HTTP Useragent Cleaner: toggle Firefox privacy settings - gHacks Tech News

HTTP Useragent Cleaner: toggle Firefox privacy settings

HTTP-useragent-cleaner is a browser add-on for the Firefox web browser that provides you with a large list of privacy toggles and improvements.

Word of warning: the extension gives you a lot of control over privacy features, but explains little. It does not help that it has been translated from Russian to English either, but more about that later.

The extension does not modify settings right after installation. It places an icon in the Firefox address bar that you may click on to open its interface.

There you find a truckload of options divided on several pages. As far as configuration is concerned, it is HTTP and FireFox that you may be interested in the most.

HTTP Useragent Cleaner

http-useragent-cleaner

HTTP displays all the features that you may enable or disable in Firefox. The wording is a bit misleading on the page, as disabled means that the feature is active in Firefox, and enabled that it is not.

It is easier to look at the color codes instead. Green means it is enabled in Firefox, red that it is not.

You find several of the standard privacy toggles on the HTTP page including disabling canvas, WebRTC, plugins or images. Next to that are several features that are not that common. You may disable WebGL, HTTP Authorization, HTTPS, the leaking of the locale or resolution, or the Fetch API.

None of the options is explained on the page, and it is sometimes difficult to understand what they do. Cookies for instance is not a toggle, but lists the usual options to disable them completely, or only third-party cookies.

Other preferences, AJAX and CORS, are not explained anywhere and it is unclear what they do. There is also a "Hold" tab on the page, and tabs for Mozilla sites. While it is clear what the Mozilla sites are there for, it is unclear what Hold refers to. Maybe a second set of preferences that you may enable for specific sites?

The extension's massive list of features does not end there though. When you switch to FireFox, you get to control certain HTTPs related settings.

firefox privacy

You may change the min and max TLS level, enable or disable ciphers in an easy to use interface, or change other features such as prefetching.

This is really useful and requires little explanation, provided that you know what you are doing.

The same cannot be said for the Side tab. My best guess is that you may use it to override certain features for sites you connect to.

It still does not end there. You get two tabs with logs that are pretty useful. One displays TLS information, the other is a blocking log that highlights all things that get blocked on connect.

Last but not least, it is important to check the options of the add-on as well. You get there by loading about:addons and clicking on options next to the add-on.

There you will get another bunch of preferences. One disables access to the resource:// scheme for third-party sites you connect to.

You find several tracking options there, for instance to track TSL certificates in various ways.

Closing Words

HTTP-useragent-cleaner is a mighty privacy extension. It suffers a bit from a lack of documentation, but that is something that can be corrected rather easily by its author.

It would make sense to display tooltips for the options that you can toggle, and a short intro that explains how you use the "Side" page and other functionality that is not explained.

Summary
software image
Author Rating
1star1star1star1stargray
3.5 based on 9 votes
Software Name
http-useragent-cleaner
Software Category
Browser
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Tom Hawack said on September 6, 2016 at 10:51 am
    Reply

    Martin, the add-on’s page on AMO states “The Extension requires the fiddly configuration.” — Do you have any idea of what this is?
    Otherwise, first feeling is that of a cockpit and as always I’d be worried about changing settings of which I know nothing. Certainly most valuable for advanced users.

    1. Pants said on September 6, 2016 at 11:13 am
      Reply

      “By default, the Extension does almost nothing. The Extension requires the fiddly configuration.”

      Translation:
      The extension does not modify any values when installed. Settings are extensive (fiddly) and requires the end user to change their configuration in the addon interface.

      ^^ or something like that

      FIDDLY:
      awkward or difficult to handle because of many small parts or details

      1. Tom Hawack said on September 6, 2016 at 12:48 pm
        Reply

        OK, Pants, thanks! I’ve been searching the Web for “fiddly configuration” in what appears after your explanation as a similar scenario to that of a lady not fluent at all in English, being served wine, invited to “say when…” and confirming the moment with a “When!” :) A true story!

      2. lagax said on September 6, 2016 at 9:32 pm
        Reply

        Amusing fact that warning on addon official page say to us:

        “(English; do not use Google translate, if do not speak English – write in the language that you know. If needed, my crypto key ( https://www.gpg4win.org/ )”

    2. Dave said on September 6, 2016 at 11:59 am
      Reply

      From the context, I think it means the extension requires fiddly configuration. Non-native English.

