Comments (15)
User Agent spoofing without JS works fine.
that depends on what you spoof as.
If it's anything but Firefox then the available ciphers and their order already make you pretty unique.
CSS can also be used to some degree to identify if you're using FF, Chrome or whatnot.
And honestly, if you spoof another FF version what good does that really do?
from user.js.
OS, bitness and browser is almost impossible to spoof.
You can safelly spoof browser version, but not faking FF as for example Chrome, IE, or something else.
Even when the results on some test pages show that you have done it succesfully, there is a method over iFrame, which allways reveals the real data. ;)
And there are for sure other methods we are even not aware off for now.
The same goes with screen resolution spoofing. There is no real solution for now.
I would really suggest to remove those from your user.js.
Otherwise you are fingerprinted as a spoofer. ;)
Maybe I am wrong here, so don't kill me for my comment. ;)
from user.js.
Hi, Pants! So user.js updates are now basically real time, I like that :)
IMHO the current 2627 prefs work surprisingly well to spoof OS and FF version. They produce plausible results when you don't make big changes. I wouldn't remove them, the included comments are sufficient. The TCP/IP OS Fingerprinting method used by BrowserLeaks to reveal the actual Windows NT kernel version might have nothing to do with Firefox?
I know spoofing your browser (instead of just the browser version) and resolution won't really work.
from user.js.
With all the things we already do (dom.*, disabled ciphers, etc.) worrying about spoofing your OS is really not worth the effort IMHO. with 1600 downloads we are in a pretty small group anyway.
From all the 2627 stuff I only use general.buildID.override
but now that I think about, I don't even need that. Those things are maybe useful if you compile your own FF on linux but my buildID on Windows is the same for everyone with the same FF version. And I don't spoof my UA anymore either, so yeah, I'm resetting it and comment it out in my user.js
from user.js.
Googlebot 2.1 User Agent String:
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
from user.js.
Great. You guys did a tremendous job in a very short time.
All I can say is in two words: THANK YOU
:)
Cheers
from user.js.
Tools like Nmap and P0f look at the TCP/IP stack parameters of the system.
explanation
general.oscpu.override does little or nothing against tools that read system values stored in windows registry or linux config files.
from user.js.
User Agent spoofing without JS works fine.
from user.js.
I spoof the latest FF on previous versions.
from user.js.
Spoof to FF version that has biggest market share.
That would normally be the latest standard. If you are using ESR or nightly, then spoofing makes sense if we assume that fingerprinting isn't beyond that.
https://techblog.willshouse.com/2012/01/03/most-common-user-agents/
from user.js.
Good choice. That's unclear territory, must be investigated.
general.useragent.override is an incomplete solution.
from user.js.
sure, why not.
I prefer if the user_pref line isn't indented, but you're in charge of formatting ;)
from user.js.
is indented, in the entire js
Yes, but my idea is to use multi-line JS comments, like so ...
/* 2697-A: navigator.userAgent leaks in JS
// NOTE: setting this will break any UA spoofing add-on whitelisting ***/
//user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref)
/* 2697-B: navigator.buildID (see gecko.buildID in about:config) reveals build time
// down to the second which defeats user agent spoofing and can compromise OS etc
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/
//user_pref("general.buildID.override", "20100101"); // (hidden pref)
or like this:
/* 2697-A: navigator.userAgent leaks in JS
* NOTE: setting this will break any UA spoofing add-on whitelisting ***/
//user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // (hidden pref)
/* 2697-B: navigator.buildID (see gecko.buildID in about:config) reveals build time
* down to the second which defeats user agent spoofing and can compromise OS etc
* https://bugzilla.mozilla.org/show_bug.cgi?id=583181 ***/
//user_pref("general.buildID.override", "20100101"); // (hidden pref)
from user.js.
Well, if it was example 2, it makes sense to have all the //user_pref lines on column 0 when you collapse all items with your editors hotkey. I also prefer if the actual commented out JS code ie the user_prefs lines, don't have a single space between // and the 'user_pref'. But it's just MY coding style.
If we ever gonna make the change we should do it sooner rather than later, before more people start a fork.
Should we be democratic about it and create a poll with all possible formats and let the majority decide?
IMO it's more than a 'slight' improvement, especially if you edit a local copy in an editor.
It makes such a big difference in terms of better overview, easier to organize, etc.
We don't necessarily have to change the entire file at once IMO.
from user.js.
/*** 2700: COOKIES & DOM STORAGE ***/
/* 2701: single line pref ***/
user_pref("blabla", true);
/* 2702: multi-line active
* blabla
* more blabla ***/
user_pref("blablub", true);
/* 2703: single or multi-line inactice ***/
//user_pref("blibli", true);
note:
- always use
***/
to end-comment, makes it easier to see - also use
/* ... ***/
for single line numbers, so only inactive user_pref lines would have //
2a. hence having the //user_pref's on column 0 would be nice - align the
*'s
for multi-line (this is what most people do for multi-line comments in sources afaik)
take it or don't, I've said my peace, please don't hate me for not picking A or B ;)
ps. ok your last pic also looks nice. I don't mind, do what you prefer
from user.js.
Related Issues (20)
- ToDo: diffs FF123-FF124 HOT 3
- Firefox, with slightly modified Arkenfox, fingerprinting with latest 124.0.1 64 bit update breaks, now "unique" HOT 8
- how to modify user_perf `browser.uiCustomization.state`? HOT 1
- who's up for some simple testing - any platform .. all welcome, except that _one_ guy HOT 7
- Issue with DuckDuckGo being the only option in the search engine dropdown list
- Should I use FPP, RFP or both HOT 4
- add privacy.spoof_english HOT 4
- Easier way to batch import and export site exceptions? HOT 4
- Difference between 4501 and 4510 in terms of preferred colors HOT 4
- https://auth.openai.com/ Broken With RFP HOT 5
- add pref to delete using `user-overrides.js`? HOT 2
- user perf for search shortcuts HOT 4
- user pref for "extenstion has been added" notification HOT 2
- Post-Arkenfox Unique Fingerprint HOT 10
- ToDo: diffs FF124-FF125.0.1 HOT 6
- track sanitizing migration slated for FF127/8 HOT 14
- TLS fingerprint in PBM is different HOT 8
- LocalFortress (extension) HOT 6
- 126.0 - Firefox’s new search data collection - Disabled? HOT 2
- 126.0: potential addition for 0105 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from user.js.