HTTP Useragent Cleaner: toggle Firefox privacy settings
HTTP-useragent-cleaner is a browser add-on for the Firefox web browser that provides you with a large list of privacy toggles and improvements.
Word of warning: the extension gives you a lot of control over privacy features, but explains little. It does not help that it has been translated from Russian to English either, but more about that later.
The extension does not modify settings right after installation. It places an icon in the Firefox address bar that you may click on to open its interface.
There you find a truckload of options divided on several pages. As far as configuration is concerned, it is HTTP and FireFox that you may be interested in the most.
HTTP Useragent Cleaner
HTTP displays all the features that you may enable or disable in Firefox. The wording is a bit misleading on the page, as disabled means that the feature is active in Firefox, and enabled that it is not.
It is easier to look at the color codes instead. Green means it is enabled in Firefox, red that it is not.
You find several of the standard privacy toggles on the HTTP page including disabling canvas, WebRTC, plugins or images. Next to that are several features that are not that common. You may disable WebGL, HTTP Authorization, HTTPS, the leaking of the locale or resolution, or the Fetch API.
None of the options is explained on the page, and it is sometimes difficult to understand what they do. Cookies for instance is not a toggle, but lists the usual options to disable them completely, or only third-party cookies.
Other preferences, AJAX and CORS, are not explained anywhere and it is unclear what they do. There is also a "Hold" tab on the page, and tabs for Mozilla sites. While it is clear what the Mozilla sites are there for, it is unclear what Hold refers to. Maybe a second set of preferences that you may enable for specific sites?
The extension's massive list of features does not end there though. When you switch to FireFox, you get to control certain HTTPs related settings.
You may change the min and max TLS level, enable or disable ciphers in an easy to use interface, or change other features such as prefetching.
This is really useful and requires little explanation, provided that you know what you are doing.
The same cannot be said for the Side tab. My best guess is that you may use it to override certain features for sites you connect to.
It still does not end there. You get two tabs with logs that are pretty useful. One displays TLS information, the other is a blocking log that highlights all things that get blocked on connect.
Last but not least, it is important to check the options of the add-on as well. You get there by loading about:addons and clicking on options next to the add-on.
There you will get another bunch of preferences. One disables access to the resource:// scheme for third-party sites you connect to.
You find several tracking options there, for instance to track TSL certificates in various ways.
HTTP-useragent-cleaner is a mighty privacy extension. It suffers a bit from a lack of documentation, but that is something that can be corrected rather easily by its author.
It would make sense to display tooltips for the options that you can toggle, and a short intro that explains how you use the "Side" page and other functionality that is not explained.
Martin, the add-on’s page on AMO states “The Extension requires the fiddly configuration.” — Do you have any idea of what this is?
Otherwise, first feeling is that of a cockpit and as always I’d be worried about changing settings of which I know nothing. Certainly most valuable for advanced users.
“By default, the Extension does almost nothing. The Extension requires the fiddly configuration.”
The extension does not modify any values when installed. Settings are extensive (fiddly) and requires the end user to change their configuration in the addon interface.
^^ or something like that
awkward or difficult to handle because of many small parts or details
OK, Pants, thanks! I’ve been searching the Web for “fiddly configuration” in what appears after your explanation as a similar scenario to that of a lady not fluent at all in English, being served wine, invited to “say when…” and confirming the moment with a “When!” :) A true story!
Amusing fact that warning on addon official page say to us:
“(English; do not use Google translate, if do not speak English – write in the language that you know. If needed, my crypto key ( https://www.gpg4win.org/ )”
From the context, I think it means the extension requires fiddly configuration. Non-native English.
check out urbandictionary http://www.urbandictionary.com/define.php?term=Fiddly
userbased website. I love it
Accurate, patient. Which word is better to use from your point of view?
Maybe complex or advanced?
After pants’ explanation I would have considered more understandable something like,
“By default, the extension does almost nothing. The extension requires the user’s input.”
I wonder if I’m the only one to have searched the Web for a configuration called fiddly :)
Take a look to this
Just a quick word: this looks like something I will have to test in a vanilla FF and have a play with – will be interesting to see what the ghacks user.js loads as “green”
On that note: the green makes sense. If this is aimed at privacy etc .. if you disable leaking your locale or window.name etc then you get a green pass mark. Other red is an indication of where you can tighten up more.