    3. b said on September 6, 2016 at 7:58 pm
      Reply

      check out urbandictionary http://www.urbandictionary.com/define.php?term=Fiddly
      userbased website. I love it

    4. Sergey Vinogradov said on September 8, 2016 at 4:47 pm
      Reply

      > fiddly
      Accurate, patient. Which word is better to use from your point of view?

      1. Martin Brinkmann said on September 8, 2016 at 4:53 pm
        Reply

        Maybe complex or advanced?

      2. Tom Hawack said on September 8, 2016 at 4:58 pm
        Reply

        After pants’ explanation I would have considered more understandable something like,
        “By default, the extension does almost nothing. The extension requires the user’s input.”

        I wonder if I’m the only one to have searched the Web for a configuration called fiddly :)

  2. noone said on September 6, 2016 at 10:58 am
    Reply
  3. Pants said on September 6, 2016 at 11:09 am
    Reply

    Just a quick word: this looks like something I will have to test in a vanilla FF and have a play with – will be interesting to see what the ghacks user.js loads as “green”

    On that note: the green makes sense. If this is aimed at privacy etc .. if you disable leaking your locale or window.name etc then you get a green pass mark. Other red is an indication of where you can tighten up more.

    Definitely for advanced users (not power users, but advanced users). I see some items which intrigue me. Blocking screen res? blocking window.name? blocking locale? how thorough are these – do they spoof? example: locale means more than just locale – what about date formats, language, keyboard etc. Some of these settings if used may harm your fingerprinting chances.

    There’s also a hell of a lot in one extension. And I wouldn’t be comfortable just throwing it in without testing everything – especially with a lot in common with the ghacks user,js.

    1. Tom Hawack said on September 6, 2016 at 12:56 pm
      Reply

      And if this amount of settings was not enough by itself, the developer on his home-page points out that his add-on on AMO is not the complete version available on his site and which he advises to choose preferably … what must that full version be, good Lord!

    2. jern said on September 6, 2016 at 1:16 pm
      Reply

      The following is part of the add-on’s description from the Mozilla webpage. It sounds like it’s spoofing (or, maybe I’m just not understanding it).

      “Increases privacy by substitution of the “browser fingerprint”. Can accidentally send a combination UserAgent, locale, canvas, fonts. Disables (with the setting under domain), WebRTC, ajax, cookies. In original version have substitution of the TimeZone fields.”

      https://addons.mozilla.org/en-US/firefox/addon/http-useragent-cleaner/

      1. Pants said on September 6, 2016 at 3:50 pm
        Reply

        thanks jern: I see in the blurb “Increase privacy (random replacement for the UserAgent, canvas, locale, blocking WebRTC, etc.)” .. clearly some things are spoof, some are block.

        “Good lord” (to phrase tom), but this could be rather dangerous (fingerprinting) if not configured right. There would need to be lots of options to set eg “spoofing lists” and more. There’s so much going on, it really needs proper documentation (well at least in English, for me – not sure what is on his website), and test results (eg how does spoofing res affect inner window rendering, what screen res measurements are spoofed – does it cover inner, browser and screen?

        That said, there are only a few things here that I haven’t already got covered, so I don;t think I’ll be using it. Will still have a play in a vanilla FF though :) when I get time.

    3. Sergey Vinogradov said on September 8, 2016 at 4:34 pm
      Reply

      > example: locale means more than just locale – what about date formats, language, keyboard etc. Some of these settings if used may harm your fingerprinting chances.

      > date formats
      NO (remain the same)

      > language
      YES (for languages code in http headers and a browser navigator object)
      But to determine the language, generally speaking, possible.
      The only question is the money that pay the developers. Will you so carefully monitored?

      > keyboard

      If you have something to enter with your keyboard, you are to blame.
      Know your layout can only be so.

      1. Pants said on September 9, 2016 at 6:51 am
        Reply

        “If you have something to enter with your keyboard, you are to blame.
        Know your layout can only be so.”

