search

ray-lothian / UserAgent-Switcher

A User-Agent spoofer browser extension that is highly configurable
https://webextension.org/listing/useragent-switcher.html
Mozilla Public License 2.0
949 stars 145 forks source link

Prevent UA Client hints #160

Closed scoricov closed 1 year ago

scoricov commented 2 years ago

Hello,

This proposal is already implemented in Chrome: https://wicg.github.io/ua-client-hints/#intro Example:

SEC-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
SEC-CH-UA-MOBILE: ?0
SEC-CH-UA-PLATFORM: "macOS"

This means the true UA and platform information leaks aside from the UA header which this extension is meant to control.

Solution for Chrome:

var settings = new CefSettings(); settings.CefCommandLineArgs.Add("disable-features", "UserAgentClientHint"); Cef.InitializeAsync(settings);

Would it be possible to include it in the extension's code?

ray-lothian commented 1 year ago

The next release will delete all "sec-ch-" headers;

https://github.com/ray-lothian/UserAgent-Switcher/blob/master/v2/firefox/common.js#L561

r3a1d3a1 commented 1 year ago

Wouldn't deleting it altogether look suspicious as well? Setting it to the latest version of Chrome (most used Browser) on Windows (most used OS) should be less conspicuous.

ray-lothian commented 1 year ago

In the new implementation, the extension exposes the correct values instead of deleting them when the "navigator.userAgentData" object is present. If not, they get removed.