NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 (edited) You seem to be confused on just what UA-CH does (or I am?) The agenda of UA-CH is to BYPASS the user agent completely. Detection based on UA-CH would detect your true browser REGARDLESS of whether you were faking a user agent or not. The html5 detected the faked user agent, so it has nothing to do with UA-CH, the "imitates" can be due to a hundred different things, various "combinations" that throw out the word "imitates" when Condition A plus Condition B is met. The whole agenda has very little to do with "privacy" or "telemetry" - though I would classify you as a bit more "extremist/alarmist" than I would classify myself. "Not that there's anything wrong with that." (A Seinfeld reference.) The purpose is for the website to know if you are on a MOBILE device versus a DESKTOP and to send the proper code for a proper rendering. If they succeed in rolling out this platform (way too early, not even sure if it exists "in the wild yet", just 'on paper') then those of us that FAKE user agent strings to FORCE a "heavy" web site to send us code based on less "hungry" javascript, as an example, will no longer be able to do that. The website will DETECT our TRUE "fingerprint" regardless of what we tried to FAKE by using the very old and everybody-knows-it "trick" of sending a FALSE user agent string. That's my understanding thus far at least. I'd be more than happy to read any respectable website link you may have that may indicate otherwise. The html5 test doesn't show me what I need to see as "proof". A "real" test that proves UA-CH is in fact "functioning and enabled" would be a test that reports "You faked your user agent to tell me you are Firefox on Linux, but I know better, you are really Chrome 86 on Win XP x64". Just catching XP x64 would really prove an advance to me, as almost all of these "test sites" including html5test.com refers to my XP x64 as Windows Server 2003. So that alone tells me that html5test isn't very "advanced". Edited July 22, 2021 by ArcticFoxie 1
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 Actually, since you requested I run a test, I'll submit a test in return. We know that UA-CH started with Chromium 84 (some sites report 85 but I see several that cite 84, so worst case we will call it 84). So here is a test for you - run that html5test (which I personally think is flawed, but I don't have much experience with it) using Chromium/Chrome EIGHTY and fake a Firefox user agent. My hunch (I welcome you to screencap proof that I am wrong) is that running that "test" using Chrome 80 and faking a Firefox user agent will give you that "imitates" result - so it has nothing to do with UA-CH, would you agree?
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 Okay, I decided to put my money where my mouth is. I think you'll agree this to be proof. We know that UA-CH did not exist in Chrome 80 and we know that UA-CH is enabled by default in Chrome 92. html5test.com gives that "imitates" in the results for Chrome 80 and for Chrome 92 - has nothing to do with UA-CH (which I "think" was your claim, not sure? I can't follow your posts at times). And as my geometry teacher used to say -- Q. E. D. 2
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 On 7/16/2021 at 7:42 AM, ArcticFoxie said: v13 2206 v3 "GUI chopping block" Settings Menu: remove Login Help -> About / Feedback Forums => About Settings (general) remove Login Settings - Basics remove Show select and search bar - I see no changes with or without this selected remove show recommended words - I see no changes with or without this selected remove show address bar suggestions - I see no changes with or without this selected Settings - UI Style Location Bar -> convert Chinese copy paste helper to English Settings - Tabs replace Open hao.360.com with Open Google (see Humming Owl's notes) Settings - Download remove default utility - there is only one option and download utilities operate as extensions remove use Thunder remove open file after download - I see no changes with or without this selected, there is a button when starting download for this feature remove show mini download task - I see no changes with or without this selected remove ask where to download apk files - this is an Android feature and Android users do not need 360Chrome for XP remove Save Images Quickly - I see no changes with or without this selected Settings - Shortcuts condense to 3 columns instead of 1 to prevent scroll on 1920x1080, test in 1024x768 Settings - Personal Data remove 360 account login Settings - Advanced remove NoCoin - pops up a Chinese message box so never really enabled unless you click within that message box Page Utility -> convert Chinese video tips to English Background Apps -> to the best of my knowledge, the Join user experience option is broken whether this is checked or not, may remove from GUI Settings - Lab remove Enable Thunder download manager - I see no changes with or without this selected Snap Plugin -> this only changes the toolbar, even when disabled this plugin is still accessible (Ctrl-Shift-X) - reviewing Humming Owl's modifications to fully disable Settings - Adfilter remove from options tabs, the built-in adfilter is broken once telemetry is fully removed I've also opted to remove the root directory sslblock.zip. This was used in earlier versions but I have yet to witness this page ever be displayed in v13. From the best I can gather, all ssl cert errors are displayed via clicking the padlock icon in v13's address bar. That and as far as lightweight, fast, and efficient, I'm content with just the ssl error code in the title bar and a completely blank page in the content area. My only way of really testing has been this site -- https://badssl.com/
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 Settings - Basics removed and disabled search engine built-in fallback (see Humming Owl's notes)
UCyborg Posted July 22, 2021 Posted July 22, 2021 On 7/9/2021 at 2:45 PM, ArcticFoxie said: Has anyone figured out just what the "System DPI" setting is supposed to do? When enabled (the default), GUI scales up accordingly when system DPI is set higher than 100% (96 DPI).
