Getting the Secret Agent extension to work well, tips to foil device fingerprinting?

Discussion in 'privacy technology' started by Magic Missile, Sep 20, 2013.

Thread Status:
Not open for further replies.
  1. Magic Missile

    Magic Missile Registered Member

    Joined:
    Sep 20, 2013
    Posts:
    18
    So, I installed Secret Agent. However, as I've come to find out, some webpages load differently based on the information Secret Agent passes to the page, sometimes rendering the page inoperable. I know that User Agents are one culprit of undesirable behavior, so I will be trimming that list down to only Firefox, Chrome, IE, and Safari User Agents, with only recent versions.

    -Are any of Secret Agent's other settings possibly causing webpages to not load correctly?

    -There are some settings that Secret Agent doesn't tweak. Obviously I shouldn't tweak screen resolution, for instance. But what about all the other things that panopticlick and other, similar, sites list? If they can't be randomized through some means, are there ways I could make them less unique? Fonts in particular seem like a giveaway according to panopticlick, and time zone also makes me a little leery. Secret Agent seems to be causing a different result generated each time with browser plugins category, but that result is always pretty unique (1 in X browsers have the same settings, where X is at least a 6 figure number). I'm guessing there's nothing that can be done about color depth.

    -Possibly making this all moot to an extent, I run NoScript and Ghostery. On sites that employ device fingerprinting, what are the odds that whitelisting the primary domains and excluding the others will prevent device fingerprinting? For instance, if I go to nfl.com, do not allow cookies via cookiemonster, allow nothing through ghostery, and whitelist nfl.com and nflcdn.com with NoScript, is it still possible that I'm being fingerprinted? I suspect that not whitelisting adobetag on nfl.com prohibits it in this particular example, but are there sites that don't fingerprint via third party scripts, causing Secret Agent to come into play as my last line of defense?

    -I'm using Private Internet Access as a VPN, for the curious.

    -64 bit Pale Moon 24, with Adblock Edge, NoScript, Ghostery, Secret Agent, Cookie Monster, HTTPS Everywhere, RefControl, MaskMe, Lastpass, Check4Change, and Greasemonkey.

    Edit: so, I went here and used their user agent list (copy pastable version at bottom of page), stripping out all mobile browsers (ctrl+F through and remove anything that contains ipad, iphone, or android). I'll surf around a little and see how I fare in terms of compatibility.
     
    Last edited: Sep 20, 2013
  2. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
  3. Magic Missile

    Magic Missile Registered Member

    Joined:
    Sep 20, 2013
    Posts:
    18
    Well here's an interesting case. The only place I've encountered so far that doesn't really cooperate with Secret Agent, is http://forum.notebookreview.com/

    And it's not a place where I'd like to disable it, as it's packed with trackers and adware. The site doesn't render properly on >95% of refreshes, even when my user agent, for instance, says Windows 7 and Firefox 24 or Windows 8 and Chrome 29. I didn't check what it said the one time it did work. Possibly caused by the user agent's listed OS not matching the java string's listed OS?

    Edit: Hm, some other forums seem to be going bonkers too. Only forums so far, though.
     
    Last edited: Sep 21, 2013
  4. tlu

    tlu Guest

    While this extension looks interesting, I would be hesitant to use it as it is not available from AMO and, thus, not checked by Mozilla. So you have to trust its author.
     
Loading...
Thread Status:
Not open for further replies.