        Say what? Keyboard fingerprinting: detection of layout (entropy) and keycodes (can give away your language). If you are going to say you spoof locale (not saying its easy), then it needs to be thorough and cover all bases, or else you need to explain the deficiencies

  4. dixuyime said on September 6, 2016 at 11:36 am
    Reply

    LOL!!! Look at that “privacy” addon proprietary license. Also all and even more from these option you can find:
    1) on about:config Firefox’s page
    2) in Configuration Mania addon
    3) Random Agent Spoofer addon
    4) User Agent Overrider addon (and same)
    5) NoScript addon
    6) uMatrix/Policeman/RequestPolicy Continued addons
    7) Advanced Cookie Manager/Cookies Manager+/Cookie Monster/Cookie Controller/Self-Destructing Cookies addons
    8) Clean Links/Google search link fix addons (and same)
    9) RefControl addon (and same)
    10) SSleuth addon
    11) Web Developer addon
    12) Decentraleyes addon
    And I ask you. Why you need to use some proprietary addon for privacy???

    1. Anonymous said on September 6, 2016 at 3:37 pm
      Reply

      There’s definitely WAY too much overlap with established working well-proven extensions. Not that this couldn;t live in harmony – i’d just be fearful of any updates breaking harmony. heh

      What am I missing? all extensions are open source, and without looking, surely mozilla’s legal terms dictate what they are.

      1. busemu said on September 6, 2016 at 9:05 pm
        Reply

        Let my explain.
        You can’t change anything even if it will be more privacy.
        You can’t use it even if author will stop development.
        You can’t use it for a long time because author on his own page promised to stop development after Mozilla stop support non multi-process addons (on russian page at least).
        You can’t use it for a long time because nobody be able to continue developing of PROPRIETARY addon. Proprietary addon it’s grave for small but useful application like that. Even if this addon had open source license, it wouldn’t have obtain many developers. (see BrowserMasquerade as example https://addons.mozilla.org/en-US/firefox/addon/browsermasquerade )

        And of course you can’t believe in developer who created addon for privacy but don’t understand all these facts. Even if it only one of them. It isn’t good programmer. I doubt whether he can create really tested code for real privacy because there are very many code and environment features (and no i am not a very good programmer but enough for understanding that).

    2. Sergey Vinogradov said on September 8, 2016 at 4:04 pm
      Reply

      Source code of the Extension are published. If you are a programmer, no one bothers you to read it. It is very simple. But only if you are a professional.

      But you are not professional. And you don’t know what to write.

    3. Sergey Vinogradov said on September 8, 2016 at 5:56 pm
      Reply

      > busemu September 6, 2016 at 9:05 pm

      > You can’t change anything even if it will be more privacy.

      You often change the other people’s extensions?

      > You can’t use it even if author will stop development.

      You can use the extension. You can’t use the code. But I can ask the author for permission to use the code.

      > promised to stop development after Mozilla stop support non multi-process addons

      The developer say only about the lack of support for e10s, and not about the termination of development of the extension.

      > because nobody be able to continue developing of PROPRIETARY addon

      You can always ask the author permission. Of course, if he is alive and is able to answer you

      > Even if it only one of them. It isn’t good programmer.

      Since technical skills are determined by how the developer writes the license agreement?
      In your opinion, the lawyers and marketers have the best programmers.

  5. Anonymous said on September 6, 2016 at 1:35 pm
    Reply

    Even with Firefox, privacy is Geeks Only nowadays :(

  6. Tom Hawack said on September 6, 2016 at 4:26 pm
    Reply

    Among the settings this add-on allows that I understand there is one which handles (allows to block) a quite notorious privacy leak which is “resource://” requests. For this concern I use a Firefox add-on called ‘No Resource URI Leak’

    Advantages of an all-in-one add-on that performs by itself what several others offer independently are obvious. On the other hand if it allows more than the user understands then the risk is as obvious. As all of us I guess I can’t stand using an add-on, a plug-in performing a task I don’t fully understand, not to mention applications and whatever software.

    This add-on makes me feel like having been offered a Ferrari when lacking a driver’s license. To phrase Tom Jones I’d better get up and drive. Start driving!

  7. Tom Hawack said on September 6, 2016 at 4:51 pm
    Reply

    Forgot to mention what may be of interest for power-busybodies,

    The version available at AMO is http_useragent_cleaner-2.0.11-fx.xpi (190.1KB)
    The version available on the developer’s site is http_useragent_cleaner_o-2.0.12-b00-fx.xpi (192.8 KB)
    The developer mentions on his homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”

    Really a pity digging through the differences between these two versions is beyond my skills because having a developer advise to prefer his home version to the AMO version triggers my curiosity.