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 45 minutes ago, ArcticFoxie said: I've also opted to remove the root directory sslblock.zip. Disregard. This "might" be related to Settings - Advanced -> HTTPS/SSL -> intercept certificate risk option (I don't use this option but at the same time am mindful to not "break" any options that I don't use but that others may opt to use).
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 2 minutes ago, UCyborg said: When enabled (the default), GUI scales up accordingly when system DPI is set higher than 100% (96 DPI). Thanks!
Dixel Posted July 22, 2021 Posted July 22, 2021 (edited) 23 hours ago, ArcticFoxie said: 1 -- You seem to be confused on just what UA-CH does (or I am?) 2 - The agenda of UA-CH is to BYPASS the user agent completely. 3 - Detection based on UA-CH would detect your true browser REGARDLESS of whether you were faking a user agent or not. 4 - The html5 detected the faked user agent, so it has nothing to do with UA-CH, the "imitates" can be due to a hundred different things, various "combinations" that throw out the word "imitates" when Condition A plus Condition B is met. 5 - The whole agenda has very little to do with "privacy" or "telemetry" - though I would classify you as a bit more "extremist/alarmist" than I would classify myself. "Not that there's anything wrong with that." (A Seinfeld reference.) 6 - The purpose is for the website to know if you are on a MOBILE device versus a DESKTOP and to send the proper code for a proper rendering. .... That's my understanding thus far at least. 7 - I'd be more than happy to read any respectable website link you may have that may indicate otherwise. 8 - The html5 test doesn't show me what I need to see as "proof". ... 1 -- Yes , you seem to be confused on what UA-CH does , and what it does is : it will use any hints it can get to identify a user and make his fingerprint , hence the name with this key-word "hints". 2 - No , it's not a direct bypass . "the origin needs to gather as much entropy as possible, so it is likely to collect all the hints." Paragraph 1.2.9. "Fingerprinting". It will also try to identify your system with "'Sec-CH-UA-Platform-Version' Header Field" / Paragraph 3.8 https://wicg.github.io/ua-client-hints/ 3 - No , if you used countermeasures , like me. I could tell you many secrets , but like I said earlier , I'm not willing to broadcast them in the open . One secret I can share , how it detects you and with what (4). 4 - No , it detected you by the means of the vendor string : UA collected the hint that your vendor is Gugle, so now it compares it with your fake FF useragent and "sees" that something's wrong . Firefox string and "vendor" Gugle together, it's just not possible ! So you need to block the detection of this "vendor" string. It is NOT easy , you will need to write a programme for this. 5 - ENOUGH with labeling and classifications ! You wouldn't last long with a talk like that here , in Europe. Keep your "opinion" to yourself , OK ? I do not need it . I asked you to quit talking about my personality a million times . But if that gives you such a huge pleasure , go on . I guess it is still better than bashing your neighbours with a baseball bat , lol. 6 - Sounds like a sweet tale from a rich Californian corporate leftist. Smth like "we work for your safety". No , it will brodcast even it's switched off. "the Sec-CH-UA header will be sent by default, whether or not the server opted-into receiving the header via an Accept-CH header" .... 7 - https://wicg.github.io/ua-client-hints/ 8 - Yes, it does . It detected that you're cheating. And you will see in that article that it is still on , it will brodcast everything it can find. The Tale About The Version : I asked you if you trust Gugle , if you do , then you will also trust that it was available only starting from 84 , lol. ... Edited July 22, 2021 by Dixel typos 2
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 Settings - UI Style functionality has already been broken, removed more items (see Humming Owl's notes), removed from GUI
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 removed adfilter exceptions (adfilter functionality already disabled but now exceptions list is empty) (see Humming Owl's notes) removed default search engines (see Humming Owl's notes)
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 (edited) ported Humming Owl's v12 "shared.ydstatic.com", "95001111", "googleapis" and "gstatic" entries by dots -- have not tested remainder of entries in Humming Owl's list has already been replaced (or did not exit in v13). Edited July 22, 2021 by ArcticFoxie
NotHereToPlayGames Posted July 22, 2021 Posted July 22, 2021 saving these two to-do's for a future rebuild -- 1) Location Bar -> convert Chinese copy paste helper to English (.png) 2) Page Utility -> convert Chinese video tips to English (.png)
NotHereToPlayGames Posted July 23, 2021 Posted July 23, 2021 removed decompress with 360 from download section (this downloads a "360zip" utility and this is broken once we removed all of the telemetry - plus, we all have our own preferred archive utility external to our browser)
NotHereToPlayGames Posted July 23, 2021 Posted July 23, 2021 Settings - Lab remove Magnifier utility (enabled website dialog never seemed to work so opting to just remove)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now