Masking Agent blocks OS and CPU information from being revealed on the Internet
Your web browser sends information about your system whenever it connects to web services on the Internet. Just open Ghacks' quick IP checker and you will notice that the host can identify your IP address, web browser that you are using, and operating system that you have installed.
Most of the time, it is not necessary that this information is submitted at all. While there are specialized services out there that parse the user agent to determine if the browser and operating system are supported, most Internet sites do not make use of these techniques nor require them to function.
That does not mean that the information are not used. A quick check of the user agent may display different versions of the same web page. Back in 2012 it became known for instance that the online travel agency Orbitz Worldwide is showing customers that use Apple Macintosh systems different and sometimes higher priced travel options than customers who use Windows PCs.
But user-agent information can also be abused my malicious scripts. If a vulnerability is known to only affect a certain operating system version, one could create a script that checks the connecting user's operating system by parsing the user-agent to attack if the information match the vulnerability profile.
Last but not least, the information may also be used in fingerprinting techniques.
Masking Agent
The Firefox add-on Masking Agent replaces OS and CPU information with custom text so that websites cannot use the information anymore. This works well on most websites you connect to, but may be problematic on some that use the information actively as part of their service.
The default replacement text is masking-agent, but you can modify that to anything you like in the options the add-on makes available. Changing text protects the information from being used by websites you connect to.
Note: If you select a unique replacement text, it may actually be easier for websites that use fingerprinting to track you. It is therefore suggested that you do not select a unique replacement text here.
Once you have installed the extension in Firefox, you will notice that it will protect the user agent information and replace them with the chosen text.
Side Note: Other technologies, plugins come to mind, may still spill information about the operating system and cpu even if you are using Masking Agent. If you want those protected on connection, use an extension like NoScript to do so, or set all plugins to click-to-play.
Closing Words
If you want to reduce the chance of being fingerprinted effectively while you are browsing the Internet, then Masking Agent may be an option to do so. It does not prevent other means though, like identifying you based on the IP address, but that's something that you can take care of easily as well.
The add-on lacks a blacklist that you can use to disable it on select properties that require correct user-agent information to function.
No comments:
Post a Comment