Definitely for advanced users (not power users, but advanced users). I see some items which intrigue me. Blocking screen res? blocking window.name? blocking locale? how thorough are these – do they spoof? example: locale means more than just locale – what about date formats, language, keyboard etc. Some of these settings if used may harm your fingerprinting chances.
There’s also a hell of a lot in one extension. And I wouldn’t be comfortable just throwing it in without testing everything – especially with a lot in common with the ghacks user,js.
And if this amount of settings was not enough by itself, the developer on his home-page points out that his add-on on AMO is not the complete version available on his site and which he advises to choose preferably … what must that full version be, good Lord!
The following is part of the add-on’s description from the Mozilla webpage. It sounds like it’s spoofing (or, maybe I’m just not understanding it).
“Increases privacy by substitution of the “browser fingerprint”. Can accidentally send a combination UserAgent, locale, canvas, fonts. Disables (with the setting under domain), WebRTC, ajax, cookies. In original version have substitution of the TimeZone fields.”
thanks jern: I see in the blurb “Increase privacy (random replacement for the UserAgent, canvas, locale, blocking WebRTC, etc.)” .. clearly some things are spoof, some are block.
“Good lord” (to phrase tom), but this could be rather dangerous (fingerprinting) if not configured right. There would need to be lots of options to set eg “spoofing lists” and more. There’s so much going on, it really needs proper documentation (well at least in English, for me – not sure what is on his website), and test results (eg how does spoofing res affect inner window rendering, what screen res measurements are spoofed – does it cover inner, browser and screen?
That said, there are only a few things here that I haven’t already got covered, so I don;t think I’ll be using it. Will still have a play in a vanilla FF though :) when I get time.
> example: locale means more than just locale – what about date formats, language, keyboard etc. Some of these settings if used may harm your fingerprinting chances.
> date formats
NO (remain the same)
YES (for languages code in http headers and a browser navigator object)
But to determine the language, generally speaking, possible.
The only question is the money that pay the developers. Will you so carefully monitored?
If you have something to enter with your keyboard, you are to blame.
Know your layout can only be so.
“If you have something to enter with your keyboard, you are to blame.
Know your layout can only be so.”
Say what? Keyboard fingerprinting: detection of layout (entropy) and keycodes (can give away your language). If you are going to say you spoof locale (not saying its easy), then it needs to be thorough and cover all bases, or else you need to explain the deficiencies
LOL!!! Look at that “privacy” addon proprietary license. Also all and even more from these option you can find:
1) on about:config Firefox’s page
2) in Configuration Mania addon
3) Random Agent Spoofer addon
4) User Agent Overrider addon (and same)
5) NoScript addon
6) uMatrix/Policeman/RequestPolicy Continued addons
7) Advanced Cookie Manager/Cookies Manager+/Cookie Monster/Cookie Controller/Self-Destructing Cookies addons
8) Clean Links/Google search link fix addons (and same)
9) RefControl addon (and same)
10) SSleuth addon
11) Web Developer addon
12) Decentraleyes addon
And I ask you. Why you need to use some proprietary addon for privacy???
There’s definitely WAY too much overlap with established working well-proven extensions. Not that this couldn;t live in harmony – i’d just be fearful of any updates breaking harmony. heh
What am I missing? all extensions are open source, and without looking, surely mozilla’s legal terms dictate what they are.
Let my explain.
You can’t change anything even if it will be more privacy.
You can’t use it even if author will stop development.
You can’t use it for a long time because author on his own page promised to stop development after Mozilla stop support non multi-process addons (on russian page at least).
You can’t use it for a long time because nobody be able to continue developing of PROPRIETARY addon. Proprietary addon it’s grave for small but useful application like that. Even if this addon had open source license, it wouldn’t have obtain many developers. (see BrowserMasquerade as example https://addons.mozilla.org/en-US/firefox/addon/browsermasquerade )
And of course you can’t believe in developer who created addon for privacy but don’t understand all these facts. Even if it only one of them. It isn’t good programmer. I doubt whether he can create really tested code for real privacy because there are very many code and environment features (and no i am not a very good programmer but enough for understanding that).
