Include Firefox Minor Version in User-Agent String
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
People
(Reporter: Tommy, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Steps to reproduce:
- Installed Firefox 115.7 ESR for Linux from https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr
- Go to https://duckduckgo.com/?q=what+is+my+user+agent&t=ftsa&ia=answer
Actual results:
User Agent is reported as:
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Expected results:
User Agent should be reported as:
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.7
or maybe as
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.7esr
if we want to expose that that user is running the ESR version of Firefox.
|
Reporter | |
Comment 1•2 years ago
|
||
I've opened this as a bug because the most recent discussion on including the minor version in the User-Agent string was Don't expose Firefox minor version in UA string, 14 years ago - and the decision there differs from what the current behavior.
That bug was a request to not include the minor version in the User-Agent string and was marked as WONTFIX. At the time the decision by dwitte@gmail.com was to keep including the minor version because minor releases had broken sites before, making the minor version an important detail for sites to know.
However, that decision does not seem to be the current behavior. The current behavior does not report the Firefox minor version in the User-Agent string.
I recognize that this might be a concious decision, but I wanted to open a bug report since I couldn't find any clear documentation of that decision and the only documentation I could find, 588905, suggested that it was a bug.
|
||
Comment 2•2 years ago
|
||
See https://wiki.mozilla.org/Fingerprinting and bug 728831
The bug may be old, but the fingerprinting issue is still valid.
|
|
Reporter | |
Comment 3•2 years ago
|
||
Thanks for the references, it seems I was using the wrong terminology while looking for past discussions.
I agree that it is a potential fingerprinting issue - I just thought based on the discussions in bug 588905 that the fingerprinting was desirable. Though bug 728831 is more recent, and clearly disagrees with that.
If you could help my confusion, that'd be greatly appreciated:
https://wiki.mozilla.org/Fingerprinting says
Remedies: remove the last point digit in the Firefox and Gecko versions
Wouldn't that just be the patch version, not the minor version?
So we'd still expect 115.7, just not 115.7.2?
Or am I misunderstanding the terminology here?
I'm also confused by bug 728831 saying "only show the major version" but then the example (13.X) indicating that it still would show the minor version. 13.X would mean 13 is the major version, and X is the minor version. Though I also see references that X is just important to have exist (even if it is always left as 0) as to not break UA sniffers:
I have a question, why we leave a "13.0" instead "13".
It's expected that the latter would break UA string sniffers. Feel free to file a separate bug on this, though, to investigate the exact impact.
So maybe X is just a meaningless placeholder in the example, not meant to indicate being the minor version.
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 4•2 years ago
|
||
So, am I to understand this is an intentional design decision? The minor version should not be included in the User-Agent (in which case this could be closed as WONTFIX)?
I think that makes sense, just trying to make sure that the intention is clear.
Looks like that was a conscious decision, but I'll kick this over to Anti-tracking and privacy folks in case they have more thoughts.
|
||
Comment 6•1 year ago
|
||
Correct, we intentionally do not send minor version numbers in UA strings.
Description
•