingerprinting algorithms can only rely on this minimum of real information you have to send (and not like panopticlick does it just on everything it gets).
To specify the question now: Is this technically achievable? (Can you spoof browser information this good) And what are the informations you can't spoof because either it isn't possible to spoof them or because you need to send them for most sites to work properly. And are these informations already enough to be identified? Do modern fingerprinting algorithms already only depend on these "must-be-true" informations or do they (like panopticlick) use everything they can get their hands on