Auto randomize browser user agent string for privacy

Discussion in 'privacy technology' started by MrBrian, Oct 23, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some comments from the blog post:
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  4. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    "Randomizing" the user-agent string is a very bad idea, IMHO. If anything, it will make you stand out as MORE suspicious if your IP address has 100 different user agents associated with it. Think about it... even with a basic log file analysis, it'd be pretty obvious that you & your phony user agents are all the same person, just based on your patterns of behavior (logging into specific sites with the same user ID, etc).

    Your user-agent string should never be random. Instead, it should remain consistent and unchanged (unless you have some very specific purpose to use another). If privacy is your concern, really the best thing you can do is just make sure your UA is as clean and generic as possible, without any proprietary add-on strings or other uniquely identifying info.
     
  5. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    I could be wrong but It seems like the proxy site included in Proxy Tool made this add-on to try to get people to use their proxies, more $ for them the more users they collect data from. Who knows if it sends user data even when your not using the proxies? I don't trust it, as for randomUserAgent I agree with CasperFace.

    A better alternative if your just trying to switch your user agent string is User Agent Switcher, and you can get a nice list to import from here, the list was updated September/04/2010.
     
    Last edited: Oct 28, 2010
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I'm sure that the VPN exit IPs that I typically use have far more than hundreds of user-agent strings associated with them.

    Yes, this seems a safer bet.
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Ridiculous. Hierophant just gave you one example; another would be an open WiFi connection. Bruce Schneier has offered the case to leave your WiFi open so as to offer plausible deniability. ("How do you know I was using the connection?") That would show hundreds of different user-agent strings over a period of time. You're also assuming some kind of auditing of IP addresses with UAS. What would an audit show? A lot of different computers use the IP. The assumption that it must be one person "spoofing" the UAS is not realistic, even if it might be true. It's certainly the least likeliest reason for differing user-agent string information.

    The one exception might be where you must log-in under a specific username - but what would be the purpose of changing the UAS if you are doing that?
     
Loading...
Thread Status:
Not open for further replies.