Gorhill please read an actual issue with uMatrix

[firefoxguy]

When spoofing a Windows user agent using uMatrix Ipleak.net is still able to detect I am using Linux "Platform: Linux x86_64" If I spoof using RAS it will say my platform is Windows with no issue. I couldn't post this under uMatrix issues because it has been removed. I'd really appreciate it if you look into this. Firefox 54.0.1 x64

With RAS https://i.imgur.com/1adUwtS.png

With uMatrix https://i.imgur.com/CiWLmrI.png

[gorhill]

Don't use UA spoofing with uMatrix, it's known issue, has been talked about a lot, and bottom line is that spoofing UA is pointless unless one also block all JS at the same time. I said I would remove this feature eventually, because it gives a false sense of privacy, given that as soon as javascript is allowed to execute, fingerprinting is the real issue, of which UA is only a tiny part of it. At most, I will releguate it to a toy feature with no privacy value.

[ghost]

it gives a false sense of privacy

Very true. The order in which headers are sent are also unique to certain browsers. So, spoofing the UA actually has to opposite intended effect, regardless if JavaScript is enabled.

[ghost]

Perhaps to the FAQ entry - we could add gorhill's answer above to build/expand to an FAQ entry actually. :) (I never heard of UA spoofing before by the way, probably some other people also never heard about it yet.)

[bershan2]

@anewuser User agent spoofing is already built into most major browsers: https://www.howtogeek.com/113439/how-to-change-your-browsers-user-agent-without-installing-any-extensions This might not be as easy, but at least someone won't be mislead by uMatrix feature.