Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Partially hiding info from user agent

  • 4 பதிலளிப்புகள்
  • 1 இந்த பிரச்சனை உள்ளது
  • 1 view
  • Last reply by cor-el

Since the first days of the internet, the User Agent (UA) string revealed plenty of info about the client:

  • Operating System and its version (e.g. Windows NT 6.2)
  • Processor architecture (e.g. Intel / x86)
  • Web browser engine and its version (e.g. Gecko)
  • Browser's name (e.g. Firefox) and version (e.g. 50)
  • Browsers build date (e.g. 20100101)

I wonder if all of this info is really necessary? The requirements from a user agent string stemmed from the fact that in early days browsers applied the client code differently and thus adjustments were needed by web developers. Nowadays browsers comply with the standards. The UA string (together with IP address) gives an additional method to identify people better using trackers. In addition, the UA string helps a website (or an injected code) to understand which type and version of a browser/OS the client is using and to apply a malicious code accordingly.

I was thinking perhaps nowadays it would be OK if several parts were omitted from the user agent? For example, the OS & processor type are unnecessary. Maybe the browser's name is unnecessary too, because that the engine is the only thing that's important for the web developer.

Since the first days of the internet, the User Agent (UA) string revealed plenty of info about the client: * Operating System and its version (e.g. Windows NT 6.2) * Processor architecture (e.g. Intel / x86) * Web browser engine and its version (e.g. Gecko) * Browser's name (e.g. Firefox) and version (e.g. 50) * Browsers build date (e.g. 20100101) I wonder if all of this info is really necessary? The requirements from a user agent string stemmed from the fact that in early days browsers applied the client code differently and thus adjustments were needed by web developers. Nowadays browsers comply with the standards. The UA string (together with IP address) gives an additional method to identify people better using trackers. In addition, the UA string helps a website (or an injected code) to understand which type and version of a browser/OS the client is using and to apply a malicious code accordingly. I was thinking perhaps nowadays it would be OK if several parts were omitted from the user agent? For example, the OS & processor type are unnecessary. Maybe the browser's name is unnecessary too, because that the engine is the only thing that's important for the web developer.

All Replies (4)

By this "question" I try to suggest to the developers of Firefox to change the default user agent string in a way that would reveal less about the client. This is more like a feature request rather than a question.

Since that this should be Firefox's default user agent - an extension/add-on isn't required.

Hi,

The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

Note this is something that will have had some thought, as it is recognised the User Agent String may be used in fingerprinting. There have been some changes and the UAS no longer shows the point Release for instance. This is an interesting site demonstrating what is revealed by browsers

It is not only the UAS that provides information that could be used in fingerprinting.

Note of course you can change the UAS yourself, but that then makes you even more unique and easily identified.

The feedback link can not be used for discussions, and I suspect the feedback is probably analysed mainly by machine not real people. If you want a discussion please use one of the fora/mailing lists and feel free to cross link from this forum to whatever post you make.

I would imagine the subject already has discussion threads.

The browser build date (20100101) has been the same in all Firefox versions since Firefox 4.0, so that doesn't mean much. The platform information allows a website to possibly redirect you to a download page for you OS and send special CSS and JS files aimed at each browser.

There is not only the user agent, but there are more navigator properties a website can access via JavaScript.