Replace Mozilla/5.0 with Gecko[/version]

RESOLVED WONTFIX

Status

()

defect
RESOLVED WONTFIX
10 years ago
9 years ago

People

(Reporter: glandium, Assigned: dwitte)

Tracking

(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

As per the user agent strings reference proposal (https://developer.mozilla.org/En/User_Agent_Strings_Reference ), the first item in the UA string should be the application name, and that is not Mozilla, but Firefox. Moreover, it has been more than 10 years that the vast most majority of web browsers have a UA string starting with Mozilla. There is no reason for browser sniffing to still be checking for Mozilla in the UA string anymore. They (wrongfully) check for Firefox, nowadays.
I would put Gecko (1.9.X) in front of the UA, that is the important part of the UA string instead of Firefox which is only the application that is using Gecko.
Putting Firefox as first Item would be a signal to use it even more as check and Camino, Seamonkey, Iceweasel and all the other Browsers using Gecko will get more problems with stupid sites.

>There is no reason for browser sniffing to still be checking for Mozilla in the UA string anymore.

There is no reason for Yahoo as example to use the Gecko year in their check but they do (did ?) it and we had to open an evangelism bug every year.
There is a high risk that you break pages with the suggested change and there is little benefit.
(In reply to comment #1)
> There is no reason for Yahoo as example to use the Gecko year in their check

There *is* a reason for them to do so, they can make /some/ distinction with it. You can no longer do any distinction with the Mozilla string. (except the 4.0 vs 5.0 one, but it's really pointless)
Removing Mozilla/5.0 would save a whole dozen characters in an HTTP request. :)

Sniffers may not be checking for this but it's possible a few bad ones rely on it when parsing. This may still be something nobody wants to bother with updating.
How does this relate to HTTP fingerprinting? "Mozilla/5.0" doesn't seem to bear information.
Component: General → Networking: HTTP
Product: Firefox → Core
QA Contact: general → networking.http
(In reply to comment #4)
> How does this relate to HTTP fingerprinting? "Mozilla/5.0" doesn't seem to bear
> information.

Bug 572650 tracks reduction in both data and entropy in HTTP requests. This is just vestigial data like the "U;" already removed via this meta bug.
> They (wrongfully) check for Firefox, nowadays.

I'd argue to remove "Firefox" as well, for that reason. It doesn't and shouldn't really matter to a site whether it's Firefox or Seamonkey or whatever.
Nevermind, that's bug 572665.
I think sites use Gecko and the rv mostly over Mozilla/version.  I think for IE, them using Mozilla/5 compatible seems odd to me, but people on the IE UA string blog claim that's irrelevant now too even though IE9 will still have Mozilla/5, but I don't think it makes sense for people to have sniffer solutions that look only for brand names and versions again like IE6/IE7, etc either.
(In reply to comment #6)
> > They (wrongfully) check for Firefox, nowadays.
> 
> I'd argue to remove "Firefox" as well, for that reason. It doesn't and
> shouldn't really matter to a site whether it's Firefox or Seamonkey or
> whatever.

That's really more of an argument against user agent strings entirely. ;)
Summary: Replace Mozilla/5.0 with Firefox/version → Replace Mozilla/5.0 with Firefox/version (or Gecko/version ?)
Blocks: 584683
The engine is Gecko, which includes a bundled JavaScript engine SiderMonkey or whatever, so it should be Gecko/x.y.z at the beginning of the UA string and the Application name like Firefox, SeaMonkey, Thunderbird, Ida gmL or what ever in the description.

Important for the features is Gecko only not the application using it.
Yes. I'm going ahead and changing summary
"Replace Mozilla/5.0 with Firefox/version (or Gecko/version ?)"
to
"Replace Mozilla/5.0 with Gecko/version"
I hope nobody minds.

The spec (see below) says "By convention, the product tokens are listed in order of their significance for identifying the application." You can argue what is "more significant". For end users, surely "Firefox" is more recognizable. Technically, surely Gecko is more significant than Firefox for websites. WebKit vs. Gecko matters, not Firefox vs. Seamonkey. So, I think Gecko should be first, and Firefox or Seamonkey can be an optional second token:

Gecko/1.9.3 (Linux)
or
Gecko/1.9.3 (Linux) Firefox/4.0

---

FWIW, User-Agent is specified in RFC 2616, Section 14.43 <http://asg.web.cmu.edu/rfc/rfc2616.html#sec-14.43>.
Summary: Replace Mozilla/5.0 with Firefox/version (or Gecko/version ?) → Replace Mozilla/5.0 with Gecko/version
Blocks: 586165
Depends on: 588904
Adjusting summary -- what to do about the 'version' part of Gecko/version is bug 588909 and tangentially bug 588913.
Assignee: nobody → dwitte
Summary: Replace Mozilla/5.0 with Gecko/version → Replace Mozilla/5.0 with Gecko[/version]
Posted patch patch (obsolete) — Splinter Review
I'm dubious as to how well removing 'Mozilla/5.0' is gonna work out, but here's a patch. We can give it a whirl in nightlies. If the world breaks, we know what to do.