Source code of the Extension are published. If you are a programmer, no one bothers you to read it. It is very simple. But only if you are a professional.
But you are not professional. And you don’t know what to write.
> busemu September 6, 2016 at 9:05 pm
> You can’t change anything even if it will be more privacy.
You often change the other people’s extensions?
> You can’t use it even if author will stop development.
You can use the extension. You can’t use the code. But I can ask the author for permission to use the code.
> promised to stop development after Mozilla stop support non multi-process addons
The developer say only about the lack of support for e10s, and not about the termination of development of the extension.
> because nobody be able to continue developing of PROPRIETARY addon
You can always ask the author permission. Of course, if he is alive and is able to answer you
> Even if it only one of them. It isn’t good programmer.
Since technical skills are determined by how the developer writes the license agreement?
In your opinion, the lawyers and marketers have the best programmers.
Even with Firefox, privacy is Geeks Only nowadays :(
Among the settings this add-on allows that I understand there is one which handles (allows to block) a quite notorious privacy leak which is “resource://” requests. For this concern I use a Firefox add-on called ‘No Resource URI Leak’
Advantages of an all-in-one add-on that performs by itself what several others offer independently are obvious. On the other hand if it allows more than the user understands then the risk is as obvious. As all of us I guess I can’t stand using an add-on, a plug-in performing a task I don’t fully understand, not to mention applications and whatever software.
This add-on makes me feel like having been offered a Ferrari when lacking a driver’s license. To phrase Tom Jones I’d better get up and drive. Start driving!
Forgot to mention what may be of interest for power-busybodies,
The version available at AMO is http_useragent_cleaner-2.0.11-fx.xpi (190.1KB)
The version available on the developer’s site is http_useragent_cleaner_o-2.0.12-b00-fx.xpi (192.8 KB)
The developer mentions on his homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”
Really a pity digging through the differences between these two versions is beyond my skills because having a developer advise to prefer his home version to the AMO version triggers my curiosity.
Ah! those Russians … :)
—–BEGIN PGP SIGNED MESSAGE—–
1. You can always send an abuse report to Mozilla. All extensions are signed at Mozilla signature. Including that from the site http://fxprivacy.8vs.ru/ .
2. You could dig. The differences were very small. Th extension code are available for all. If you are a programmer it is easy.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
—–END PGP SIGNATURE—–
My comment was informative and interrogative only, absolutely NO insinuations.
The “Ah! those Russians…” in memory of a song, forgot the title, as a smile, a joke :) to change from “Ah! those British…” (I like to diversify my aims!).
I’m not a programmer, not even a coder so I avoid criticizing what I ignore. Do notice that serious comments here consider your add-on at least interesting from the data it mentions and manages. As always you will find people who are aggressively talkative and less they know more aggressive they are. My advice: forget those comments.
To stay in the musical mood and to paraphrase Sting, “Russians love their code too” and are known to be talented, so any prejudgement appears obsolete.
Whatever, thanks for your work and all the best.
Sorry, I forgot this :
Can I ask you, Sergey, why you mention on your homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”? I guess it’s the word “advise” which leads to my question, but maybe has the original word, meaning, been badly translated by Google? And “stripped” in which way? — Thanks
> Sorry, I forgot this :
>Can I ask you, Sergey, why you mention on your homepage (translated by Google) : “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use)”? I guess it’s the word “advise” which leads to my question, but maybe has the original word, meaning, been badly translated by Google? And “stripped” in which > way? — Thanks
“stripped-down” is “functionality reduced” :)))
> I guess it’s the word “advise” which leads to my question
I not understand
OK- Do you speak French?!
Sergey, on your site you write that it is better to install ‘HTTP Useragent Cleaner’ from your site rather than from Mozilla (“Ð’ÐµÑ€ÑÐ¸Ñ Ð´Ð»Ñ Ð³Ð°Ð»ÐµÑ€ÐµÐ¸ Ð´Ð¾Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ð¹ Mozilla (ÑƒÑ€ÐµÐ·Ð°Ð½Ð½Ð°Ñ, Ð½Ðµ Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑƒÐµÑ‚ÑÑ Ðº Ð¿Ñ€Ð¸Ð¼ÐµÐ½ÐµÐ½Ð¸ÑŽ). ” translated by Google as “Version for the gallery Mozilla Add (stripped-down, it is not recommended to use).”