    Ah! those Russians … :)

    1. Sergey Vinogradov said on September 8, 2016 at 4:20 pm
      Reply

      —–BEGIN PGP SIGNED MESSAGE—–
      Hash: SHA256

      1. You can always send an abuse report to Mozilla. All extensions are signed at Mozilla signature. Including that from the site http://fxprivacy.8vs.ru/ .
      2. You could dig. The differences were very small. Th extension code are available for all. If you are a programmer it is easy.
      —–BEGIN PGP SIGNATURE—–
      Version: GnuPG v2

      iQGcBAEBCAAGBQJX0XOuAAoJENMKx1PGS+YaR1QL/12Mj0rADty5J7CidZpSL5Ya
      7kqv/UZeR2PvoadMU2gJWt5j7Cd+fZvow9jJjnov6zVAOWSaMA3SHYbgMzv6NToc
      iE2RJfzobY7dcPyH86+e0gqZkgcRQgneLAJpUl3xZ0tTkQ0j28e7tdtWQW2z79e9
      Q6uwlYqiTrTuNkfrUZHmsqoMp1uWyQ/oi/i75xFGgxvryeMQSxO7TuqxliXzm5M+
      OHVcBMI4HO/4GHTx0YLh8RtGODMieC5QE0TKmDm3egxv9r6ZJq9geYjkk6MQMj/t
      r+MrNWkKLD+rKReEQ7xi3yz48ym9s7WXw423w1MnJRxX2aKu17IeNAY1blTuifGm
      b5BkeROfp7CE9h8ZnFaCioLF5fCFMMt/l8eCm9/wseGTbsg10NthsC7ZpN58TCFS
      dCCWjfz+bN4UOF3QGXvckDz5CJjoyHIqIt+A2g4vT38ESR/5DX9HmT7iQd1Dlz2t
      G/wozzERLT8/GVX2xGjhwkfEbGWOgkkjXiblO7J2Fg==
      =30qS
      —–END PGP SIGNATURE—–

    2. Tom Hawack said on September 8, 2016 at 4:49 pm
      Reply

      My comment was informative and interrogative only, absolutely NO insinuations.
      The “Ah! those Russians…” in memory of a song, forgot the title, as a smile, a joke :) to change from “Ah! those British…” (I like to diversify my aims!).

      I’m not a programmer, not even a coder so I avoid criticizing what I ignore. Do notice that serious comments here consider your add-on at least interesting from the data it mentions and manages. As always you will find people who are aggressively talkative and less they know more aggressive they are. My advice: forget those comments.

      To stay in the musical mood and to paraphrase Sting, “Russians love their code too” and are known to be talented, so any prejudgement appears obsolete.

      Whatever, thanks for your work and all the best.

      1. Tom Hawack said on September 8, 2016 at 5:07 pm
        Reply

        Sorry, I forgot this :
        Can I ask you, Sergey, why you mention on your homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”? I guess it’s the word “advise” which leads to my question, but maybe has the original word, meaning, been badly translated by Google? And “stripped” in which way? — Thanks

    3. Sergey Vinogradov said on September 8, 2016 at 5:14 pm
      Reply

      > Sorry, I forgot this :
      >Can I ask you, Sergey, why you mention on your homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”? I guess it’s the word “advise” which leads to my question, but maybe has the original word, meaning, been badly translated by Google? And “stripped” in which > way? — Thanks

      “stripped-down” is “functionality reduced” :)))

      > I guess it’s the word “advise” which leads to my question

      I not understand

      1. Tom Hawack said on September 8, 2016 at 5:32 pm
        Reply

        OK- Do you speak French?!

        Sergey, on your site you write that it is better to install ‘HTTP Useragent Cleaner’ from your site rather than from Mozilla (“Версия для галереи дополнений Mozilla (урезанная, не рекомендуется к применению). ” translated by Google as “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use).”

        So I ask : why not recommended to use the version at Mozilla?

        спасибо!

        P.S. I remember now the song with “Ah! those Russians!” : I think it is in the song “Raspoutine” by BoneyM, not sure though!

    4. Sergey Vinogradov said on September 8, 2016 at 5:45 pm
      Reply

      > So I ask : why not recommended to use the version at Mozilla?

      1. Gallery version must undergo an audit by the Mozilla editors. Sometimes it is delayed for more than a year. Although sometimes it ends in a few hours.
      It does not provide an adequate rate of updates.

      2. From the gallery version, removed some code parts that seem suspicious for Mozilla editors. There is nothing wrong, but the editors carry out their activities for free. They don’t want to understand what code doing, preferring to let the developer removed the suspicious code fragments.
      In the end, the part of the code was removed.

