Page 1 of 2
Crucial privacy extension: User Agent Switcher PER SITE
Posted: Sat Aug 01, 2009 5:39 pm
by headerpersite
AdBlockPlus is excellent, and so is NoScript, but to complete the anonimity trifecta, we have to deal with the headers sent out with each html request and transfer. A lot of these headers are so unique they effectively act as a cookie. I've observed how the evil assholes correctly guessed my identity with targeted ads despite my using AdBlock (disabled in that particular session alone to see what ads would show up), NoScript, dynamic IP, no cookies, etc. It's because of the headers.
There already exists UserAgentSwitcher, but it sucks for anonimity. It was intended to view pages that acted funny or rejected you if you had X header. The guy developing that addon says he's going to add the per site feature, but he's said that for 4 years. He's not interested.
Here's what a good anonimity-intended UserAgentSwitcher should be able to do:
1) Allow you to set a specific header for each domain you wish, and save it and automatically reload it between sessions.
2) Allow you to set its behavior for domains not specified in 1). Such as use the real header, a specified header, or set a random header for each different domain that will last until the session is closed.
3) Ensure that the altered headers get sent on request and transfer packets. I don't understand too much about this, but I read several comments which pointed out that some of these User Agent addons only altered the header in the request packet, but subsequent transactions with the same domain included the browser's real header.
That's it. This is a crucial privacy addon. AdBlockPlus and NoScript are at the top of the most downloaded addons. A proper UserAgent-anonimity addon is a must for anyone concerned about his privacy. It should be right up there with AdBlock and NoScript amongst the most downloaded addons. This is a crucial addon.
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Sat Aug 01, 2009 5:55 pm
by Alan Baxter
Moved to Web Tech.
Note: this exact same post has been cross-posted to at least a couple of other forums. You may prefer to discuss it in one of the other forums.
http://forums.mozillazine.org/viewtopic ... &t=1394075
http://adblockplus.org/forum/viewtopic. ... 8682#28682
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Mon Aug 03, 2009 7:12 am
by Tom T.
headerpersite, thanks for showing me a good reason to quit "playing" with my useragent, which would be even more identifying, and go back to its "natural" one. Not anonymous, to be sure, but more so than customizing it. Good point.
I've always used Adblock Original with my F2.x, and it seems to be undetectable by sites that whine if you use ABP (one reason I liked ABO). Alas, it isn't F3-compatible. I wish someone would pick up its maintenance (abandoned a couple of years ago, although so much simpler that there was almost nothing to break), and make it F3-friendly.
Any site needs to know your language, browser, OS, and browser engine. If ABP gives away its presence, that is something that should be addressed by ABP, agreed?
I don't see NoScript showing in my useragent, and AFAIK, most sites don't know if you have it. (If a script doesn't run, for all they know, you could have IE with scripting disabled.) For Win XP or Vista, there must be millions of users with any particular version of OS and browser. For *nix, and possibly Mac, I can see where the data-mining can narrow in.
I like your thinking, but wouldn't one need to be careful not to have the site send the wrong version of the page?
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Tue Aug 04, 2009 12:33 am
by headerpersite
Tom T. wrote:For Win XP or Vista, there must be millions of users with any particular version of OS and browser. For *nix, and possibly Mac, I can see where the data-mining can narrow in.
But I don't see that. For example, look at the Gecko extension of the 3 messages in this thread. All different. They have a date stamp on them from the date you installed Firefox! This is like having a fixed IP. Your anonimity is zero with that stupid Gecko timestamp in your header. The rest of the header, maybe, but that Gecko thing with a date on it...

Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Tue Aug 04, 2009 7:31 am
by Tom T.
headerpersite wrote:Tom T. wrote:For Win XP or Vista, there must be millions of users with any particular version of OS and browser. For *nix, and possibly Mac, I can see where the data-mining can narrow in.
But I don't see that. For example, look at the Gecko extension of the 3 messages in this thread. All different. They have a date stamp on them from the date you installed Firefox! This is like having a fixed IP. Your anonimity is zero with that stupid Gecko timestamp in your header. The rest of the header, maybe, but that Gecko thing with a date on it...

