Closed Bug 652779 Opened 14 years ago Closed 9 years ago

Change Firefox User Agent to just "Firefox"

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: b4369768, Unassigned)

Details

User-Agent: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.8.131 Version/11.10 Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0 I propose changing the current User Agent format from e.g. "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0" to just "Firefox". Limited testing on Alexa's top 10000 shows that modifying the UA by "general.useragent.override" and downloading the webpages with the normal and modified UA and looking for differences shows correct content served in both cases. It appears that as long as the token "Firefox" is anywhere in the UA, the correct content will be served. Possible problems are listed here: http://groups.google.com/a/chromium.org/group/chromium-discuss/browse_thread/thread/f78fd70adb947ee5# This change is proposed only for firefox, not for other Gecko-using products. Reproducible: Always
And by removing all the other information, we lose version info, platform info, etc? And the benefit of this?
Encouragement of feature-sniffing instead of browser sniffing, managing to fit requests into a single packet thanks to saved size, less data stored in server logs, higher privacy for users (see e.g. here https://panopticlick.eff.org/ ) Additionally, by having just "Firefox", you will always know that the browser version is higher than Firefox 4, so you can safely assume support for all modern web standards. Also, given Firefox's excellent (auto)update method, users will be updating to the recent version anyway - so by seeing "Firefox" in the UA you can assume the recent version of Firefox.
The User-Agent header was already changed a lot in Firefox 4.0, precisely for <https://panopticlick.eff.org/>. What remains is what was deemed necessary. If you look closely to the date for instance, you see that it's set at Jan 1st, 2010, and it will not be changed later. That's because several websites require a date inside the string. Even a fake date works. See discussion in bug 584683 and bug 572650.
I followed the discussion in bug 584683 and bug 572650 and related - and none of them proposed as radical changes in the User Agent as what I am proposing now. Why couldn't Firefox be the 1st browser to lead the way to the bright future of zero browser-sniffing? The proposed change of having the User Agent as simply "Firefox" or "Gecko Firefox" could easily be tested in the Minefield builds (where their users know how to detect these problems and get around them and report them). I constantly see people claiming that it would break compatibility with websites but so far in my testing on Alexa's top 10000 I have not detected a SINGLE occurance of content not being served, layout being destroyed, or not being able to navigate the site. I have not seen a list of websites that would break with it - and by including this testcase in the Minefield builds we would easily find out what breaks. Hence I propose for this to be tested in a single Minefield build, with a possibility of reverting to the previous behavior in the next Minefield builds - so that we gain a truly representative idea of what the current state of the web is.
Version: unspecified → Trunk
Component: General → Networking: HTTP
Product: Firefox → Core
QA Contact: general → networking.http
Another reason pro this bug is security. Exploit toolkits (used by hackers for profit) are known to use user agent strings to find their targets based on versions or architecture. Removing this information would make their lives harder, firefox users should profit from that. I know that outdated firefox versions shouldn't be a concern to mozilla, but they exist and we can't do much about that. If there is a way to improve security for those users (at least a bit), shouldn't it be done?
Exploit authors can easily detect old Firefox versions without relying on user-agent. It helps little. We learned even Google breaks when we tried to remove "Gecko/20100101". I don't think this is possible.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.