Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Partially hiding info from user agent

  • 4 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

more options

Since the first days of the internet, the User Agent (UA) string revealed plenty of info about the client:

  • Operating System and its version (e.g. Windows NT 6.2)
  • Processor architecture (e.g. Intel / x86)
  • Web browser engine and its version (e.g. Gecko)
  • Browser's name (e.g. Firefox) and version (e.g. 50)
  • Browsers build date (e.g. 20100101)

I wonder if all of this info is really necessary? The requirements from a user agent string stemmed from the fact that in early days browsers applied the client code differently and thus adjustments were needed by web developers. Nowadays browsers comply with the standards. The UA string (together with IP address) gives an additional method to identify people better using trackers. In addition, the UA string helps a website (or an injected code) to understand which type and version of a browser/OS the client is using and to apply a malicious code accordingly.

I was thinking perhaps nowadays it would be OK if several parts were omitted from the user agent? For example, the OS & processor type are unnecessary. Maybe the browser's name is unnecessary too, because that the engine is the only thing that's important for the web developer.

Since the first days of the internet, the User Agent (UA) string revealed plenty of info about the client: * Operating System and its version (e.g. Windows NT 6.2) * Processor architecture (e.g. Intel / x86) * Web browser engine and its version (e.g. Gecko) * Browser's name (e.g. Firefox) and version (e.g. 50) * Browsers build date (e.g. 20100101) I wonder if all of this info is really necessary? The requirements from a user agent string stemmed from the fact that in early days browsers applied the client code differently and thus adjustments were needed by web developers. Nowadays browsers comply with the standards. The UA string (together with IP address) gives an additional method to identify people better using trackers. In addition, the UA string helps a website (or an injected code) to understand which type and version of a browser/OS the client is using and to apply a malicious code accordingly. I was thinking perhaps nowadays it would be OK if several parts were omitted from the user agent? For example, the OS & processor type are unnecessary. Maybe the browser's name is unnecessary too, because that the engine is the only thing that's important for the web developer.

所有回复 (4)

more options

By this "question" I try to suggest to the developers of Firefox to change the default user agent string in a way that would reveal less about the client. This is more like a feature request rather than a question.

Since that this should be Firefox's default user agent - an extension/add-on isn't required.

more options

Hi,

The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

more options

Note this is something that will have had some thought, as it is recognised the User Agent String may be used in fingerprinting. There have been some changes and the UAS no longer shows the point Release for instance. This is an interesting site demonstrating what is revealed by browsers

It is not only the UAS that provides information that could be used in fingerprinting.

Note of course you can change the UAS yourself, but that then makes you even more unique and easily identified.

The feedback link can not be used for discussions, and I suspect the feedback is probably analysed mainly by machine not real people. If you want a discussion please use one of the fora/mailing lists and feel free to cross link from this forum to whatever post you make.

I would imagine the subject already has discussion threads.

more options

The browser build date (20100101) has been the same in all Firefox versions since Firefox 4.0, so that doesn't mean much. The platform information allows a website to possibly redirect you to a download page for you OS and send special CSS and JS files aimed at each browser.

There is not only the user agent, but there are more navigator properties a website can access via JavaScript.