user.js: privacy.resistFingerprinting doesn't adequately spoof UA with FF beta 59 on mac

I’ve been using this user.js (a modified version of the relaxed variant) for around 6 or so months now and have been pretty happy with it: everything worked as advertised. Recently, I’ve found that my UA now explicitly lists me as using a mac: something that did not happen with FF 58. It also releases that I’m using FF 59, which has the potential to make me very unique. I’ve tried setting privacy.resistFingerprinting on a fresh profile as well, but to no avail. Is anyone else experiencing the same?

Edit: I’m attaching the corresponding browserspy.dk test

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 20 (3 by maintainers)

Most upvoted comments

@Atavic That repo is just a collection of scripts/config files. As far as I understand both privoxy and squid, they cannot fake the network stack: they operate after a packet has been processed by the network. Both those programs don’t work at the packet or TCP level. They work with files delivered over HTTP.

savyajha on Mar 17, 2018

@savyajha Would we like to overrule Mozilla on this and set a custom UA, @pyllyukko?

It won’t work either, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1433676

TriMoon on Mar 16, 2018

So the latest comment on the bug seems to suggest this is expected behaviour. Quoting from the latest comment on the linked bug report:

Makes sense, as it reported Windows for me (even though I’m on Linux). Although this was not with FF beta 59, but FF 58.

This seems to imply that spoofing will be different for different OSes because spoofing to a common denominator does not provide any security benefits: your OS can be inferred through other means. Would we like to overrule Mozilla on this and set a custom UA, @pyllyukko?

That’s kinda unsettled. See:

#193
#299

I think that we’re good with privacy.resistFingerprinting’s UA for now.

pyllyukko on Feb 21, 2018