So I ask : why not recommended to use the version at Mozilla?
P.S. I remember now the song with “Ah! those Russians!” : I think it is in the song “Raspoutine” by BoneyM, not sure though!
> So I ask : why not recommended to use the version at Mozilla?
1. Gallery version must undergo an audit by the Mozilla editors. Sometimes it is delayed for more than a year. Although sometimes it ends in a few hours.
It does not provide an adequate rate of updates.
2. From the gallery version, removed some code parts that seem suspicious for Mozilla editors. There is nothing wrong, but the editors carry out their activities for free. They don’t want to understand what code doing, preferring to let the developer removed the suspicious code fragments.
In the end, the part of the code was removed.
I therefore recommend that versions of the site. I try to fulfill all the orders of the Mozilla editors, or place the extension in the add-ons gallery will impossible.
Okay, thanks (ÑÐ¿Ð°ÑÐ¸Ð±Ð¾)!
Of course many will wonder what code parts, what do these missing parts include or add to the add-on?
You do understand that this question is pertinent. But we are not at court, do as you wish!
For those who would prefer to install the version on your site perhaps would it be opportune to let them know those differences, no?
> For those who would prefer to install the version on your site perhaps would it be opportune to let them know those differences, no?
Perhaps I can give a brief description. Perhaps I will do so.
Thanks for the offer.
(Generally, the difference is small. The presence of the “TimeZone” filter and check the enabled state of Extensions.blocklist)
Sergey, thanks for stopping by to provide us with information about the add-on. I appreciate that.
Well, doesn’t sound like black magic, strange that it may have seemed suspicious for Mozilla editors.
I appreciate as well your personal commitment to a better understanding of your work.
Love the translation :D I think we just found a nice use to the source-viewing extension from yesterday :)
This add-on sounds interesting from a research point of view. I would not advice people to use it because with all those features all over the place it probably just keeps you unique while losing functionality. (And security too, don’t disable CORS, and be weary with ciphers, TLS settings and OCSP)
IMHO, an add-on worth checking to evaluate current usable privacy solutions, looking for improvements. Not for normal browsing use.
Yup, it all looks too confusing and encompassing. The few unique things it does do look sketchy (not as in the developer’s intentions, but the way its been designed) – eg lack of refinement/controls, whitelisting, and it looks as if a bunch of “spoofing” items are bundled into one switch. And the translations just make it all the more “dodgy-looking”. Way too much going on, and too much of it is re-inventing the wheel. I don’t think an AIO (all-in-one) solution like this is the way to go. I’ll probably play with it in a test environment, but would never use it for realsies :)
What is it?
All in the extension is based on white lists. You just don’t understand how to use it
I came across this addon myself a month ago, but was too scared to activate it because of the lack of documentation :)
Documentation is available in Russian. Quite extensive. Just after Google translate it is very hard to read.
I always see comments aboutr anything coming from China or Russia as a chauvinist blabbering.
Try for yourself, you’ll see the modifications in your about:config
Is it so difficult? NO…
On a new install, the modified values are in bold, for you to see.
Surely, overlapping sometimes occurr between addons, so an addon to own them all is needed, going to try this.
Thank you — SPASIBA — to the creator.
Quote: “I always see comments aboutr anything coming from China or Russia as a chauvinist blabbering.”
“blabbering”: Reffering (once again) to the Urban Dictionary it means talking very bad about someone. If you refer to “Ah! those Russians … :)” from Tom, which was not chauvinism at all but rather friendly, you should learn the rigth dictionnary too. Please avoid drama next time.
> The wording is a bit misleading on the page, as disabled means that the feature is active in Firefox, and enabled that it is not.
> It is easier to look at the color codes instead.
“disabled” – the filter status, but is not the FireFox feature status.
I understand that. When I first looked at it, I associated “disabled” with the feature, as its name was listed right next to the status.
All system services delate my account nambr network operating system services all peoplam cancel and comment and post and sharing and email addres and languages like system and software that and post media channels video and games and music and other social media platforms like system services all delate and cancel my phone number network system services all peoplam cancel and Facebook email addres and YouTube channels and file management services to and be and others all peoplam files system services delate and cancel