See inline: (In reply to Simon Mainey from comment #5) > [1] TB > - doesn't care about Netflix (and DRM is disabled) and are more concerned with giving away easy OS info in headers for server logs. And of course it makes sense to limit to two when in Safest mode (albeit not 100% foolproof) This is my understanding as well (the decision on this is from before my time w/ Tor), we keep js-reported UA strings reporting the correct OS in order to avoid breakage for users who are are expecting a more traditional browser experience, while unifying them in HTTP headers to allow users w/o JS enabled (eg in Safest) to be less fingerprintable. > - desktop is based on ESR, but there was talk of moving to a rapid release cycle, so this may not always be the case There are no plans to move to rapid-release anytime soon for desktop. > - android, there is no ESR, so it makes no sense, except that they probably want to reduce some entropy somehow - ESR versioning makes no sense in the GV world, IMO If the code is rather brittle, we could always optionally make the reported esr version a compile-time constant.
Bug 1769022 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
See inline: (In reply to Simon Mainey from comment #5) > [1] TB > - doesn't care about Netflix (and DRM is disabled) and are more concerned with giving away easy OS info in headers for server logs. And of course it makes sense to limit to two when in Safest mode (albeit not 100% foolproof) This is my understanding as well (the decision on this is from before my time w/ Tor), we keep js-reported UA strings reporting the correct OS in order to avoid breakage for users who are are expecting a more traditional browser experience, while unifying them in HTTP headers to allow users w/o JS enabled (eg in Safest) to be less fingerprintable. > - desktop is based on ESR, but there was talk of moving to a rapid release cycle, so this may not always be the case There are no plans to move to rapid-release anytime soon for desktop. > - android, there is no ESR, so it makes no sense, except that they probably want to reduce some entropy somehow - ESR versioning makes no sense in the GV world, IMO If the code is rather brittle, we could always optionally make the reported esr version a compile-time constant.