JondoFox/Browser User Agent

Ideas to everything that could be useful. Proposals and tips for JonDonym programming.
Post Reply
Urkal
Posts: 43
Joined: Mon Apr 18, 2011 13:27

JondoFox/Browser User Agent

Post by Urkal » Fri May 30, 2014 5:12

I'm not very comfortable with JonfoFox/Bowser user agent. I think the reference to Linux in the UA is not as good in an anonymity point of view because Linux is used by a small number of people. So having some linux distro appearing in UA increase fingerprint.

Moreover, I have had a look at this site:
http://myip.ms/browse/comp_browseragent ... gents.html

This site orders the UA by the number of times it as been seen. First is IE9 with windows 7 32bits (397,761 IP), second is IE 9 with windows 7 64bits (380,519 ip), third is windows XP with Google Chrome 23 (207,566 ip).

The first FF UA appears in list at the 14th position. Its FF 26 with windows 7 64 bits (92,259 ip). Moreover, the site seems to be up to date, because Google Chrome 33 appears in the list.

Of course one can consider that this site contains some king of bias, because at this time, all statistics are showing that Google Chrome is the most used browser. But on the other side these stats aggregate all versions of google chrome, which are plenty (33), plus Iron (all versions) plus Chromium (all versions). And so with FF (31), while the different versions of IE encountered on the net are few (in practice approximately 4/5, and without any fork/clone).

As IE (all versions) is the second most used browser in the world (first being Google Chrome and third being FF), it may be possible (and even probable) that Google Chrome be the most used browser, and that in the same time the most frequent user-agent be a IE user agent (in our case, and according to the site, IE9).

In all case, I think it would be better to (at least approximately) determine the most frequent UA and affect it to the JoDoFox/Browser. I doubt that this most frequent UA could be FF 24 on Linux, and I conjecture that this most frequent UA is an IE UA.

PseudoNym
Posts: 48
Joined: Tue Oct 02, 2012 16:08

Re: JondoFox/Browser User Agent

Post by PseudoNym » Fri May 30, 2014 17:17

Faking a completely different browser is not a good idea, they have too many differences that can simply be detected via JS and other techniques.
Since the idea behind JonDonym and TOR is not to stay anonymous within all the browsers in the world, but only within their own set of users (remember: their exit addresses are public anyways, so this can always be used to check if you're using one of their services), the approach that TOR is currently using is to have the same user agent for all users, whereas JonDonym tries to variate their users' fingerprints a bit as far as I know.

Urkal
Posts: 43
Joined: Mon Apr 18, 2011 13:27

Re: JondoFox/Browser User Agent

Post by Urkal » Fri May 30, 2014 21:19

PseudoNym wrote:Faking a completely different browser is not a good idea, they have too many differences that can simply be detected via JS and other techniques.

I think you are here speaking about "UA changer" which changes only the HTTP UA. But recently has come new UA changers (as Random Agent Spoofer), which changes UA in its various declinations. In particular it spoof the js useragent. You can't detect that the UA is a faked one when this addon is used at least, no more than the JonDoBrowser is used).
Since the idea behind JonDonym and TOR is not to stay anonymous within all the browsers in the world, but only within their own set of users
Ok, although the IP-Check test doesn't refer to what you are claiming. But even so why not use the most frequent UA fort that purpose ? As the UA would be the same within JonDo/Tor community, that would not decrease the anonymity within the the set of users, but with the additional benefit that would increase the anonymity within the browser in the world.

So in my reasoning, faking the UA in JondFox/Browser to a IE one (more precisely the most frequent IE User Agent seen) would not harm the JonDoFox/Browser inside their respective set of users, and could lead to diminish their fingerprint relative to all browsers in the world.

Do you prefer 2 ounce of blueberries, or 2 ounces of blueberries and 1 ounce of cherries?

cane

Re: JondoFox/Browser User Agent

Post by cane » Sat May 31, 2014 8:32

the approach that TOR is currently using is to have the same user agent for all users, whereas JonDonym tries to variate their users' fingerprints a bit as far as I know.
We are using a fixed user agent for JonDonym users too. It is a Firefox 24 esr for Linux (i686). See: https://anonymous-proxy-servers.net/blo ... agent.html

JonDoFox can fake other user agents for other use cases (TorBrowser UA for using Tor or latest Firefox for Win). But if you were using JonDo then our UA fake is used.


To build an anonymity group is only one reason for our user agent fake. The other reason is a little bit security. We don't want to use a Windows user agent fake any more.

- Most of our users are using Windows (approx. 85%).
- Most automated attacks from the web affected Windows.

We want to hide the operating system to avoid automated drive-by-download attacks for our main user group. Linux users are not affected as Windows by these attacks (at the moment).

PseudoNym
Posts: 48
Joined: Tue Oct 02, 2012 16:08

Re: JondoFox/Browser User Agent

Post by PseudoNym » Sat May 31, 2014 10:27

Thanks, I didn't know that :-).
I remembered that it was Windows before and is now Linux, but was not aware of the exact reasons.

And no, I was not talking about HTTP or JS user agent, but about specific features that different browsers can work with. E.g. you can test some features that the browser supports via the popular Modernizr framework or similar. Naturally IE supports different features than Firefox, which itself supports different features than Chrome etc., so that could be used to indirectly identify the user agent.

Post Reply