Mozilla omits CPU architecture information from Firefox's user agent
Mozilla plans to omit CPU architecture information from Firefox's user agent and several supported APIs to reduce the digital fingerprint of Firefox users.
Web browsers reveal information automatically to websites that users open in the applications. The user agent reveals information about the browser and browser version, operating system, and, up until recently, also the CPU architecture.
Fingerprinting scripts use user agent information and other information, e.g. language and location, to create digital fingerprints. The accuracy of fingerprints increases with the number of unique data points.
Firefox won't reveal one of the information bits to scripts and sites anymore going forward. The change, implemented already in recent Firefox Nightly 69 builds, omits CPU architecture information from the user agent.
Firefox used to differentiate between the following CPU architectures:
- 32-bit Firefox on 32-bit operating systems.
- 32-bit Firefox on 64-bit operating systems.
- 64-bit Firefox on 64-bit operating systems.
Firefox users who run Firefox 69 will notice that scripts that return the user agent won't differentiate the information anymore. A simply Google search for check user agent reveals that as seen on the screenshot below.
The current Nightly version of Firefox run on a test system returns the following user agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
The change affects 32-bit Firefox installations that run on 64-bit versions of a Windows or Linux operating system. These versions will use the following user agent as of Firefox 69:
- Linux: Linux x86_64 instead Linux i686 on x86_64
- Windows: Win64 instead of WOW64
The change applies to the user agent and the APIs navigator.userAgent, navigator.platform, and navigator.oscpu.
Modifying the user agent information in this way is a low risk change according to Mozilla that should not impact functionality or compatibility.
Mozilla's plugin finder service used the information provided by the user agent to direct users to the correct Flash Player download. Adobe Flash is the last plugin that Firefox supports but the installer is universal so that a differentiation is no longer necessary. Flash, additionally, will be retired in late 2020.
The change is the first step of a more extensive rewriting process that will remove CPU architecture information entirely from the Firefox user agent and relevant APIs. The major change requires extensive testing as it has a higher probability of causing web compatibility issues on sites that implement user agent sniffing techniques.
Closing Words
Firefox omits CPU architecture information going forward and will even hide architecture information entirely in the near future; that's a good step in the right direction. It could lead to incompatibilities, however on sites that sniff user agents.
Now You: What is your take on the change? (via Sören Hentzschel)
It’s important to note that when using the resistFingerprinting option, Firefox will send a different user agent with even less information.
Here’s the user agent when RFP is enabled: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
The architecture is removed entirely and the version number is set to v68, not v69.
Even with CPU architecture information omitted from the user agent, the browser still shows a lot of information to websites. Sites like http://www.deviceinfo.me prove that.
I am strongly of the opinion that the user agent string should be done away with entirely. The browser should not provide any information about itself or my machine to a web server.
Yes, thank you! I’d found a couple of settings there in my FF that I’d not set properly already!
Recommend “Chameleon” for fingerprint protection in the extension.
https://github.com/sereneblue/chameleon
support for other browsers #37
no. Chameleon uses some APIs that are specific to Firefox, notably, the browser.contentScript API.
https://github.com/sereneblue/chameleon/issues/37
The actual situation can be verified at “https://amiunique.org/fp”.
yeah, while Mozilla is busy implement omission out of the Firefox web browser, those who are wiser among us will continue to use WebExtensions that help protect against fingerprinting attempt
Willing to give it a go but already I find sites that do not like Firefox’s focus on privacy and I figure the more it breaks sites the less users will tolerate Firefox and just use Chrome. I generally think protecting users is a good thing, but only when it doesn’t interrupt users ability to use the web.
@JohnIL: “I generally think protecting users is a good thing, but only when it doesn’t interrupt users ability to use the web.”
Since many websites are actively engaging in a war against user’s privacy, saying this is effectively the same as saying “protecting users is not a good thing”.
Martin, could you write an article “The best Firefox Extensions for Privacy” please? I know there are a lot of information on this if I search the web but Firefox and its extensions are changing so often that one article like this would be handy
You don’t need to worry about/muck with blocking 3rd party cookies and breaking some sites if you have Cookie Auto Delete installed
It’s good list but missing essentials like:
– Canvas Blocker
– Smart Referrer
https://www.privacytools.io/browsers/#addons
thank you user!
How many users have 32 bit FF on a 64 bit machine? Not many, I’d bet and fewer as time goes on; seems like an option that eventually won’t ever be reported in the UA. Meanwhile, those to whom it applies will gain a tiny bit of moot privacy.
Doesn’t hurt anything at least.
Yet another positive development! :)
Martin, DuckDuckGo also lets you see the user agent information, but in more detail and in a privacy-respecting way: https://duckduckgo.com/?q=user+agent&ia=answer
this change is btw totally useless, but it’s a good marketing stunt.
It doesn’t even hide the CPU architecture: https://reddit.com/r/firefox/comments/c3n6xk/mozilla_omits_cpu_architecture_information_from/ershryi/
The new browser war is not over market share, but over mind share: No one wants to be seen as the bad actor that spies on people.
With fingerprinting resistance enabled, people have this change active already. Good that they are trying to make this part of the default-on resistance.
In before the Firefox trolls.
