Hello all,
As Linux users make up less than 10% of all computer users, that makes them much more fingerprint-able. So spoofing Windows in some way seems like a good idea for improved privacy. I have seen browser extensions in the Chrome web store (for the Brave browser). That seemed to be partially successful, after keying in the site deviceinfo.me.
Are there other ways to spoof Windows? Say, through the Terminal? Please advise. Thank you.
I’ve been wondering the same thing. It’s annoying and I’d also like to see it changed.
One thing you can do, unrelated to this, is change the timezone by launching the browser in the terminal with the TZ= variable set.
I’m using Brave Browser right now with this:
TZ=someSpoofedValue /usr/bin/brave-browser-stable
where someSpoofedValue comes from a script I wrote that just picks a random timezone from a list.
Mullvad browser spoofs it by default. I haven’t checked with LibreWolf.
Even using a VPN, javascript can pull the system time from your computer, so it’s kind of funny to see it in Mullvad browser where the VPN exit point has a value, then 2 spoofed values. I don’t know why there’s 3 values instead of two.
I use deviceinfo.me to look at those values. Apparently there’s browser extensions that will change the OS, but then you’re using a browser extension that you don’t know if you can trust, and that makes you fingerprintable by using it.
Hi, thanks for the reply, and for the helpful tips.
I tried Mullvad browser, keyed in deviceinfo.me, but it still said I was using Linux. I emailed their support, to ask them if I needed to take additional steps.
I am a little afraid of Librewolf. They described themselves as “super-woke”. I’m not keen on a radical leftist handling my data.
You are right about browser extensions possibly being malicious, or simply unknown. Thanks for the heads-up.
Best regards!
You can’t hide what operating system you’re running, that’s why Tor Browser and Mullvad Browser only spoof the value that aligns with your operating system (Android, Windows, Mac, Linux).
Statement from Mullvad Browser team:
Thanks very much, Jordan.
Command “wget” allows setting the user agent, for example:
wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0" "https://www.example.com/file.zip"
You can run a Windows installation in a virtual machine. It is not the same thing, but that is similar to spoofing the Linux hypervisor’s operating system.
I am not saying this next one is a good idea, but you could also try running Windows executables under Wine.
Thank you very much, Machkiel.
Hi, ManWithNoPlan,
I heard back from Mullvad browser support. They mentioned that their browser no longer changes the user agent. They said it was causing more harm than good, so they removed that feature.
You misunderstood what I was writing. It had nothing to do with spoofing the OS but rather just one value of many other fingerprintable ones. I probably should not have put it in this thread.
That said, did they by chance give you a link as to why they stopped changing the user agent? I’d be curious to read why it isn’t a good idea for them, if they did.
No problem. Mullvad support did not go into specifics as to why they discontinued making all users look the same. They just said that it created more problems than it solved, and let it go at that.
For fingerprinting concerns instead consider VirtualMachine. You can run windows in VM should that be your choice. Contrarily I use a xubuntu VM exclusively for amazon. One VM per isolating experience like online banking. Because in each instance I am self identifying via signin.
Thanks very much, and I am sorry for the delayed reply. May I ask, do you use a separate VM for each online bank account? Or do you do all online bank accounts with a single VM? Thank you again.
What are you trying to keep private exactly? The online bank you are connecting to needs to know who you are. If you just want to make your browsing more private, one of the best things you can do is to disable ALL third-party content with uBlock/uMatrix. This will break a pretty significant number of websites but will prevent cross-site tracking (e.g. by Google through embedded Youtube videos). Spoofing the OS doesn’t really buy you much, and the service you are accessing will always collect some amount of information you can only somewhat obfuscate with Tor or VPNs.
Thank you, Tux. My concern is being fingerprinted, and Linux stands out more as there are far fewer Linux users.
Yes, I have heard to use a separate browser (maybe Chrome) for Youtube, Gmail, etc, so Google can’t see what you are doing on your main browser. Thanks again.
I’ve found 3 options:
1 and 2: The Chameleon and Random User Agent (switcher) FF extension will let you spoof your user agent. Chameleon lets you spoof tons of things, but obviously it comes up as an extension being used. IMO, rather have every 5 minutes showing a new and unique fingerprint. However, when testing on CreepJS, the header says Windows/Mac OS, but processor still comes in as “Linux X86” so it’s not perfect.
Option 3: Using a Windows VM.
Though, I’m about to try this wget option and see if it survives a restart.
Hey again - so the wget option isn’t global for all browsers, just when using wget to scrape a site or download files.
It looks like there’s a method in vanilla FireFox where you go into about:config and add a string under general.useragent.override with the user agent you want, but I can’t get that to persist in Librewolf. Just search for that and it’ll come up for FF.
For Librewolf it seems possible with some changes to the config file, but not all user agent testing sites will be fooled by the spoof, which might make you more unique. Apparently Mullvad dropped the spoofing.
Correct.
Additionally, you can add a list of URLs to a plain text file, for example “download.txt”, and have “wget” download all of those:
wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:142.0) Gecko/20100101 Firefox/142.0" --input-file=./download.txt
Changing user agent is not effective for spoofing OS.
The issue that you are facing is that the OS is only one of many fingerprints. See here for example to see part of what is exposed. Only spoofing the OS doesn’t really buy you anything. You are better off using a standardized set of attributes (as Tor or Arkenfox do) than just trying to hide or arbitrarly spoof things.
To be honest, I haven’t thought about doing this because I’ve been trying not to use Windows since the beginning of the year. But I might try the VM option for online shopping.