User Agent String.

I am opening up this thread to discuss "User Agent String".

Its important to change it from your default to maintain privacy on your browser. I would like to discuss which are the best to change to and why. I have not found much literature about it and am curious what is everyone's string/opinion on good strings and bad strings.

I personally change mine. I use Cyberdog/2.0 (Macintosh; 68k), when im not doing anything important. I find it funny to use, and it can make some weird things happen with certain websites which interests me.

So, what string do you use and why? Which are the best in your opinion.

 

I use the default that comes with my browser:

Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0

I'm not to concerned about it.

On a particular forum I frequent I set it to this:

Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Slackware

 

I don't bother with user-agents... I dunno, I don't see how they add protection!

 

It is a really bad idea to use a unique User-Agent, or one that is not used by a lot of other people. This way you can be identified and tracked much easier.

 

The point is to have one that doesn't uniquely identify you. So if you use a very common OS and browser/version, such as the current release of a popular browser and anything XP-Win8, then keep the string you have. If you use some old version not often used anymore, like some random build of Firefox 3 for instance, then it might be a good idea to spoof it to a more common one. Like make it look like you're on the current release or something. But make sure you mimic it exactly, or you'll make yourself stick out like a sore thumb.

It's not like a U.A.S. alone will dime you out. But combine it with a few other things, like even Font Caches (unique fonts), and things of the sort, it can narrow the field down.

Use Ixquick as a search engine to help out in this regard too. They don't record U.A.S.'s in their searches... or IP addresses, or log. Of course, once you're on the site you choose, you're no longer under their jurisdiction.

 

User-Agent sniffing can cause all sorts of problems and has. Yet, I think it is still common. I'd bet that if you tweak it to something unusual or perhaps just old that would break important features... even security features... on some sites somewhere and in some cases the breakage wouldn't even be obvious to the user. You likely realize that and thus the "when I'm not doing anything important". I hope others do.

 

Of course, I just like to mess around with them for fun. I'm generally using firefox versions when I'm doing actual work. It is interesting though how so many security guides and services tell you to change your user string when as you say its not really going to do much other then break webpages.

 

Fingerprinting is the bigger issue here and the user agent string is just one small part of your online fingerprint. There are many other and more reliable ways this can be done but solely from the UA standpoint, unless you're using an extension or other app that rotates user agent strings every week or month or so, you're just stepping from one fingerprint to another.

If you have something super rare by default, sure it's not a bad idea to blend in but it's a very thin layer of pseudo-deception if you're still running JavaScript on all sites.

 

There is a site that "supposedly" checks the uniqueness of your browser agent by the EFF. https://panopticlick.eff.org/

I seriously doubt the validity of it though. For example, I changed mine to "Stupid User Agent" it came up as:

Your browser fingerprint appears to be unique among the 2,744,155 tested so far.
Refresh
Within our dataset of several million visitors, only one in 1,372,082 browsers have the same fingerprint as yours.
Refresh
Within our dataset of several million visitors, only one in 914,722 browsers have the same fingerprint as yours.

My first run with the string "Cyberdog/2.0 (Macintosh; 68k)" came up Within our dataset of several million visitors, only one in 274,417 browsers have the same fingerprint as yours.