@Pedro,
gosh darn, you beat me to it, Firefox brainwashed fanboy. (â‹Ÿï¹â‹ž)
@ Lambo-san @ IronHeart @ Clairvaux
I have spent an interesting couple of hours reading Martin’s Firefox and Chrome blogs.
In recent weeks, whenever Martin reviews new Firefox features, in you both jump making snide comments about how shitty Firefox is and how Mozilla steals users data.
E.G.
Iron Heart makes lengthy comments about theCliqz experiment which affected 2% of the German FF users.
Both IronHeart and Lambo-san insult other posters because the posters make positive comments about FF. This applies also to Clairvaux, the well known Firefox user hater.
Lambo-san “gosh darn, you beat me to it, Firefox brainwashed fanboy. (â‹Ÿï¹â‹ž)” (see above)
When Martin reviews Chrome features, I have been unable to find any comments posted by any of you about how shitty Google Chrome is; especially the immense amount of date slurping which Chrome does. This slurping affects 100 PERCENT of Google users.
I can only conclude that you are all Trolls and Chrome fanboys, possibly paid a small retainer
by Google in an attempt to put off potential users of Firefox.
I await with great excitement your virulent responses to this post.
Go Forth and Multiply
T J said : especially the immense amount of date slurping which Chrome does. This slurping affects 100 PERCENT of Google users.
Could you be more specific about what data Chrome slurps from 100% of its users, that Firefox doesn’t slurp too ? Genuinely interested in concrete facts to fight the fake news from anti-Firefox haters. Thanks in advance !
@ Anonymous
Instead of writing a HUGE comment, I can refer you to the report on the following web site:
“https://www.quora.com/Is-it-true-that-Google-is-stealing-our-data-and-personal-information”
Note: scroll down through the Quora report and you will find plenty of links to other reports.
Also, if you type in the search term “chrome stealing users data”, you will find numerous sites which list many, many malicious Chrome addons, zero day events, etc.
I hope that this helps.
Thank you T J ! Unfortunately this Quora link talks very generally about Google Search, Android, Gmail, Maps, or being logged in to a Google account, being data slurpers… but it does not say anything specific about Chrome data collection, what I am interested in, especially data collection affecting 100% of Chrome users or Chrome data collection that does not exist in Firefox. I read some of the links below, but no more useful information there. Malicious addons and zero day vulnerabilities, that appear when looking in a search engine, exist in Firefox and every browser too, and the browser developers cannot directly be blamed for malicious addon code anyway. Do you have a reference that Chrome collects data on 100% of its users that Firefox does not collect ?
Now this is worth following.
@T J,
Your awareness of the problem is extremely appropriate.
However, it seems to be a misguided against Martin.
https://www.ghacks.net/we-use/
Welcome to We Use, a page were we list some of the products that we use and recommend wholeheartedly.
The following list contains software programs that we use on a daily basis. Not all of the programs are paid applications. We have limited the list to programs that we use a lot.
Firefox – The main advantage of Firefox over other browsers is that it gives you more control over the browser interface and customizations in general. There is also NoScript available exclusively for the browser, our favorite browser add-on of all time.
Thunderbird – Thunderbird is a desktop email client that gives you full control over your emails. Not only are they stored locally, it is also highly customizable and supports add-ons just like Firefox does.
Author
Martin Brinkmann
As you are concerned, Firefox (Mozilla) has “Anti” and “Hate”, and they are constantly trying to spread fake news.
Perhaps Martin is concerned about that, and seems to be a polite introduction to Firefox (Mozilla) ‘s truth (Technology, usage, plans for the future, the truth of rumors, etc.).
The greatness of this site is that Author (Martin) does not take participate in the COMMENTS from those subscribers, acts like a third party, and is capable of accepting the COMMENTS of the subscribers without filtering.
Agitators and demagog seem to be the center of their lives (fun, hobbies), so they are looking at the Web 24 hours a day, 365 days a week (www.ghacks.net). Therefore, “Hate speeches” and “fake news” COMMENTS will be added quickly.
However, those with thinking abilities will not look at such stupid COMMENTS.
Since I have a job, I can not COMMENTS seldom, but leaving fake news is a situation that gets worse, so I’m going to get involved with posting as much as possible.
For serious defects of Web and SNS:
People who read news articles on the Web tend to assume that they just “understood” just reading the summary (In fact, they do not understand at all and tend to interpret it as their own convenience).
https://journals.sagepub.com/doi/10.1177/2053168018816189
https://www.sciencealert.com/people-who-read-the-facebook-newsfeed-think-they-know-more-than-they-actually-do
https://www.aeaweb.org/articles?id=10.1257/jep.31.2.211
@ owl
I read your comment and I must emphasise that my post was not directed at Martin and ghacks.
Martin’s articles are always fair and unbiased.
His posts are full of tips about new software and apps as well as warning users about blunders made by Microsoft, Google and Mozilla which cause problems.
The two posts about switching to Linux from Windows 7 were especially good.
but everybody already knows that Google Chrome is just an elaborate spying tool under the guise of a browser
I was actually referring to the Firefox haters.
as long as the mozilla organisations projects are open source and hence the code in public ownership and the transparency and change processes are somewhat open and democratic i would also pay for this browser should the need arise one day…
i for one still ask for a much deeper democratic and public ownership structure for the internet and its derivative technologies like mail and browser… we are all a far cry away from such concepts and will probably end in a typical privatised environment where a few write the rules for the many.