Open codyit opened 9 years ago
nbbn
commented
9 years ago +1 is not enough. I agree. There should be separate mode, that allows fast selecting all modern, current desktop browsers on different OSes.
A lot of websites show warnings, that your browser is old or try to advertise you some modern browser.
dillbyrne
commented
9 years ago Hello @codyit
Iceweasel or konqueror may stand out for X minutes but the information is still false so it does not matter, we are actively poisoning their data set each time you visit sites with false profiles. We can't avoid fingerprinting in the web today, but we can make it less accurate. We want them to think they are fingerprinting the real thing but they are not.
Adding a mode for modern profiles is the wrong way to address this, and it will add more overhead to random profile selection, The correct way to address this is by keeping the profiles up to date.
From the start I have been asking people to submit browser information to keep the list updated. For example if you are using chrome and you get a browser update. Open an issue and post the details (see link below) and I'll add it. The same goes for phone browsers, consoles etc
Its not just enough to post user agent information the profile has to be accurate otherwise there is no point in doing it. The best way for this to happen is for people who have the real thing submit the information.
It takes me a lot of time to keep them up to date myself as I have to track down people who have them installed and on the correct platforms and check what if anything has changed between versions.
More people helping out will result in a better addon for everybody
I have updated lots of profiles myself in the past few days
https://github.com/dillbyrne/random-agent-spoofer/commit/12b8fdb2e6cbef1d6a86ff6b507cbc2584af3fc9
https://github.com/dillbyrne/random-agent-spoofer/commit/9a7431b61b6e4e17751ddad6e8c1f5ce82de6e05
https://github.com/dillbyrne/random-agent-spoofer/commit/498774ae5c3e7b756473541132ff531c55424cd8
https://github.com/dillbyrne/random-agent-spoofer/commit/17b98656c812744f180bff1c15faf109c55c807d
https://github.com/dillbyrne/random-agent-spoofer/commit/26fd6628eeedb250735e8f432e22672f58af7304
https://github.com/dillbyrne/random-agent-spoofer/commit/2e61010d6f639ffa2529c917a17eebc96c71d772
https://github.com/dillbyrne/random-agent-spoofer/commit/a2ded6dd741504aa37d0903e57499896398805b5
I need new/updated android profiles so if you have an android phone with any up to date non firefox browsers, then get in touch.
I also need updated windows phone browsers
Does anyone have Windows 10 installed ?
If you have a free / open bsd desktop can you get in touch
See https://github.com/dillbyrne/random-agent-spoofer/wiki/How-To-contribute for the information needed for a profile
codyit
commented
9 years ago Hi @dillbyrne
I understand sending over profiles is one way of contributing and it is the one you need the most right now, that doesn't mean the usability issue here is less valid, it's about giving choice to users.
Perhaps I didn't make my point clear enough.
If I just choose Random (Desktop) after a fresh install , I get all sorts of website warnings, problems such as menus and buttons stop working etc. So I have to religiously click exclude for most of the profiles, this tedious process is the kind of user action you want to avoid for any computer program.
That doesn't mean having Iceweasel and Konqueror, or for that matter Elinks in the list is a bad thing, that just means we need a radio button Random (Selected) , that invert the behavior of the Exclude checkboxes to become Include, or otherwise a global option that does the same thing.
I'd partially take back what I said about fingerprinting, because it only affects people like me, pretty much the single user behind a relatively fixed IP address, so I suppose it doesn't take long before some neural network learn that "ah see the rare browsers he's using, this is the same guy using RAS, so I'd categorize him as the kind of person who'd install a spoofer", of course it's a bit far fetched.
dillbyrne
commented
9 years ago @codyit What version of RAS are you using because RAS has not had with elinks for a few versions now, if it is an old one that would explain the issues you are running into . The iceweasel versions are treated as firefox by sites so there should be no problems there.
I'm not trying to make excuses for problematic profiles if that was how it came across. My point was that if is there is a particular profile that is problematic it is likely that is it out of date otherwise it could be that the particular set of options you have selected are causing problems or the site could simply be using bad practices and catering only to a specific browser .
While it is not perfect there is also the whitelist to help with this.
If there are problematic profiles that are constantly causing problems on multiple sites let me know and I will see what I can do and possibly remove them . As I mentioned above I have updated lots of profiles. So chrome chromium are mostly 43/42 firefox 40 to 36 , Safari version 8.0.7 to 8 etc. These will be available in the next release.
The solution is still not to have an option for selection only modern profiles. All profiles should be reasonably up to date with profiles updated or pruned from time to time. I can only do so much with the devices and information I have access to so I do need help in this area.
