Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Messed up user agent #1787

Closed
Dani-1-2 opened this issue Dec 28, 2023 · 3 comments
Closed

Messed up user agent #1787

Dani-1-2 opened this issue Dec 28, 2023 · 3 comments
Labels
invalid

Comments

@Dani-1-2
Copy link

I am using firefox 121.0 on macOS 14.1 Sonoma. The issue is that when I open https://amiunique.org/fingerprint, the http header attribute shows a windows user agent ( Mozilla/5.0 (Windows NT 10.0; rv:121.0) Gecko/20100101 Firefox/121.0), but the javascript attribute shows my real user agent (Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0) and the platform as MacIntel. I expected it to change both use agent attributes. How do I prevent this from happening? I am using a slightly modified user.js file, but it does not change anything related to the user agent.
Console warnings:
Loading failed for the <script> with source “https://amiunique.org/analytics.js”. amiunique.org:564:168
Blocked https://amiunique.org/fingerprint from extracting canvas data because no user input was detected. 198df04.js:2:18344
Request for font "Avenir Next Condensed" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Herculanum" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Kaku Gothic Pro" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Kaku Gothic ProN" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Kaku Gothic Std" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Kaku Gothic StdN" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Maru Gothic Pro" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Hiragino Mincho Pro" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Marion" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Request for font "Nadeem" blocked at visibility level 1 (requires 3)
198df04.js:2:20033
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43164
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43187
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43164
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43187
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43164
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43187
Failed to create WebGL context: WebGL is currently disabled. 198df04.js:2:43164
Failed to create WebGL context: WebGL is currently disabled.
@rusty-snake
Copy link
Contributor

the http header attribute shows a windows user agent, but the javascript attribute shows my real user agent and the platform as MacIntel. I expected it to change both use agent attributes.

This is intended behaviour

user.js/user.js

Lines 701 to 703 in 4a510a4

1333651 - spoof User Agent & Navigator API
version: android version spoofed as ESR (FF119 or lower)
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android

real user agent and the platform as MacIntel.

It's not your real UA, it is still spoofed (Mac OS X 10.15 vs. macOS 14.1).

Also, platform can not be hidden.

How do I prevent this from happening?

TL;DR: Don't.

Long: Do not mess with UA, either use RFP as is or disable RFP and go with your real UA.

slightly modified user.js file

Then post also your modifications.

@Dani-1-2
Copy link
Author

the http header attribute shows a windows user agent, but the javascript attribute shows my real user agent and the platform as MacIntel. I expected it to change both use agent attributes.

This is intended behaviour

user.js/user.js

Lines 701 to 703 in 4a510a4

1333651 - spoof User Agent & Navigator API
version: android version spoofed as ESR (FF119 or lower)
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android

real user agent and the platform as MacIntel.

It's not your real UA, it is still spoofed (Mac OS X 10.15 vs. macOS 14.1).

Also, platform can not be hidden.

How do I prevent this from happening?

TL;DR: Don't.

Long: Do not mess with UA, either use RFP as is or disable RFP and go with your real UA.

slightly modified user.js file

Then post also your modifications.

It always dispays macOS 10.15, even without a modified user.js, so this is not spoofed. Here is the modified user.js that I use: https://github.com/Dani-1-2/user.js. It doesn't delete the website data on close, removes pocket and disables letterboxing.

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 28, 2023
edited

the version is but one part of a userAgent

  • edit: to be clear - these are firefox changes for all users, not RFp changes
	/*
	windows:
	- FF88+ 1693295: capped at 10.0
	- FF116+ 1841425: windows hardcoded to 10.0 (patched 117 but 115 was last version for < win10)
	mac:
	- FF87+ 1679929: capped at 10.15
	- FF116+ 1841215: mac hardcoded to 10.15 (patched 117 but 115 was last release for < 10.15)
	android:
	- FF122+ 1865766: android hardcoded to 10.0
	*/

RFP still protects (by standardizing per OS) other values in navigator (and the http header) and within the actual userAgent

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Thorin-Oakenpants @rusty-snake @Dani-1-2