Masking Agent blocks OS and CPU information from being revealed on the Internet
Your web browser sends information automatically whenever it connects to web services on the Internet.
Just open Ghacks' quick IP checker and you will notice that the host can identify your IP address; there are more advanced scripts out there that can identify a wealth of information including the operating system, language, browser, or architecture.
Most of the time, it is not necessary that this information is submitted at all. While there are specialized services out there that parse the user agent to determine if the browser and operating system are supported, most Internet sites do not make use of these techniques nor require them to function.
That does not mean that the information is not used. A quick check of the user agent may display different versions of the same web page. Back in 2012 it became known for instance that the online travel agency Orbitz Worldwide was showing customers that use Apple Macintosh systems different and sometimes higher priced travel options.
But user-agent information can also be abused my malicious scripts. If a vulnerability is known to only affect a certain operating system version, one could create a script that checks the connecting user's operating system by parsing the user-agent to attack if the information match the vulnerability profile.
Last but not least, the information may also be used in fingerprinting techniques.
Update: Masking Agent is no longer available. Mozilla changed Firefox's add-on system with the release of Firefox 57 in 2017. A comparable extension is not available but you could user extensions that let you change the user agent. Examples are User-Agent Switcher and Manager or User-Agent Switcher. End
Masking Agent
The Firefox add-on Masking Agent replaces OS and CPU information with custom text so that websites cannot use the information anymore. This works well on most websites you connect to, but may be problematic on some that use the information actively as part of their service.
The default replacement text is masking-agent, but you can modify that to anything you like in the options the add-on makes available. Changing text protects the information from being used by websites you connect to.
Note: If you select a unique replacement text, it may actually be easier for websites that use fingerprinting to track you. It is therefore suggested that you do not select a unique replacement text here.
Once you have installed the extension in Firefox, you will notice that it will protect the user agent information and replace them with the chosen text.
Side Note: Other technologies, plugins come to mind, may still spill information about the operating system and cpu even if you are using Masking Agent. If you want those protected on connection, use an extension like NoScript to do so, or set all plugins to click-to-play.
Closing Words
If you want to reduce the chance of being fingerprinted effectively while you are browsing the Internet, then Masking Agent may be an option to do so. It does not prevent other means though, like identifying you based on the IP address, but that's something that you can take care of easily as well.
The add-on lacks a blacklist that you can use to disable it on select properties that require correct user-agent information to function.
Now Read: Modify your web browsers fingerprint
Hi,
I was just dropping in a quick line to know, if I could send some great article ideas your way for a guest post at your website ?
If you like my suggested ideas, I can then provide you high-quality FREE CONTENT/ARTICLE. In return, I would expect just a favor of a backlink from within the main body of the article.
Do let me know if I can interest you with some great topic ideas?
Best Regards,
Hassan Khan
This browser extension was causing me considerable problems with Yahoo.com. Once I found a agent string it liked, it’s done much better. But, if your agent string is too individualistic, it just becomes an easy identifier.
just want to point out that this add on doesnt work well with Unity Webplayer. Which makes sense because the webplayer needs to know your OS/browser, but all it’s reading is ‘masking agent’.
basically, when you open a unity webplayer game (http://www.a10.com/multiplayer-games/cs-portable) with unity installed, the player does not detect whether unity is installed or not, just prompts you to install. after disabling and uninstalling the addon it stil does not work. why? because the extension doesnt clean up well
http://imgur.com/ppO2EZy –
after uninstalling, go to about:config and search ‘mask’, it’ll show what’s left behind.
this problem was driving me so crazy, that after I figured it out, I thought I should put it out. I hope it helps someone.
Hello Martin, What about Google chrome ? which extension should i use for chrome?
You can use the overrides feature that is built-into Chrome.
https://www.ghacks.net/2013/03/06/using-google-chromes-override-feature-to-change-the-user-agent/
Calomel SSL Validation add-on for Firefox can mask your user agent too. It actually does a whole lot more than this. Its great for privacy and security.
Check it out: https://addons.mozilla.org/en-us/firefox/addon/calomel-ssl-validation/
Look out for websites behaving strangely once you change the agent text – for example, under Firefox without an OS mentioned, Google’s Calendar site defaults to the mobile version. I eventually settled on:
Mozilla/5.0 (Windows) Gecko/20100101 Firefox/24.0
This gave me full functionality of Calendar back, and looks generic enough.
You need to remember that many sites legitimately use this info to tailor the website and what functionality you can support in the browser you’re using.
I meant to add, that the text I have in the extension is simply: Windows
IP address remains the first referrer (see proxy, vpn …) but the add-on described here calls my attention should it be only for “[…] user-agent information can also be abused my malicious scripts. […]” which is enough in itself, as before privacy is security.
Thanks for the information, description, details, links.
With so much spying these days I´m considering using a Vpn service.
Martin, do you use or recommend a Vpn?
My Giganews account comes with VPN integration, so I use that whenever I need to. If I had to pay, I would probably get one from a European country and not the US.
I’m so going to test this right now… I just love the random ads when a new instalation is made (Almost gives the trends of the industty)
I’ll let you know how it goes..
try : http://www.whatismybrowser.com/