You could be a single guy or girl behind an IP or you could be a coffee shop with multiple users or have friends over, multiple people behind a shared IP at a VPN and so on.
codyit
commented
9 years ago I'm using the one on Github release page, just think it's a pity elink is gone :)
I'm guessing it's bad website practices, but I'm having trouble even with Gmail and Github, haven't changed anything except for excluding profiles, yet I'm still having problems. Not near my laptop right now, would let you know the list of profiles I included, I've shortlisted that to just a few already.
I still think having a more comprehensive list of profiles and a selected mechanism is the way to go, but it's your software, your call.
codyit
commented
9 years ago The version I'm using is 0.9.5.3, will make note of which exact profile is causing problem in Gmail, IIRC it's complaining about old version of Chrome. To be exact the compose email region is unresponsive, it works immediately after I've chosen Real Profile, so I suppose it's the profile itself causing problem instead of other settings.
Random Desktop and a 30 minutes period is chosen, here is the list of profiles without exclude checked, imagine the number of mouse click or spacebar I pressed..
Windows
Chrome 41.0.2228.0 (Win 7 32)
Chrome 41.0.2228.0 (Win 8 64)
Chrome 41.0.2228.0 (Win 8.1 64)
Firefox 37.0 (Win 8 WOW64)
Firefox 37.0 (Win 8.1 WOW64)
MSIE 11 - (Win 7)
MSIE 11 - (Win 8.1 WOW64)
Opera 25.0.1614.68 (Win 8.1 32)
Opera 25.0.1614.68 (Win 8.1 WOW64)Mac
Chrome 41.0.2227.1 (OS X 10_10_1 Intel)
Chrome 41.0.2227.1 (OS X 10_10_2 Intel)
Firefox 37.0 (OS X 10.9 Intel)
Firefox 37.0 (OS X 10.10 Intel)
Opera 26.0.1656.24 (OS X 10_10_2)
Safari 8.0.2 (OS X 10_10_2 Intel)Linux
Chrome 41.0.2227.0 (linux 32)
Chrome 41.0.2227.0 (linux 64)
Chromium 38.0.2125.111 (Ubuntu 32)
Chromium 38.0.2125.111 (Ubuntu 64)
Firefox 37.0 (Linux 32 bit)
Firefox 37.0 (Linux 64 bit)Unix (I probably got tired clicking exclude by the time I reached this part)
Chrome 38.0.2125.104 (FreeBSD 32)
Chrome 38.0.2125.104 (FreeBSD 64)
Chrome 38.0.2125.104 (OpenBSD 32)
Chrome 38.0.2125.104 (OpenBSD 64)
Chrome 38.0.2125.104 (NetBSD 32)
Chrome 38.0.2125.104 (NetBSD 64)
Chrome 38.0.2125.111 (FreeBSD 32)
Chrome 38.0.2125.111 (FreeBSD 64)
Chrome 38.0.2125.111 (OpenBSD 32)
Chrome 38.0.2125.111 (OpenBSD 64)
Chrome 38.0.2125.111 (NetBSD 32)
Chrome 38.0.2125.111 (NetBSD 64)
Chrome 38.0.2125.122 (FreeBSD 32)
Chrome 38.0.2125.122 (FreeBSD 64)
Chrome 38.0.2125.122 (OpenBSD 32)
Chrome 38.0.2125.122 (OpenBSD 64)
Chrome 38.0.2125.122 (NetBSD 32)
Chrome 38.0.2125.122 (NetBSD 64)
Firefox 36.0 (FreeBSD 64)
Firefox 36.0 (OpenBSD 64)
Firefox 36.0 (NetBSD 64)
SeaMonkey 2.30 (OpenBSD 32)
SeaMonkey 2.30 (FreeBSD 64)Hello @codyit
Other google services such as play.google.com try to load chrome specific code when spoofing as Chrome so I think that could be contributing to your issue.
Have you tried adding,mail.google.com and accounts.google.com to the whitelist ?
You may also need canvas enabled or webgl enabled so you can compose mails with the overlay they use.
The authorization header could be causing issues logging into Gmail if you have it disabled
You can also select a specific profile from the list of profiles. I'd recommend some recent firefox and try that. That should work if the real profile works for you.
Github works fine for me with 0.9.5.3. The odd time it will say something about an old version but the site is still functional.
let me know if a specific profile or the whitelist work for you.
codyit
commented
9 years ago Ah, maybe it's things like SPDY or QUIC? It felt so bad because stuff not working across browsers reminds me of the ActiveX days immediately, but yea, I'm using a spoofer, can't complain.
