User Agent String.

Discussion in 'privacy technology' started by Taliscicero, Feb 27, 2013.

Thread Status:
Not open for further replies.
  1. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I am opening up this thread to discuss "User Agent String".

    Its important to change it from your default to maintain privacy on your browser. I would like to discuss which are the best to change to and why. I have not found much literature about it and am curious what is everyone's string/opinion on good strings and bad strings.

    I personally change mine. I use Cyberdog/2.0 (Macintosh; 68k), when im not doing anything important. I find it funny to use, and it can make some weird things happen with certain websites which interests me.

    So, what string do you use and why? Which are the best in your opinion.
     
  2. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I use the default that comes with my browser:

    Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0

    I'm not to concerned about it.

    On a particular forum I frequent I set it to this:

    Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 Slackware
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    I don't bother with user-agents... I dunno, I don't see how they add protection!
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It is a really bad idea to use a unique User-Agent, or one that is not used by a lot of other people. This way you can be identified and tracked much easier.
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    The point is to have one that doesn't uniquely identify you. So if you use a very common OS and browser/version, such as the current release of a popular browser and anything XP-Win8, then keep the string you have. If you use some old version not often used anymore, like some random build of Firefox 3 for instance, then it might be a good idea to spoof it to a more common one. Like make it look like you're on the current release or something. But make sure you mimic it exactly, or you'll make yourself stick out like a sore thumb.

    It's not like a U.A.S. alone will dime you out. But combine it with a few other things, like even Font Caches (unique fonts), and things of the sort, it can narrow the field down.

    Use Ixquick as a search engine to help out in this regard too. They don't record U.A.S.'s in their searches... or IP addresses, or log. Of course, once you're on the site you choose, you're no longer under their jurisdiction.
     
    Last edited: Feb 28, 2013
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    User-Agent sniffing can cause all sorts of problems and has. Yet, I think it is still common. I'd bet that if you tweak it to something unusual or perhaps just old that would break important features... even security features... on some sites somewhere and in some cases the breakage wouldn't even be obvious to the user. You likely realize that and thus the "when I'm not doing anything important". I hope others do.
     
  7. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Of course, I just like to mess around with them for fun. I'm generally using firefox versions when I'm doing actual work. It is interesting though how so many security guides and services tell you to change your user string when as you say its not really going to do much other then break webpages.
     
  8. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Fingerprinting is the bigger issue here and the user agent string is just one small part of your online fingerprint. There are many other and more reliable ways this can be done but solely from the UA standpoint, unless you're using an extension or other app that rotates user agent strings every week or month or so, you're just stepping from one fingerprint to another.

    If you have something super rare by default, sure it's not a bad idea to blend in but it's a very thin layer of pseudo-deception if you're still running JavaScript on all sites.
     
  9. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    There is a site that "supposedly" checks the uniqueness of your browser agent by the EFF. https://panopticlick.eff.org/

    I seriously doubt the validity of it though. For example, I changed mine to "Stupid User Agent" it came up as:

    Your browser fingerprint appears to be unique among the 2,744,155 tested so far.
    Refresh
    Within our dataset of several million visitors, only one in 1,372,082 browsers have the same fingerprint as yours.
    Refresh
    Within our dataset of several million visitors, only one in 914,722 browsers have the same fingerprint as yours.

    My first run with the string "Cyberdog/2.0 (Macintosh; 68k)" came up Within our dataset of several million visitors, only one in 274,417 browsers have the same fingerprint as yours.
     
Loading...
Thread Status:
Not open for further replies.