this post was submitted on 21 Nov 2023
1264 points (96.0% liked)

Firefox

17865 readers
9 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 206 points 11 months ago (5 children)

It’s time to get rid of user-agent strings that declare anything other than desktop, mobile, or html version.

[–] [email protected] 132 points 11 months ago (4 children)

99% of sites only need to know your screen aspect ratio and maybe available input devices, can't think of a good reason to share anything else

[–] [email protected] 74 points 11 months ago (4 children)

Knowing OS is useful for download links.

[–] [email protected] 104 points 11 months ago (1 children)

I’d be down for an ask to allow that info. Sort of like how sites request access to cam and mic.

[–] [email protected] 24 points 11 months ago

Before Windows 10, NVidia and others had this button Detect what thing suits me best on their websites. Now many of them just look it up in one's fingerprint without asking.

[–] [email protected] 46 points 11 months ago (1 children)

Oh no, they'd have to list more than one link,the horror!

[–] [email protected] 26 points 11 months ago (2 children)

The vast majority of people would have no clue what to download.

[–] [email protected] 44 points 11 months ago (1 children)

Let them be confused. They'll learn eventually. Or they won't. Computers are too user friendly today anyway.

[–] [email protected] 29 points 11 months ago

Fuckin oath. If we cater to the stupid too much the folks who are middling just get lazy. Make people think. It’s important that we know how to use our brains.

[–] [email protected] 28 points 11 months ago* (last edited 11 months ago)

Microsoft hides their links if they see you run linux. So you need to manually set your OS in the browser settings to see the download link. Very convenient.

[–] [email protected] 2 points 11 months ago (3 children)

having 3 different ones solves that issue though? the user can figure out whic OS they're running pretty well imo.

[–] [email protected] 19 points 11 months ago (1 children)

I can tell you've never had to do T1 tech support before.

It's kind of staggering just how illiterate users can be.

[–] [email protected] 16 points 11 months ago (1 children)

I doubt the fix is to make them need less literacy

[–] [email protected] 3 points 11 months ago

When you are competing for customers not providing the illiterate morons of the world a simple UI leads to them going to your competitor which does.

And unfortunately those illiterate morons outnumber every one else by a significant chunk.

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago)

That's a fair perspective, but most people strive for as few clicks between users and their targets as possible. Forcing a user to become semi-tech-competent by sending them on a fetch quest to figure out their os, while not an inherently bad thing, does work against this overall goal....

Idk, it's like education vs service industry goal setting, that's all I'm trying to get at here lol

Edit: plus, there's no guarantee that it will remain just the big 3 for forever. There was a time before Linux, maybe we'll see a time after windows.... Unlikely, but one can dream lol

[–] [email protected] 5 points 11 months ago (3 children)

Since we have CSS what would be the purpose of the server knowing the aspect ratio?

[–] [email protected] 11 points 11 months ago (1 children)

Ideally, to save bandwidth on both sides, the server would only want to serve you the JS and CSS you need. I'm not sure how frequently that optimization is made, however.

[–] [email protected] 2 points 11 months ago (1 children)

I’m a bit rusty on this, but I think you’d need to split your Sass/SCSS/etc before Webpack will perform tree-shaking or allow lazy-loading. I don’t think many devs wrote it that way: personally, I like my mobile rules beside my desktop ones, since my styling is component-wise.

[–] [email protected] 1 points 11 months ago

I haven't done UI work in years so I'm not sure how they do it these days.

[–] [email protected] 4 points 11 months ago

Fair point, there could be reasons, and I'd say there's no privacy concerns if that's all they get, but I know it's part of fingerprinting. I said 99% so they don't even need to know that

[–] [email protected] 1 points 11 months ago

that's how css gets its media queries, user agents

[–] [email protected] 0 points 11 months ago

as a front end web developer, I've found it useful to know what user agent is requesting a page in order to load conditional styling. For example, to compensate for Safari's god-awful outlines support (pre-version 16).

[–] [email protected] 38 points 11 months ago (1 children)

The biggest offender is, surprisingly, cloudflare. They will straight up refuse to serve you any site if your user agent is not one of the mainstream ones. It's not even "find the traffic light to prove you're human", but a page basically saying "fuck you, go away".

[–] [email protected] 1 points 11 months ago (2 children)

Well their job is to block weird bot-looking traffic...

