Masking Agent blocks OS and CPU information from being revealed on the Internet

web browser information leak

Your web browser sends information about your system whenever it connects to web services on the Internet. Just open Ghacks' quick IP checker and you will notice that the host can identify your IP address, web browser that you are using, and operating system that you have installed.

Most of the time, it is not necessary that this information is submitted at all. While there are specialized services out there that parse the user agent to determine if the browser and operating system are supported, most Internet sites do not make use of these techniques nor require them to function.

That does not mean that the information are not used. A quick check of the user agent may display different versions of the same web page.  Back in 2012 it became known for instance that the online travel agency Orbitz Worldwide is showing customers that use Apple Macintosh systems different and sometimes higher priced travel options than customers who use Windows PCs.

But user-agent information can also be abused my malicious scripts. If a vulnerability is known to only affect a certain operating system version, one could create a script that checks the connecting user's operating system by parsing the user-agent to attack if the information match the vulnerability profile.

Last but not least, the information may also be used in fingerprinting techniques.

Masking Agent

masking agent

The Firefox add-on Masking Agent replaces OS and CPU information with custom text so that websites cannot use the information anymore. This works well on most websites you connect to, but may be problematic on some that use the information actively as part of their service.

The default replacement text is masking-agent, but you can modify that to anything you like in the options the add-on makes available. Changing text protects the information from being used by websites you connect to.

Note: If you select a unique replacement text, it may actually be easier for websites that use fingerprinting to track you. It is therefore suggested that you do not select a unique replacement text here.

Once you have installed the extension in Firefox, you will notice that it will protect the user agent information and replace them with the chosen text.

mask user agent

Side Note: Other technologies, plugins come to mind, may still spill information about the operating system and cpu even if you are using Masking Agent. If you want those protected on connection, use an extension like NoScript to do so, or set all plugins to click-to-play.

Closing Words

If you want to reduce the chance of being fingerprinted effectively while you are browsing the Internet, then Masking Agent may be an option to do so. It does not prevent other means though, like identifying you based on the IP address, but that's something that you can take care of easily as well.

The add-on lacks a blacklist that you can use to disable it on select properties that require correct user-agent information to function.

Now Read: Modify your web browsers fingerprint

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail


Filed under:


Responses to Masking Agent blocks OS and CPU information from being revealed on the Internet

  1. ilev October 11, 2013 at 10:57 am #

    try : http://www.whatismybrowser.com/

  2. Shawn October 11, 2013 at 11:01 am #

    I'm so going to test this right now... I just love the random ads when a new instalation is made (Almost gives the trends of the industty)

    I'll let you know how it goes..

  3. Maou October 11, 2013 at 1:53 pm #

    With so much spying these days I´m considering using a Vpn service.

    Martin, do you use or recommend a Vpn?

    • Martin Brinkmann October 11, 2013 at 2:22 pm #

      My Giganews account comes with VPN integration, so I use that whenever I need to. If I had to pay, I would probably get one from a European country and not the US.

  4. Transcontinental October 11, 2013 at 2:12 pm #

    IP address remains the first referrer (see proxy, vpn ...) but the add-on described here calls my attention should it be only for "[...] user-agent information can also be abused my malicious scripts. [...]" which is enough in itself, as before privacy is security.

    Thanks for the information, description, details, links.

  5. Taomyn October 11, 2013 at 4:08 pm #

    Look out for websites behaving strangely once you change the agent text - for example, under Firefox without an OS mentioned, Google's Calendar site defaults to the mobile version. I eventually settled on:

    Mozilla/5.0 (Windows) Gecko/20100101 Firefox/24.0

    This gave me full functionality of Calendar back, and looks generic enough.

    You need to remember that many sites legitimately use this info to tailor the website and what functionality you can support in the browser you're using.

    • Taomyn October 11, 2013 at 4:23 pm #

      I meant to add, that the text I have in the extension is simply: Windows

  6. anonymous October 12, 2013 at 6:10 am #

    Calomel SSL Validation add-on for Firefox can mask your user agent too. It actually does a whole lot more than this. Its great for privacy and security.

    Check it out: https://addons.mozilla.org/en-us/firefox/addon/calomel-ssl-validation/

  7. Tblogger October 12, 2013 at 8:39 am #

    Hello Martin, What about Google chrome ? which extension should i use for chrome?

  8. exlnc October 25, 2013 at 10:00 pm #

    just want to point out that this add on doesnt work well with Unity Webplayer. Which makes sense because the webplayer needs to know your OS/browser, but all it's reading is 'masking agent'.

    basically, when you open a unity webplayer game (http://www.a10.com/multiplayer-games/cs-portable) with unity installed, the player does not detect whether unity is installed or not, just prompts you to install. after disabling and uninstalling the addon it stil does not work. why? because the extension doesnt clean up well

    http://imgur.com/ppO2EZy -

    after uninstalling, go to about:config and search 'mask', it'll show what's left behind.

    this problem was driving me so crazy, that after I figured it out, I thought I should put it out. I hope it helps someone.

  9. BubbaLoui November 6, 2013 at 12:55 am #

    This browser extension was causing me considerable problems with Yahoo.com. Once I found a agent string it liked, it's done much better. But, if your agent string is too individualistic, it just becomes an easy identifier.

Leave a Reply