This shifts the 'Gecko' bit to the front, where it rightfully belongs. No messing with the 'version' bit here (patch for removing the buildID is in bug 572661, adding the major/minor version is bug 588909).
Attachment #467562 - Flags: superreview?(jst)
Attachment #467562 - Flags: review?(jduell.mcbugs)
Posted patch patch v2Splinter Review
Updated for changes in bug 572661.
Attachment #467562 - Attachment is obsolete: true
Attachment #467574 - Flags: superreview?(jst)
Attachment #467574 - Flags: review?(jduell.mcbugs)
Attachment #467562 - Flags: superreview?(jst)
Attachment #467562 - Flags: review?(jduell.mcbugs)
>-    LOG(("> app-name = %s\n", mAppName.get()));
>-    LOG(("> app-version = %s\n", mAppVersion.get()));
>+    LOG(("> vendor = %s\n", mVendor.get()));
>+    LOG(("> vendor-sub = %s\n", mVendorSub.get()));
>+    LOG(("> vendor-comment = %s\n", mVendorComment.get()));

I know that it's just for logging, but did you mean to move the product tokens upfront rather than the vendor ones?
It does feel a little odd for Mozilla to basically be the only one not saying "Mozilla" in the UA string... that plus the outside possibility of a sniffer confusion makes me want to suggest doing one of the following:

Mozilla Gecko/ver (OS) Application/ver
Mozilla Gecko/ver Application/ver (OS)
Mozilla Gecko (OS; rv:GeckoVer) Application/ver

In other words, just drop the meaningless "/5.0" but keep the meaningful "Mozilla" and try and get other browsers to drop it all entirely.
(In reply to comment #16)
> It does feel a little odd for Mozilla to basically be the only one not saying
> "Mozilla" in the UA string

Poetic, yes.

> In other words, just drop the meaningless "/5.0" but keep the meaningful
> "Mozilla" and try and get other browsers to drop it all entirely.

I don't think they'll drop it if we don't. The argument for keeping it is simply that it's not doing any harm, other than wasted header space, so if we don't drop it then we should leave it exactly as is. In that case, like you suggest, 'Mozilla/5.0 Gecko (...)' sounds reasonable to me.
Or, how about we bump it to "Mozilla/6.0" just for fun?
You don't change the UA string just for fun. The token isn't meaningful, it should stay as is for compatibility or entirely go away.
Comment 18 was meant sarcastically. Sorry if I wasn't clear.
Not gonna do this.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Attachment #467574 - Flags: superreview?(jst)
Attachment #467574 - Flags: review?(jduell.mcbugs)
Facts that haven't been mentioned yet:
* MSIE and others have "Mozilla/4.0 (compatible; ..." in front
* Opera has "Opera/" in front, no "Mozilla/"
* Some web spiders (Yahoo, Google) use "Mozilla/5.0 (compatible; <me>bot...",
  other spiders (MSN/Bing, Baidu, ...) do not
(In reply to comment #22)
IE9 is switching to "Mozilla/5.0" from "Mozilla/4.0" for the explicit purpose of attempting to maintain this nonsense.
http://blogs.msdn.com/b/ie/archive/2010/03/23/introducing-ie9-s-user-agent-string.aspx

Opera is nice and simple, but then again, they spoof a lot instead.

If we really REALLY want to kill this useless bit, we're going to need to basically hold a multi-vendor UA string summit and get everyone to agree to do something at once...
What is the rationale for not removing Mozilla/5.0? In my opinion, this is the most useless part of the UA string.
The rationale here was:

1) The presence of the string provides zero incremental entropy
2) IE, Chrome, and Safari include it
3) There are known sniffers that, for whatever reason, look for "Mozilla" at the beginning of the string
4) It does not represent a liability (unlike some other tokens which change)

The only argument for removing it is header bloat. There's little hard data here, but it was relatively trivial to find examples of 3), and it's just not that interesting to remove.
You need to log in before you can comment on or make changes to this bug.