Is it the date you *installed* it, or the date of that Gecko version? ... which I would think would correspond to whatever version, or to a range of versions, of Fx that you are running.
Still an interesting point as browsers and versions multiply. The ideal, IMHO, would be for all sites to be browser-agnostic; then the info would be unnecessary. There have been various movements to that end; perhaps you might lend your time and energy to them?
And I assume you use a proxy server or some other way of avoiding a static IP address? ... else changing the UA might do no good.
The bottom line: I think we all need to remember that we are not as "anonymous" as we might like to think we are, and that might be a good thing in some ways. Studies have shown that people are more polite and less aggressive when they are accountable than when they believe they are anonymous. If you really need to avoid identification for a legitimate and lawful privacy need, and not to do anything illegal, unethical, abusive, or hostile, there are plenty of manual ways to vary these things -- and let's hope that we don't need to do that too often (do something that we don't want people to know about).
As for the advertisers, I try as hard as anyone else, but I figured they nailed me years ago, when I was unaware. Since I never see their ads, who cares? ... but I support laws for stronger control over data storage and usage.
Thanks again for raising interesting points.
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Sat Aug 08, 2009 10:10 am
by dhouwn
headerpersite wrote:They have a date stamp on them from the date you installed Firefox!
Wrong.
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Wed Sep 16, 2009 10:41 pm
by computerfreaker
dhouwn wrote:headerpersite wrote:They have a date stamp on them from the date you installed Firefox!
Wrong.
How so? Even in your user agent string, (at the bottom of your post), I see a date string...
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Wed Sep 16, 2009 11:10 pm
by GµårÐïåñ
that date string is the version of your gecko
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Wed Sep 16, 2009 11:40 pm
by computerfreaker
GµårÐïåñ wrote:that date string is the version of your gecko
So that's the date the Gecko version was released,
not the date I installed it?
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Wed Sep 16, 2009 11:49 pm
by GµårÐïåñ
correct. take mine for example:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
shows I am on windows, US version, Win Vista and higher including 7, revision 1.9.1.3 using the gecko release of 20090824 (august 24) with Fx outside version of 3.5.3
and now yours:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
shows you are running on windows, us version, Win 2k or higher including XP, revision 1.9.0.13 which suggests you are on the 3.x branch rather than 3.5.x branch and with gecko release of july 30th revision 22 on Fx outside of 3.0.13
for support purposes the subtle differences are helpful and can sometimes point to specific issues inherent in that branch.
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Thu Sep 17, 2009 10:39 am
by computerfreaker
GµårÐïåñ wrote:correct. take mine for example:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
shows I am on windows, US version, Win Vista and higher including 7, revision 1.9.1.3 using the gecko release of 20090824 (august 24) with Fx outside version of 3.5.3
Interesting! Never knew the user agent string had so much info to it... (and I'd always wondered about that U next to Windows... lol)
GµårÐïåñ wrote:and now yours:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13
shows you are running on windows, us version, Win 2k or higher including XP, revision 1.9.0.13 which suggests you are on the 3.x branch rather than 3.5.x branch and with gecko release of july 30th revision 22 on Fx outside of 3.0.13
dang, is that accurate...
I'm on Windows XP SP3, Firefox 3.0.13 US version.
Well, thanks for all the info, GµårÐïåñ! Very nice of you...

Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Thu Sep 17, 2009 7:34 pm
by GµårÐïåñ
the UA gives quite a bit of information about the visitor. many who know what they are doing and don't break functionality can tweak their UA to mask their true information. you should worry more about the amount of information your header is spilling than the UA.

Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Thu Sep 17, 2009 9:59 pm
by computerfreaker
GµårÐïåñ wrote:the UA gives quite a bit of information about the visitor. many who know what they are doing and don't break functionality can tweak their UA to mask their true information.
yes, I can imagine a couple of ways to do that, providing more or less security and more or less functionality-breaking... I guess it's a balance.
GµårÐïåñ wrote:you should worry more about the amount of information your header is spilling than the UA.

Well, I have the Stealther addon... which
should be stripping my header...
Just off the top of your head (don't want to make anyone waste time on my account), any idea where I can see what my header is saying about me?
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Thu Sep 17, 2009 11:18 pm
by GµårÐïåñ
sure, Live HTTP Headers gives you more than you will ever need. You can also check the class tool available through
www.grc.com by going to the ShieldsUp section and after you proceed, you will see "Browser Header" in the bottom of the page links, click on that and have at it.
Re: Crucial privacy extension: User Agent Switcher PER SITE
Posted: Fri Oct 16, 2009 7:31 pm
by computerfreaker
Check out the HeaderControl addon:
https://addons.mozilla.org/en-US/firefox/addon/11327
It's got per-site header, user agent, accept language, referrer, and cookie controls... still experimental, but very worthwhile nonetheless...