TransWikia.com

Tor Browser Bundle failing userAgent spoofing

Tor Asked on December 16, 2021

Using Tor Browser Bundle, I noticed the latest versions I have (9x) did not show user agent in the general.userAgent.override entry in about:config. The browser was downloaded from the Tor Project and passed its GPG signature check.

User agent checkers shown on Wikipedia, and some I have found in online searching, continue to show the usual Windows 10 OS result when the browser is pointed at their webpage with java enabled.

However, Chrome downloads correctly shows a Linux OS when java is enabled (which as far as I know is required for user agent detection), but shows Windows 10 by default. This suggests Chrome’s website scripts are able to bypass Tor’s supposed user agent spoofing with ease.

https://www.google.co.uk/chrome/

Running Firefox with User Agent Switcher installed confirms this. UAS is able to fool the Chrome download page with java enabled, offering Windows 10 when Windows 10 is set as user agent, and 64bit .deb when Debian is set instead. Setting Android provides a link to the Play Store.

Inspecting about:config I noticed that general.useragent.override entry is no longer included. I forced it by adding it manually to the default profile user.js, and set one of the strings from UAS. This of course still fails. As I have asked after on superuser, simply setting this about:config entry does not actually change the detected UA for Firefox. I assume UAS alters the user agent packets outbound from Firefox, and wonder how this can be achieved using an about:config entry.

Either way, Tor Browser Bundle 9x does not fool any sites with regard to UA. While TCP/IP stack sniffing can be used to resolve OS, user agent detection is a well-established website methodology.

Past encounters with the browser included YouTube as default search engine (5x or so), and the irritating habit shared by Firefox to lesser effect of writing to dconf in /run which would mess up the GUI and bloat file browsers all the time (now blocked in Firejailing).

The version tested here is 9.02.

How can Tor Browser Bundle be failing at so basic a task as user agent obfuscation?

One Answer

You don't need to change your user agent string on Tor as it's basically useless. Just leaving JavaScript on will give the website the power to detect the size of your scrollbar which got a size that is unique to every operating system.

Just turn off JavaScript altogether if you're paranoid about your user agent string.

Answered by Saten-san on December 16, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP