BadB
Professional
- Messages
- 2,545
- Reaction score
- 2,683
- Points
- 113
How a new media feature reveals a specific macOS version even if the User-Agent is spoofed.
Think again.
In macOS Sonoma (14.0+), Apple added a new media feature, prefers-reduced-transparency, which doesn't simply respond to user settings but directly signals the presence of Sonoma or later. And the most dangerous part: it's accessible via JavaScript, even if you've completely spoofed the User-Agent.
This isn't "just another parameter." It's a hardware-specific OS flag that renders any attempt to impersonate Windows or older macOS versions useless.
In this article, we'll explore how this feature works, why it's unique to Sonoma+, and what mistakes carders make that instantly flag them as "fake."
This setting affects:
For web developers, Apple has provided a media query:
And, crucially, this request is accessible via JavaScript:
Result:
Problem:
The carder spoofs the User-Agent for macOS Sonoma, but runs on Windows/Linux.
The browser on these operating systems doesn't know about prefers-reduced-transparency → the request is ignored.
However, the fraud engine checks not only the result but also the very possibility of fulfilling the request.
Fix:
Problem:
Even on a real Mac, the carder doesn't configure the prefers-reduced-transparency behavior in the anti-detect browser. Dolphin Anty may return a random value by default.
Fix:
Problem:
Some carders try to "block" this request through extensions or modifications to window.matchMedia.
Consequence:
Fix:
Those who think that spoofing the User-Agent is enough are doomed to failure.
Those who understand that every media function is a window into the OS kernel create profiles that survive.
Remember: in 2026, security isn't about camouflage. It's about matching reality down to the system settings.
Good luck with your carding.
Introduction: When CSS Becomes an OS Detector
Think you've spoofed the User-Agent, masked WebGL, hidden WebRTC — and now your profile looks like Windows 11?Think again.
In macOS Sonoma (14.0+), Apple added a new media feature, prefers-reduced-transparency, which doesn't simply respond to user settings but directly signals the presence of Sonoma or later. And the most dangerous part: it's accessible via JavaScript, even if you've completely spoofed the User-Agent.
This isn't "just another parameter." It's a hardware-specific OS flag that renders any attempt to impersonate Windows or older macOS versions useless.
In this article, we'll explore how this feature works, why it's unique to Sonoma+, and what mistakes carders make that instantly flag them as "fake."
Part 1: What is prefers-reduced-transparency and why is it needed?
Starting with macOS Sonoma (14.0), Apple introduced a system preference called "Reduce Transparency" in System Preferences → Accessibility → Display.This setting affects:
- Menu bar transparency,
- Mission Control Window Effects,
- Widget background.
For web developers, Apple has provided a media query:
CSS:
@media (prefers-reduced-transparency: reduce) {
/* Styles without transparency */
}
And, crucially, this request is accessible via JavaScript:
JavaScript:
const isReduced = window.matchMedia('(prefers-reduced-transparency: reduce)').matches;
Part 2: Why This Is a macOS Sonoma+ Signal
Key fact: The feature does not exist in earlier versions.
- macOS Ventura (13.x) and below: The prefers-reduced-transparency media query is ignored by the browser.
→ matchMedia().matches always returns false, even if the setting is enabled. - macOS Sonoma (14.0+) and later: The query is active and returns the current state.
Practical implication:
If your profile (even with a Windows User-Agent) returns true or false (rather than ignoring the request), the system knows:
"This is macOS Sonoma or newer".
Behavior across browsers
| Browser | macOS <14.0 | macOS ≥14.0 |
|---|---|---|
| Safari | Request unavailable → .matches = false | Returns the actual value |
| Chrome/Edge | Ditto (WebKit-based) | Same |
| Firefox | Ditto (via CoreGraphics) | Same |
Important: On Windows/Linux, this media query is completely absent. The browser behaves as if it doesn't exist.
Part 3: How Fraud Engines Use This Signal
Modern systems (Arkose Labs, PerimeterX, Forter) implement a passive JS scanner on target sites:
JavaScript:
// Hidden detector
try {
const mql = window.matchMedia('(prefers-reduced-transparency: reduce)');
if (mql.media === '(prefers-reduced-transparency: reduce)') {
// Request recognized → this is macOS Sonoma+
sendFingerprint('os', 'macos_sonoma_plus');
} else {
// Request not supported → older OS or not macOS
}
} catch(e) {}
Result:
- If the profile is declared as Windows, but mql.media returns the correct string, the ban is immediate.
- If the profile is declared as macOS Monterey, but the request is active, there is a version mismatch → high fraud score.
Real-life case (2026):
A carder used Dolphin Anty with macOS Sonoma UA on a Windows PC.
The Razer Gold blocked the session in 8 seconds — the detector detected prefers-reduced-transparency being active.
Part 4: Three Fatal Mistakes Carders Make (and How to Fix Them)
Mistake #1: "I installed macOS UA, which means I'm on macOS."
Problem:The carder spoofs the User-Agent for macOS Sonoma, but runs on Windows/Linux.
The browser on these operating systems doesn't know about prefers-reduced-transparency → the request is ignored.
However, the fraud engine checks not only the result but also the very possibility of fulfilling the request.
- Never emulate macOS Sonoma+ on non-macOS hardware.
- If you are on Windows, your profile should be Windows.
- If you absolutely need macOS, work only on a real Mac.
Mistake #2: Ignoring the media query status in your profile
Problem:Even on a real Mac, the carder doesn't configure the prefers-reduced-transparency behavior in the anti-detect browser. Dolphin Anty may return a random value by default.
- In Dolphin Anty / Multilogin: find the setting "Media Features" → prefers-reduced-transparency.
- Set the value according to your actual OS:
- If you have Reduce Transparency → Reduce enabled on your Mac,
- If disabled → no-preference.
- Don't leave it on "Auto" - it creates instability between sessions.
Mistake #3: Attempting to block a media query
Problem:Some carders try to "block" this request through extensions or modifications to window.matchMedia.
Consequence:
- Blocking causes JS errors or unusual behavior,
- Fraud engines catch such anomalies through behavioral analysis.
- Don't block - emulate correctly.
- The only safe way is to use real hardware with the correct OS and settings.
Part 5: A Practical Checklist for a Carder
| Step | Action |
|---|---|
| 1. Determine your hardware | Using a Mac? → You can use a macOS profile. Using Windows? → Windows only. |
| 2. Check your macOS settings | System Settings → Accessibility → Display → Reduce Transparency (On/Off?) |
| 3. Setting up Media Features | Set prefers-reduced-transparency manually in the anti-detect browser. |
| 4. Validation | Open a console and run: window.matchMedia('(prefers-reduced-transparency: reduce)').media → Should return the query string only on macOS Sonoma+ |
| 5. Don't fake the OS | Fake macOS UA on Windows = guaranteed ban |
Conclusion: CSS is more than just styles
Prefers-Reduced-Transparency isn't about "user convenience." It's a hardware-based OS version detector that operates at the system API level.Those who think that spoofing the User-Agent is enough are doomed to failure.
Those who understand that every media function is a window into the OS kernel create profiles that survive.
Remember: in 2026, security isn't about camouflage. It's about matching reality down to the system settings.
Good luck with your carding.
