Re: Remove browser and OS architecture from Firefox's User-Agent string?

Tue, 14 May 2019 17:03:38 -0700 

On 5/14/2019 9:53 AM, Tom Ritter wrote:

On Tue, May 14, 2019 at 4:26 PM L. David Baron<dba...@dbaron.org>  wrote:

So I think there's may be value in removing these distinctions from
the User-Agent header we send over HTTP even if they're still
accessible from Javascript (and useful there for sites offering
downloads).

While I would prefer to remove the distinction everywhere; Tor Browser
came to this same conclusion. They send the same OS for all platforms
in the HTTP Header (partially because Web Logs so commonly record this
and partially in principal) but they report the correct OS via
javascript (because we found issues with compatibility (primarily
keyboard shortcuts in things like gdocs.)


Distinguishing between active and passive fingerprinting is a good point.


Gecko could omit platform architecture from the User-Agent header but 
keep it in the navigator.userAgent API. Is returning two different UA 
strings (like Tor) preferable to keeping the Gecko-specific 
navigator.oscpu API?



I'm not convinced of a legitimate use case for web content to simply be 
handed the platform architecture on Linux, Android, or macOS. Web 
content could still try to detect performance characteristics, but the 
detection methods might not work reliably on all CPU models, 
architectures, and operating systems. For example, the ghacks detection 
testing [1] could distinguish Win32 and Win64 Firefox builds, but not 
Win32 or Win64 OS.



The HTML spec says [1] Gecko's navigator.oscpu may return an empty 
string or "a string representing the platform". We could limit 
navigator.oscpu to return:


* empty string "" on Linux, Android, and macOS
* "Windows NT 10.0" for Win32 Firefox (like today)

* "Windows NT 10.0; Win64; x64" for Win64 (like today) and WOW64 Firefox 
(instead of "Windows NT 10.0; WOW64")



and still adhere to the HTML spec. We could then return the same UA 
string in the User-Agent header and navigator.userAgent API while still 
giving websites an easy way to distinguish Win32 and Win64 OS using 
navigator.oscpu.



[1] https://github.com/ghacksuserjs/ghacks-user.js/issues/657

[2] 
https://html.spec.whatwg.org/multipage/system-state.html#dom-navigator-oscpu



_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform






















					Reply via email to