Auto randomize browser user agent string for privacy

http://www.raymond.cc/blog/archives/2010/10/23/randomize-browser-user-agent-string-for-privacy/

 

Some comments from the blog post:

 

Similar Firefox extension: randomUserAgent

 

"Randomizing" the user-agent string is a very bad idea, IMHO. If anything, it will make you stand out as MORE suspicious if your IP address has 100 different user agents associated with it. Think about it... even with a basic log file analysis, it'd be pretty obvious that you & your phony user agents are all the same person, just based on your patterns of behavior (logging into specific sites with the same user ID, etc).

Your user-agent string should never be random. Instead, it should remain consistent and unchanged (unless you have some very specific purpose to use another). If privacy is your concern, really the best thing you can do is just make sure your UA is as clean and generic as possible, without any proprietary add-on strings or other uniquely identifying info.

 

I could be wrong but It seems like the proxy site included in Proxy Tool made this add-on to try to get people to use their proxies, more $ for them the more users they collect data from. Who knows if it sends user data even when your not using the proxies? I don't trust it, as for randomUserAgent I agree with CasperFace.

A better alternative if your just trying to switch your user agent string is User Agent Switcher, and you can get a nice list to import from here, the list was updated September/04/2010.

 

I'm sure that the VPN exit IPs that I typically use have far more than hundreds of user-agent strings associated with them.

Yes, this seems a safer bet.

 

Ridiculous. Hierophant just gave you one example; another would be an open WiFi connection. Bruce Schneier has offered the case to leave your WiFi open so as to offer plausible deniability. ("How do you know I was using the connection?") That would show hundreds of different user-agent strings over a period of time. You're also assuming some kind of auditing of IP addresses with UAS. What would an audit show? A lot of different computers use the IP. The assumption that it must be one person "spoofing" the UAS is not realistic, even if it might be true. It's certainly the least likeliest reason for differing user-agent string information.

The one exception might be where you must log-in under a specific username - but what would be the purpose of changing the UAS if you are doing that?