Comment by matheusmoreira
3 years ago
Excellent. Sites shouldn't know what user agent we're using anyway. Pretty much the only thing they use this for is to lock us out when we use "unsupported" browsers. The less information they get, the better. Hopefully they'll get rid of referrer too and weaken fingerprinting methods.
I have no doubt Google has self-serving motivations here but the result is still a win for us. I wish Firefox had enough leverage to force decisions like this down people's throats whether they like it or not but it just ain't so. Reality is imperfect so I'll take what I can get.
Yeah I tend to agree here... It really seems like none of the server's business what agent I'm using.
Yup. It's none of their business. They can't discriminate against us if they don't know anything about us.
Can't trust you either. Are you a bot? Well it's good to assume you are by default, since it's the majority of internet traffic anyway. And for your privacy, you're not exactly forthcoming with data to now prove otherwise.
So sorry, until you pay with a unique individual bank account to prove identity, you can't post on future social media sites. You are a bot after all.
16 replies →
I've always advocated for feature detection. If you test for typeof Object.assign !== 'function' you can be sure you have a reasonably recent browser. If you want fetch, test for window.fetch.
This sort of thing always feels like it's going against the grain, with someone always asking "why wouldn't you do this properly. You know, build an allow list of user agents and match against them". I fully support people being forced into detecting the features they want and doing away with this nonsense,
I don't think web developers should be able to detect stuff like that either. Their ability to detect stuff provides identifying bits for fingerprinting. As far as I'm concerned, all the browsers should normalize the return values of those typeofs and all related functions so that Javascript can figure out exactly zero bits of information about the environment it's running on. Just like browsers will lie to Javascript when it tries to figure out your browsing history by checking the color of links.
The web platform gave web developers way too much freedom and they're abusing it. God giveth and god taketh away.
There's simply no way that can ever be built though. "Browser v2 provides X which will call argument 1 in 2 seconds" -> how would browser v1 possibly hide that it is not v2? Anyone can build a thing that checks for that behavior, and now you have a piece of information.
Or for more useful stuff, "X gets you data from URL Y". Either you get that data or you don't. Voila, data about the browser.
The only alternative is that you never ever release any new features or fix any bugs.
4 replies →
> Feature detection is too much power for developers
- People on HN.
7 replies →
There are plugins for Firefox that can make the user agent string anything you want.
It doesn't matter. Actually those plugins are straight up counterproductive.
The best user agent is the one that offers them the fewest identifying bits. In other words, the user agent of the most popular version of Chrome. The ability to set it to "anything we want" is actually a trap. What we really want is for everyone to use the exact same user agent so they can't tell us apart.
If everyone has the same user agent, it's nothing but a waste of bandwidth and it should be removed. Google is actually achieving our objective here.
Well yeah, they have a pre-configured set of choices, e.g. "Chrome on Windows" but you can do something custom too, if you want.
Firefox has plugins to set your user agent to Chrome.
1 reply →