Warn users when user agent isn't default and offer to reset




9 years ago
9 months ago


(Reporter: cww, Unassigned)


(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)


Software adding stuff to the useragent can break websites in terrible ways.  While most sites are getting used to the near-ubiquity of (.NET CLR), we have MEGAUPLOAD and GTB and more bizarre stuff like desktopsmiley_3_2_99749133281384739_54_622 or DS_gamingharbor .  Not to mention the poor user who had a user agent so long that sites were taking insane amounts of time to load.

I think on update (or some other regular interval) we can dropdown a yellow notification bar saying "Your user agent is not default, this is a privacy concern and it can interfere with websites' ability to support your browser.  Click here to reset it."
See also bug 577865.
Isn't this fixed by Bug 581008 - Remove support for appending arbitrary data to the User Agent string ?
(In reply to comment #2)
No, not fixed. Arbitrary appending was removed but full overriding is still possible. This could be considered not really necessary though, as we hope that the main problems are now going away.
I'm going to propose that when privacy.resistsFingerprinting is set, we hardcode a number of prefs, such as

> pref("general.appname.override", "Netscape");
> pref("general.appversion.override", "5.0 (Windows)");
> pref("general.oscpu.override", "Windows NT 6.1");
> pref("general.platform.override", "Win32");
> pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0");
> pref("general.productSub.override", "20100101");
> pref("general.buildID.override", "20100101");
> pref("browser.startup.homepage_override.buildID", "20100101");
> pref("general.useragent.vendor", "");
> pref("general.useragent.vendorSub", "");

I'm setting this to block Bug 1333933 which is kind of a meta-bug for that idea.
Blocks: 1333933
Whiteboard: [fingerprinting]
Whiteboard: [fingerprinting]
No longer blocks: 1333933
Version: 3.6 Branch → unspecified
You need to log in before you can comment on or make changes to this bug.