Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Hide operating system in user-agent with fingerprinting protection enabled
See original GitHub issueCurrently Brave’s user-agent string always reports the true operating system under which it is running. This partitions the anonymity set of users by operating system. When fingerprinting protection is enabled, it should always report the same user-agent string, including the same operating system, for everyone. For comparison, the Tor Browser always reports Windows and the Firefox ESR version on which it is based: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
If Windows and Mac users report different user-agent strings, then the advertisers and NSA/GCHQ and anyone else watching can distinguish Windows and Mac users simply by looking at the user-agent strings.
If Windows and Mac users all report that they are using GNU/Hurd, then the advertisers and NSA/GCHQ and anyone else watching has to try harder to tell who’s using Windows and who’s using a Mac.
Forcing them to try harder is what fingerprinting protection is supposed to do.
(migrated from https://github.com/brave/browser-laptop/issues/14852)
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Until this is implemented, feel free to use my extension to get this functionality: it’s a short script that basically replaces the OS part of the User-Agent with “Windows”, making your User-Agent appear as one of the most common ones according to the popular Most Common User Agents report.
Initially developed for Chromium, so the script partially intersects with what Brave provides out of the box, such as language protection.
This is plainly wrong. Networking stacks are implemented differently in any Kernel. A ping to any server is enough for the server to not only know (not guess but know!) your OS kernel and more likely than not very reliably guess your kernel version. No javascript executed or anything. Just a simple ping is enough. Now imagine what can be done with actual Javascript being executed…
What you are doing is making users way more unique. But appearently again my post was ignored; how surprising I am frustrated with this project calling itself “Private/Secure/Fast Browser” when THE DEVS THEMSELVES MAKE THE BROWSER EASIER FOR ADVERTISES/STATE ACTORS TO FINGERPRINT/TRACK right?
I really don’t get why Brave devs want to modify such (comparably) irrelevant properties while the biggest fingerprinting/tracking points are intact? It doesn’t matter how much you spoof your Useragent/navigator object if you can still get the font list of the user, if you can still apply the height/width tricks, if you can still track the version number in the ua, if you can still check the Timezone object, if you can still track the WebAudio etc. etc. etc.