[–] [email protected] 34 points 11 months ago (1 children)

what is more likely to be a bot? a unique and trackable useragent for a semi-niche browser engine, or a vanilla Chromium+Windows which half of everyone uses ?

[–] [email protected] 2 points 11 months ago (1 children)

Most semi and fully legitimate bots use a custom user agent.

[–] [email protected] 5 points 11 months ago

what about malicious/unwanted bots? if cloudflare is trying to block bots, the bots will want to not look like bots. the easiest way to do that is to use a common user agent.

[–] [email protected] 6 points 11 months ago

User agent identifier is not useful to block bots. You can literally set it to whatever you like.

[–] [email protected] 35 points 11 months ago* (last edited 11 months ago) (3 children)

If I was a Firefox dev I'd start looking into building in user agent spoofing right into the browser.

It already opens Facebook pages in a special isolated tab. They could have apple.com open in it's own special "safari" tab. I wonder if there's anything preventing them from doing that. I guess it could be bad because it would make their market share appear even smaller.

[–] [email protected] 37 points 11 months ago

The irony of Firerfox officially agent spoofing while everyone else uses some variant of "Mozilla" as their UAS is too much.

[–] [email protected] 8 points 11 months ago* (last edited 11 months ago) (1 children)

I think user agent scrambling is part of privacy.resistFingerprinting, but it's a controversial feature and breaks a lot of webpages

[–] [email protected] 16 points 11 months ago

Broken webpages might be a good thing. There are too many browsers that aren’t adhering to standards. Stop coding around it and start publicly shaming these megacorps.

[–] [email protected] 4 points 11 months ago (2 children)
[–] [email protected] 1 points 11 months ago

That article is great! I have it linked on my website next to the text that displays the user agent of the user.

[–] [email protected] 0 points 11 months ago

That's was interesting to read.

[–] [email protected] 12 points 11 months ago (1 children)

User agents are not unfortunately not the only way to identify a browser, there are other ways to fingerprint a platform.

[–] [email protected] 6 points 11 months ago (2 children)

JavaScript as it is today also need to be thrown in a trash of history. Website should not contain additional code. If someone wants to send me an app hacked on top of website rendering, it should be a popup asking me first if I want to run this.

[–] [email protected] 13 points 11 months ago (1 children)

No, dynamic content should absolutely be able to be delivered through the open Web, not just through walled gardens. Apps are almost universally shit.

[–] [email protected] 2 points 11 months ago

No problem with sending some JavaScript module extending browser's capability. But the problem I see is sending whole sites this way, sometimes even rendering HTML on the visitor's browser, yack..

[–] [email protected] -3 points 11 months ago (1 children)

That's a terrible idea. Every single thing other than a block of text requires js.

[–] [email protected] 5 points 11 months ago (1 children)

This is absolutely not true and just a myth. Images, video playback, "show more", forms, tabbing, animations, custom icons, hover effects, popups, background images and videos, light/dark mode, hamburger menus...

It's hard to count things you can do with advanced format that is HTML+CSS. Saying JavaScript is nessesary for anything other than block of text is like saying that in Minecraft command blocks are nessesary for anything other than making voxel art.

For basic things like interacting with your bank or goverment, running any additional code should be unnessesary. And I believe this needs to be a law targeting accessibility and compatibility.

[–] [email protected] 1 points 11 months ago

For maps, dynamic updating, OK. But look at the web now, most sites are apps requiring 99% of web standards implemented to work. No wonder it's now impossible to actually make a new browser.

HTML was made to last. If browser do not support some tag it would try and render it anyway. Meanwhile with today's webapps browsers in 2033 will be required to have so much technical debt that for now was exclusive to operating systems.

[–] [email protected] 4 points 11 months ago (1 children)

i don't want them knowing desktop or mobile either. we all have good enough phones now to handle a proper website on mobile -- mobile sites are fucking garbage.

steve jobs during the original iphone keynote did a whole segment on how you could load the full rich widescreen NYT website and zoom in and out and look at that rich text rendering. apps are ass, mobile sites are ass.

[–] [email protected] 6 points 11 months ago (1 children)

especially when they don't even have all of the features of the desktop site

[–] [email protected] 8 points 11 months ago

The number of sites that aggressively disable the force pinch to zoom accessibility feature is too damn high