464414 - Firefox's User-Agent string is a privacy hazard when locales and Operating Systems with limited number of users are involved

Status: RESOLVED DUPLICATE of bug 55366

(Firefox :: General, defect)

Description

[Reşat SABIQ (Reshat)]

User-Agent:       Mozilla/5.0 (X11; U; Windows; U; Windows NT 5.1; tr; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3

The Build Identifier/User-Agent string in this bug reveals my OS, and my locale. Well, the truth is i had to dummy it up, because by default it would reveal way too much information as far as i am concerned.
1) If you are using a locale that has a relatively small number of users, and/or you are located in a region where that locale has a small number of users, websites could potentially associate such an HTTP request to a fairly small number of individuals to one of which such a request is likely to belong. 
2) The same argument applies for certain Operating Systems that aren't characterized by large numbers of users.
3) The same argument represents an exponentially larger privacy hazard if it involves all 3 factors: a locale from item 1, an unlikely region for that locale from item 1, and a fairly unique Operating System from item 2.

Reproducible: Always

Steps to Reproduce:
1. Access a page showing User-Agent information with Firefox with default User-Agent composition.
2. Check User-Agent string for locale and Operating System
Actual Results:  
User-Agent string contains locale and Operating System by default.

Expected Results:  
User-Agent string should not contain locale and Operating System by default.

I believe the best thing to do is to not include any locale, OS, platform, or machine information in the User-Agent by default, but to provide a Browser Identification tab as in Konqueror, where the user could check checkboxes to indicate which of the following fields they'd like to expose in User-Agent string:
Operating System
 Operating System version
Platform name
Processor type
Locale

Konqueror also provides for site-specific customizations of User-Agent string in the same tab. If Konqueror's features are supported by Firefox, of course including all of the above EXCEPT Locale in the User-Agent by default would probably be acceptable, assuming that users using rare OS or hardware would be knowledgeable enough to uncheck those checkboxes if that aspect concerns them.

P.S.
I realize that Accept-Language HTTP header, if set to the afore-mentioned locale, reveals similar information as well, but that header actually serves a useful purpose, and having it is unavoidable. Language information in User-Agent, however, serves no purpose, other than introducing unnecessary privacy hazards for some users. This is why IE and Konqueror don't expose locale information in User-Agent at all (even though as mentioned Konqueror can be configured to expose that information). Also, for less common languages, a user might be interested in using the app in that language, but possibly using a different language in Accept-Language HTTP header, one that more sites would be likely to support.

Comment 1

[Daniel Veditz [:dveditz]]

A dupe of bug 55366. Several addons address this problem including the "user agent switcher" and the privacy-focused Torbutton.