I'm concerned that having such a distinctive User Agent string in Pale Moon makes it easy for web sites to identify me uniquely. Even without the "Pale Moon" we often have an uncommon version at least -- either because FF never had that exact version, or because most FF users have already been automatically upgraded to a more recent version.
Unfortunately the only very common UA strings would be one of the most recent official Firefox versions running under a recent version of Windows.
Another approach is to rotate UI strings among ones that don't break stuff so you're a moving target.
What about rotating among Firefox/15.4.1, Firefox/15.4.2, ..., Firefox/15.4.9 ?
I doubt this would break anything and I doubt a tracker would be smart enough to notice that any 15.4.x may be the same person, even when the version goes *down*.
fingerprinting and Pale Moon's User Agent
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
dark_moon
Re: fingerprinting and Pale Moon's User Agent
Why not write the browser name in the user agent? Pale Moon based on Firefox, but isn't Firefox.
Maybe remove the Firefox string and only show Pale Moon. But i think this make some problems with addons or so
Maybe remove the Firefox string and only show Pale Moon. But i think this make some problems with addons or so
Re: fingerprinting and Pale Moon's User Agent
If you are concerned about UA fingerprinting, you should use a useragent that is a current version of a common mainstream browser. As far as web site capabilities goes, UA sniffing to determine browser capabilities based on version number is considered (very) bad practice (Mozilla has already tried to force this practice down by locking the Build date for Firefox to one single date). So, to "blend in" you should use Firefox 18's UA string.
There are, by the way, a sufficient number of Pale Moon users around the globe to prevent fingerprinting solely based on "Pale Moon" as a browser.
Having the "Firefox/nn.nn" compatmode UA string in there indicates that Pale Moon is "Firefox compatible" - something you want to indicate to servers.
There are, by the way, a sufficient number of Pale Moon users around the globe to prevent fingerprinting solely based on "Pale Moon" as a browser.
Removing the Firefox string (easily done by setting general.useragent.compatMode.firefox to false) causes more issues than you can shake a stick at, because if a website comes up with "unknown browser", then quite regularly the server will spit out incompatible, non-standards compliant HTML code (basically all IIS servers will fall back to MSIE code which doesn't work, to name one thing), or sometimes even not give a page at all...dark_moon wrote:Maybe remove the Firefox string and only show Pale Moon. But i think this make some problems with addons or so
Having the "Firefox/nn.nn" compatmode UA string in there indicates that Pale Moon is "Firefox compatible" - something you want to indicate to servers.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
dark_moon
Re: fingerprinting and Pale Moon's User Agent
Oh right. Hmm then better don't remove the firefox string 
-
lyceus
Re: fingerprinting and Pale Moon's User Agent
Another view for this trouble is to install IE-Tab add-on and use an IE window for those web sites, so you get the User Agent from that browser. I need that since some government sites in my country are still married with IE and do not accept another browser.
-
alan9182
Re: fingerprinting and Pale Moon's User Agent
I understood that IE-TAB was a trap-door that led directly to the Hell of Trident and Active-X vulnerabilities.
Re: fingerprinting and Pale Moon's User Agent
It is. You're running MSIE's engine, possibly even with less security than running it in IE proper.alan9182 wrote:I understood that IE-TAB was a trap-door that led directly to the Hell of Trident and Active-X vulnerabilities.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite