Page MenuHomePureOS Tracker

purebrowser: Choice of user-agent string lack a policy
Open, NormalPublic

Description

Depending on user-agent string, some web browsing fail to load due to use of UA sniffing (rather than, say, feature detection or defensive programming).

User-agent is a string of this form: Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]

Options:

  • Plain: Include PureBrowser in extensions
  • Compatibility mode: Include Firefox and PureBrowser in extensions
  • Impersonation: Include Firefox in extensions
  • Subtle: Include PureBrowser in browser information, and Firefox` in extensions

Plain is the default when Firefox is built with "Brand" changed to "PureBrowser".

Compatibility mode is the style when a rebranded Firefox is runtime-configured with general.useragent.compatMode.firefox enabled.
This has been applied to PureBrowser since 52.9.0esr-1pureos2.

Impersonation is practiced e.g. by GNU IceCat fork of Firefox (see https://tracker.pureos.net/w/troubleshooting/firefox_compat_mode/).

Subtle is suggested by Mozilla as acceptable for AMO (see T595#11999).

Examples of failures include AMO (see T202) and Jitsi Meet (see T201).

Other considerations:

  • An idiosyncratic UA string has privacy implications (see https://panopticlick.eff.org -- there are many other tracking signals, but any idiosyncrasy has an impact)
    • This would suggest impersonation mode is preferable.
    • We don't want to commit to "keep Panopticlick score as low as possible", Tor is better suited to that use case. This change should not be read as implying that.
    • What are the benefits of an idiosyncratic UA? Measuring browser reach globally. Measuring browser reach on our own sites. What value does this have? Any other benefits? If there is value here, we could take the IceWeasel approach.
    • Global scale trackers may count us as Firefox if we include "Firefox" in the UA string. Is this good or bad?

Event Timeline

d3vid created this task.Nov 10 2017, 02:55

User agent sniffing is an anti-pattern. Our browser getting identified as different from Firefox is a feature, not a bug.

I believe privacy implications is *not* a concern here: We should support security by obscurity only optionally, and only when not getting in the way of progress towards Freedom.

The user-agent string is an identifier. As such I no sense in including "Firefox" in the string, because that detail is *exactly* the part we avoid in deriving our product from the product from Mozilla: If Firefox identifies itslef as (hi, I am a Gecko engine branded as Firefox" then it makes perfect sense that we, when deriving, change that to "Hi, I am a Gecko engine, branded as PureBrowser".

I learned that Option 2 can be enabled by the user in a safe way by setting the "general.useragent.compatMode.firefox" parameter in about:config to true -- that is the purpose of that option which is only available in Firefox derivatives.

User agent sniffing is an anti-pattern. Our browser getting identified as different from Firefox is a feature, not a bug.

Whilst I 100% agree in principle, after working for (gosh) 10 years in web development it is something that is really unavoidable :(

User agent sniffing is an anti-pattern. Our browser getting identified as different from Firefox is a feature, not a bug.

Whilst I 100% agree in principle, after working for (gosh) 10 years in web development it is something that is really unavoidable :(

Wouldn't doing Option #2 (by setting general.useragent.compatMode.firefox by default) not negate that? The browser would still be clearly identified as different from Firefox, with Purebrowser in the UA.

I don't think it would be like lying -- they may be misguided, but many website creators look for "Firefox" in the UA because they expect it to catch all browsers *like* FF, including Iceweasel, Purebrowser, etc. due to the fact that they assume compatMode.firefox is usually set on such derivatives. It seems like much more sense to just include that. You can even add the word "like" to the UA if you want to eliminate any possible confusion.

I prefer and would advocate for option 2 because it instructs sites that (mistakenly or not) use browser versions to determine how to behave that PureBrowser is most compatible with a particular version of Firefox (which it is, having been almost entirely derived from that browser, with some modifications), while also informing the site that the browser is not in fact Firefox, but something else.

This to me is a fair compromise with the engineering concerns (I almost said ethical concerns but honestly this falls more into the "I don't like that those engineers do it that way" than "Those engineers are acting unethically") because we are stating our compatibility but also stating that we are not in fact Firefox but are something else.

From the end user's perspective, without displaying some kind of UA string that contains a Firefox version, our browser will be broken on many websites where otherwise it would work just fine. It seems a shame to allow this breakage (or force the user to change the UA string themselves) just because we would prefer web developers not develop websites a certain way (a way which is not unethical, just undesirable).

It seems like an easy win for us. Leaving it how it is will not make any web developers change their behavior, but it will make PureBrowser seem "broken" for our users unnecessarily. While I also appreciate the privacy concerns with having an unusual UA string, in this case I think users with those concerns are sophisticated enough to change the UA themselves, or otherwise use Tor Browser instead.

jonas.smedegaard added a subscriber: chris.lamb.
d3vid added a comment.Mar 7 2018, 01:01

This has been mentioned elsewhere, but just to document Mozilla's take on all this:

Mozilla recommend against UA sniffing. If you do sniff, they recommend looking for "Gecko" not "Firefox".

Mozilla provides the general.useragent.compatMode.firefox flag so that the browser adds "Firefox" to the UA string, such that the Firefox version is logical match for the Gecko version. This is provided explicitly to support a user browsing a site that insists on sniffing for "Firefox".

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox

Ok, I am convinced with doing option 2.

My main concern against it was detachment from the trademark-protected name - but since Mozilla themselves provide a mechanism specifically for derived browser product I take that as them toleating use of their name used that specific way (i.e. when then also adding trailing product name).

Another concern is the risk of collateral damage: Previous hacks have affected several things at once (one of them being path to user config - see T335). Again, Mozila providing a mechanism specifically for this helps.

I have tested succesfully, and future releases of PureBrowser will add the following to /etc/purebrowser/purebrowser.js:

pref("general.useragent.compatMode.firefox", true);
jonas.smedegaard closed this task as Resolved.Aug 7 2018, 02:37

This issue is solved since release 52.9.0esr-1pureos2, uploaded to landing on July 5th (and likely entering green ~10 days later).

jonas.smedegaard renamed this task from User-agent string policy to purebrowser: Choice of user-agent string lack a policy.Dec 20 2018, 03:39
jonas.smedegaard triaged this task as Normal priority.
jonas.smedegaard reopened this task as Open.Dec 20 2018, 04:34
jonas.smedegaard updated the task description. (Show Details)