On Thu, Sep 13, 2012 at 2:49 AM, Nicholas Nethercote <n.netherc...@gmail.com> wrote: > On Thu, Sep 13, 2012 at 4:27 PM, Jonas Sicking <jo...@sicking.cc> wrote: >> >> * Some content providers strike deals with hardware manufacturers >> which allow devices made by the manufacturer to access content for >> free. One way that this is implemented is by looking for tokens in UA >> strings and serve content based on this. > > I think this is the worst abuse of a UA string I've ever heard of.
Actually, I would say this is one of the stronger use cases that I've seen for UA sniffing. Pulling a random hardware manufacturer name here since I honestly have no idea who has been creating deals like this. Say that HTC wants to market their phones towards soccer enthusiasts. They could do this by paying the local soccer league access to a set of games which will be streamed from HTCs website. There is no practical way for them to enforce that only HTC users access this content. There is no way they could get even a fraction of HTC customers by chasing down all telephony providers and asking them who they have been selling HTC devices to. Then getting the home addresses or phone numbers of all of these people and sending them mail or text messages with username/passwords for accessing this content. This is especially true in a country like Brazil where prepaid accounts are very common. As is people having multiple sim cards (this is by far more common than just having one sim card). And even if they did manage to do this, the credentials for how to access this content would immediately be widely spread among friends. Filtering on UA tokens is most certainly not a "safe" solution here. But it seems like information about how to "hack" this would be much harder for people to figure out, and so would abuse is unlikely to be nearly as widespread. So it seems to me that not putting hardware tokens in the UA string effectively disables this business model. I can't say that I hold this business model particularly high in regard. But I also don't feel that it's terrible enough that I can say that it's a business model I obviously feel ok with disabling. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