The thing I was thinking about is that, Google is one the major companies I want to stop from knowing too much about me, so I didn't want to whitelist them. Now that it seems a bit paradoxical, I'm giving up a lot by using their email service anyway. The real solution for me should be really look into completing the slow and painful process of migrating away from their service.
Still, thanks for the tips.
On the Random Selected feature request itself, I just wish to know if you think it's not important enough, but you'd accept it if it is in the form of a PR, or you wouldn't accept it anyway because it's different from what you're envisioning?
codyit
commented
9 years ago Didn't want to sound like I don't appreciate RAS and the effort behind it, but I guess I have to be a bit more blunt. Regardless of everything else, regardless of the issue of JS browser warnings etc, IMO it is still a major UI failure on an otherwise very useful plugin.
The sheer number of exclude checkboxes without mechanisms to invert or group select means that you either expect users to go click that many times, or you presume the number of exclude is going to be small. Neither of them is good practice.
In reality if you want to avoid the headache of Chrome specific implementations, you do wish to at least exclude all the Chrome versions.
dillbyrne
commented
9 years ago Hey @codyit
Be as blunt as you feel you need to be, I don't mind. The thing about the whitelist profile is that it is still a spoofed profile so the sites are still not getting your real profile. It is recommended that it be a firefox based profile for maximum compatibility but you can change this.
The number of exclude checkboxes is tied to the number of profiles, there is no expectations tied to them. It is simply a one to one relationship.
While it is possible to exclude them and you can do so. I would think the number a user should need to exclude to be small due to the whitelist. After some time it becomes obvious that site is causing more problems that the profiles and that it is easier to whitelist that particular site.
Also the fact that you can select a specific profile means that if you don't want to use the whitelist or exclude problematic profiles you can select a compatible profile and do what you have to do on a site and then select what ever you had before it.
Generally If a site is not working with a recent firefox profile then it is your chosen options.
The main issue I have noticed with google owned sites when spoofing chrome is webp images.
I know you appreciate RAS and you mean well. My hesitation with your suggestion as I have said before is that I strongly believe it will not solve your issue(s), that is what the whitelist is specifically for.
However I am a reasonable person and it is obvious that a group of users desire this functionality so I will look into adding an option to invert the exclude process. Providing the overhead isn't too much, I'll add it. It won't make the next version but I'll try get it into the version after that . The option for it would be located under the preferences in about:addons since it would not be something that would change often
Will that suffice ?
Note: If this is added you may still have problems with some sites that you did not whitelist for certain options that you have selected or for some options that are not in the whitelist that must be unselected such as the cache options for example
codyit
commented
9 years ago Hey @dillbyrne
Ran out of cycles recently, and the problem doesn't really surface unless you do reinstalls, so kind of setting this aside.
Just wish to let you know that after the discussion here, I realize the problem probably stems from Chrome. By disabling just those profiles and keeping the Random (Desktop) / 30 minutes setting, I haven't experienced any lose of functionality since then ( tooltips reminding me the browser is not supported anymore is to be expected and just mildly annoying ).
Consider me a happy user without any changes, but still
The option for it would be located under the preferences in about:addons since it would not be something that would change often
sounds good to me, not sure about other users. Anyway, thanks a lot.
dillbyrne
commented
9 years ago @codyit Glad you have it working for now. I will update this issue when I make some progress on it
codyit
commented
8 years ago Been pretty drained these days. Not trying to push it since I haven't been reinstalling lately and am still a happy user :)
An extra use case for you to consider, youtube.com. It would disable full screen for a lot of the profiles. I mean, similar scenarios happen all the time, by having this feature, users just have to select a few different modern profiles to loop through in the beginning and they'd be worry free afterward.
Another random thought that probably belong to a new issue. If you do consider keeping the list updated as pretty much the first priority, wouldn't it be wonderful if you decouple it like uBlock or ABP blocklists?
codyit
commented
8 years ago wouldn't it be wonderful if you decouple it like uBlock or ABP blocklists?
But then you'd have privacy concerns..
RAS is great, however I notice the first thing I do after installation is to go click exclude for most of the old browsers since they break a lot of basic functions due to JS browser check.
I suppose having random for every 30mins among the latest version browsers on latest version OSs is enough for me. I would further suggest it should be the default, because when you think about it from the fingerprinting standpoint, Konqueror on BSD or Iceweasel on 32bit Linux are definitely gonna standout more unless the majority of the population are using RAS, so it becomes a fingerprint itself eventually unless you're also using something like Tor.