      I therefore recommend that versions of the site. I try to fulfill all the orders of the Mozilla editors, or place the extension in the add-ons gallery will impossible.

      1. Tom Hawack said on September 8, 2016 at 6:02 pm
        Reply

        Okay, thanks (спасибо)!

        Of course many will wonder what code parts, what do these missing parts include or add to the add-on?
        You do understand that this question is pertinent. But we are not at court, do as you wish!

        For those who would prefer to install the version on your site perhaps would it be opportune to let them know those differences, no?

    5. Sergey Vinogradov said on September 8, 2016 at 7:37 pm
      Reply

      > For those who would prefer to install the version on your site perhaps would it be opportune to let them know those differences, no?

      Perhaps I can give a brief description. Perhaps I will do so.
      Thanks for the offer.

      (Generally, the difference is small. The presence of the “TimeZone” filter and check the enabled state of Extensions.blocklist)

      1. Martin Brinkmann said on September 8, 2016 at 7:37 pm
        Reply

        Sergey, thanks for stopping by to provide us with information about the add-on. I appreciate that.

      2. Tom Hawack said on September 8, 2016 at 7:59 pm
        Reply

        Well, doesn’t sound like black magic, strange that it may have seemed suspicious for Mozilla editors.

        I appreciate as well your personal commitment to a better understanding of your work.

  8. Parker Lewis said on September 6, 2016 at 4:59 pm
    Reply

    Love the translation :D I think we just found a nice use to the source-viewing extension from yesterday :)

    This add-on sounds interesting from a research point of view. I would not advice people to use it because with all those features all over the place it probably just keeps you unique while losing functionality. (And security too, don’t disable CORS, and be weary with ciphers, TLS settings and OCSP)

    IMHO, an add-on worth checking to evaluate current usable privacy solutions, looking for improvements. Not for normal browsing use.

    1. Pants said on September 6, 2016 at 5:25 pm
      Reply

      Yup, it all looks too confusing and encompassing. The few unique things it does do look sketchy (not as in the developer’s intentions, but the way its been designed) – eg lack of refinement/controls, whitelisting, and it looks as if a bunch of “spoofing” items are bundled into one switch. And the translations just make it all the more “dodgy-looking”. Way too much going on, and too much of it is re-inventing the wheel. I don’t think an AIO (all-in-one) solution like this is the way to go. I’ll probably play with it in a test environment, but would never use it for realsies :)

      1. Sergey Vinogradov said on September 8, 2016 at 4:43 pm
        Reply

        > refinement/controls
        What is it?

        > whitelisting
        All in the extension is based on white lists. You just don’t understand how to use it

  9. Ray said on September 6, 2016 at 8:00 pm
    Reply

    I came across this addon myself a month ago, but was too scared to activate it because of the lack of documentation :)

    1. Sergey Vinogradov said on September 8, 2016 at 4:24 pm
      Reply

      Documentation is available in Russian. Quite extensive. Just after Google translate it is very hard to read.

  10. At4v1c said on September 7, 2016 at 9:25 pm
    Reply

    I always see comments aboutr anything coming from China or Russia as a chauvinist blabbering.

    Try for yourself, you’ll see the modifications in your about:config

    Is it so difficult? NO…
    On a new install, the modified values are in bold, for you to see.

    Surely, overlapping sometimes occurr between addons, so an addon to own them all is needed, going to try this.

    Thank you — SPASIBA — to the creator.

    1. Anonymous said on September 7, 2016 at 10:01 pm
      Reply

      Quote: “I always see comments aboutr anything coming from China or Russia as a chauvinist blabbering.”

      “blabbering”: Reffering (once again) to the Urban Dictionary it means talking very bad about someone. If you refer to “Ah! those Russians … :)” from Tom, which was not chauvinism at all but rather friendly, you should learn the rigth dictionnary too. Please avoid drama next time.

  11. Sergey Vinogradov said on September 8, 2016 at 4:39 pm
    Reply

    > The wording is a bit misleading on the page, as disabled means that the feature is active in Firefox, and enabled that it is not.

    > It is easier to look at the color codes instead.

    “disabled” – the filter status, but is not the FireFox feature status.

    1. Martin Brinkmann said on September 8, 2016 at 4:44 pm
      Reply

      I understand that. When I first looked at it, I associated “disabled” with the feature, as its name was listed right next to the status.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.