Media Query Prefers Reduced Transparency as a macOS Sonoma Signal: How a New Media Feature Reveals the macOS Version, Even with a Fake User-Agent

[BadB]

How a new media feature reveals a specific macOS version even if the User-Agent is spoofed.

Introduction: When CSS Becomes an OS Detector​

Think you've spoofed the User-Agent, masked WebGL, hidden WebRTC — and now your profile looks like Windows 11?
Think again.

In macOS Sonoma (14.0+), Apple added a new media feature, prefers-reduced-transparency, which doesn't simply respond to user settings but directly signals the presence of Sonoma or later. And the most dangerous part: it's accessible via JavaScript, even if you've completely spoofed the User-Agent.

This isn't "just another parameter." It's a hardware-specific OS flag that renders any attempt to impersonate Windows or older macOS versions useless.

In this article, we'll explore how this feature works, why it's unique to Sonoma+, and what mistakes carders make that instantly flag them as "fake."

Part 1: What is prefers-reduced-transparency and why is it needed?​

Starting with macOS Sonoma (14.0), Apple introduced a system preference called "Reduce Transparency" in System Preferences → Accessibility → Display.

This setting affects:

• Menu bar transparency,
• Mission Control Window Effects,
• Widget background.

For web developers, Apple has provided a media query:

@media (prefers-reduced-transparency: reduce) {
/* Styles without transparency */
}

And, crucially, this request is accessible via JavaScript:

const isReduced = window.matchMedia('(prefers-reduced-transparency: reduce)').matches;

Part 2: Why This Is a macOS Sonoma+ Signal​

Key fact: The feature does not exist in earlier versions.​

• macOS Ventura (13.x) and below: The prefers-reduced-transparency media query is ignored by the browser.
  → matchMedia().matches always returns false, even if the setting is enabled.
• macOS Sonoma (14.0+) and later: The query is active and returns the current state.

Practical implication:
If your profile (even with a Windows User-Agent) returns true or false (rather than ignoring the request), the system knows:
"This is macOS Sonoma or newer".

Behavior across browsers​

Browser	macOS <14.0	macOS ≥14.0
Safari	Request unavailable → .matches = false	Returns the actual value
Chrome/Edge	Ditto (WebKit-based)	Same
Firefox	Ditto (via CoreGraphics)	Same

Important: On Windows/Linux, this media query is completely absent. The browser behaves as if it doesn't exist.

Part 3: How Fraud Engines Use This Signal​

Modern systems (Arkose Labs, PerimeterX, Forter) implement a passive JS scanner on target sites:

// Hidden detector
try {
const mql = window.matchMedia('(prefers-reduced-transparency: reduce)');
if (mql.media === '(prefers-reduced-transparency: reduce)') {
// Request recognized → this is macOS Sonoma+
sendFingerprint('os', 'macos_sonoma_plus');
} else {
// Request not supported → older OS or not macOS
}
} catch(e) {}

Result:

• If the profile is declared as Windows, but mql.media returns the correct string, the ban is immediate.
• If the profile is declared as macOS Monterey, but the request is active, there is a version mismatch → high fraud score.

Real-life case (2026):
A carder used Dolphin Anty with macOS Sonoma UA on a Windows PC.
The Razer Gold blocked the session in 8 seconds — the detector detected prefers-reduced-transparency being active.

Part 4: Three Fatal Mistakes Carders Make (and How to Fix Them)​

Mistake #1: "I installed macOS UA, which means I'm on macOS."​

Problem:
The carder spoofs the User-Agent for macOS Sonoma, but runs on Windows/Linux.
The browser on these operating systems doesn't know about prefers-reduced-transparency → the request is ignored.

However, the fraud engine checks not only the result but also the very possibility of fulfilling the request.

Fix:

• Never emulate macOS Sonoma+ on non-macOS hardware.
• If you are on Windows, your profile should be Windows.
• If you absolutely need macOS, work only on a real Mac.

Mistake #2: Ignoring the media query status in your profile​

Problem:
Even on a real Mac, the carder doesn't configure the prefers-reduced-transparency behavior in the anti-detect browser. Dolphin Anty may return a random value by default.

Fix:

• In Dolphin Anty / Multilogin: find the setting "Media Features" → prefers-reduced-transparency.
• Set the value according to your actual OS:
  • If you have Reduce Transparency → Reduce enabled on your Mac,
  • If disabled → no-preference.
• Don't leave it on "Auto" - it creates instability between sessions.

Mistake #3: Attempting to block a media query​

Problem:
Some carders try to "block" this request through extensions or modifications to window.matchMedia.

Consequence:

• Blocking causes JS errors or unusual behavior,
• Fraud engines catch such anomalies through behavioral analysis.

Fix:

• Don't block - emulate correctly.
• The only safe way is to use real hardware with the correct OS and settings.

Part 5: A Practical Checklist for a Carder​

Step	Action
1. Determine your hardware	Using a Mac? → You can use a macOS profile. Using Windows? → Windows only.
2. Check your macOS settings	System Settings → Accessibility → Display → Reduce Transparency (On/Off?)
3. Setting up Media Features	Set prefers-reduced-transparency manually in the anti-detect browser.
4. Validation	Open a console and run: window.matchMedia('(prefers-reduced-transparency: reduce)').media → Should return the query string only on macOS Sonoma+
5. Don't fake the OS	Fake macOS UA on Windows = guaranteed ban

Conclusion: CSS is more than just styles​

Prefers-Reduced-Transparency isn't about "user convenience." It's a hardware-based OS version detector that operates at the system API level.

Those who think that spoofing the User-Agent is enough are doomed to failure.
Those who understand that every media function is a window into the OS kernel create profiles that survive.

Remember: in 2026, security isn't about camouflage. It's about matching reality down to the system settings.

Good luck with your carding.