questions and comparison

[atomGit]

there are 2 other comprehensive extensions for FF that are similar to yours...

HTTP UserAgent cleaner https://addons.mozilla.org/en-US/firefox/addon/http-useragent-cleaner/

Secret Agent https://www.dephormation.org.uk/index.php?page=81

what i like about HTTP UserAgent cleaner is that it is very easy to use; it has a simple iUI; you can set any of it's options on a per-domain basis (and they are remembered); it seems like it may cover a few areas RAS does not

what i don't like about it is that you can't set a user defined http user-agent string (you can only select from the hard-coded ones) and the dev seems somewhat resistant to adding features or making changes

anyway, i just wanted to make you aware of these other extensions with the hope that they might be helpful in the development of yours

[dillbyrne]

@atomGit Thanks for your suggestions and support. I am familiar with SecretAgent but not the other one. I have not looked at the other one but any addon that mixes different attributes from different browsers will seriously make you stand out. That is why RAS uses full profiles rather than individual attributes.

I plan to allow users to eventually specify custom profiles but I am still updating profile definitions at this this time. In terms of updated profiles I am currently doing a complete rewrite of all the browser profiles in the addon.

RAS has some per domain options with the whitelist feature. You can specify a whitelist profiles and whitelist some javascript and header features. I plan to add some more features to this in the future.

I will not be adding TLS cipher options to RAS but I have another addon for that if you are interested. https://addons.mozilla.org/en-US/firefox/addon/toggle-cipher-suites/

If you have a particular feature request please open an issue for it. I'm closing this particular issue now.

Thanks again

[atomGit]

"[...] any addon that mixes different attributes from different browsers will seriously make you stand out."

true, but isn't the point to make it harder to track across domains? as long as you're changing the browser sig at regular intervals, i don't see where it matters how unique that sig is

as far as tracking within a domain, they have the IP, so you can't prevent it

seems to me the IP could be used across domains as well - while many/most people are assigned a so-called dynamic IP by their ISP, it seems that, in a lot of cases, it never changes anyway, or changes only after a modem reboot

i tried RAS on a clean profile just to quickly test it and decided i'm gonna stick with HTTP UserAgent cleaner for now -- no offense :) -- so i won't be active here, but i wanted to let you know my first impressions from a user with limited knowledge on the intricacies of browser header strings...

• for the headers and extras tab, descriptive tool-tips for the settings would help
• couldn't find any info on the syntax for the white-list profiles (JSON?)
• personally, i don't care for how the white-list works (if i understand it correctly) - i would think that most people (myself included) would only want change certain settings for a domain to get it work properly, such as the user-agent string, and not have to create a new profile - that's one thing i really like about HTTP UserAgent which makes it super-easy to do this. i think many will be put off by the complexity of the white-list feature the way it's currently integrated

hope you do well with your extension!

[dillbyrne]

Thanks for the kind words @atomGit .

true, but isn't the point to make it harder to track across domains? as long as you're changing the browser sig at regular intervals, i don't see where it matters how unique that sig is

Yes but why stand out when you can spoof and still blend in. It makes the more of the dataset questionable as it is harder to tell who is spoofing and who is real.

as far as tracking within a domain, they have the IP, so you can't prevent it

seems to me the IP could be used across domains as well - while many/most people are assigned a so-called dynamic IP by their ISP, it seems that, in a lot of cases, it never changes anyway, or changes only after a modem reboot

This addon does not aim to deal with IP tracking. That is beyond the scope of this addon. Think of it more like trying to identify one of multiple users behind a single IP, such as in a coffee shop where users are coming and going. Of course there is nothing stopping a user from taking steps themselves to hide their IP.

i tried RAS on a clean profile just to quickly test it and decided i'm gonna stick with HTTP UserAgent cleaner for now -- no offense :)

No offense taken. Use whatever works best for you.

I wanted to add tooltips for each option in the panel but it is not possible in the addon SDK at this time. I do plan to add a detailed user guide on the wiki explaining every option.

The whitelist is the initial version I plan to improve on it as time goes on but I'm very busy at the minute with other issues and other projects too.

You do not need to create a new profile for the whitelist. There is a single whitelist profile that is shared among all whitelisted sites. The whitelist profile is set to the latest version of firefox for windows. This is done for maximum compatibility.

A whitelist rule has to be created for each site but this is configurable and can still offer protection by selectively allowing certain features on certain sites. Such as the canvas for example. You can allow it on youtube but block it on other sites that you know do not require it.

I am currently rewriting a new modern list of profiles that should reduce the requirement of the whitelist to a small number of sites.

I have a button in the addon under the whitelist with a link to the wiki which has a whitelist usage section. https://github.com/dillbyrne/random-agent-spoofer/wiki/Whitelist-Usage

Thanks again for your feedback and enjoy using the other addon.