[opensuse] why does Firefox lie about its version?
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" Why does it lie about its version number? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 19.12.18 um 21:16 schrieb Dave Howorth:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
That depends what you mean by "lying". "Mozilla/5.0" is like an ancient relic which is cherished by software used by web designers and some web servers. Kind of a baseline for "not IE". The thing you're looking for is "rv:60.0" and "Firefox/60.0". That's the "real" version if anyone cares. Note: Chrome and in fact every WebKit based browser also sends "Mozilla/5.0". Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 19 Dec 2018 21:30:47 +0100 Aaron Digulla <digulla@hepe.com> wrote:
Am 19.12.18 um 21:16 schrieb Dave Howorth:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
That depends what you mean by "lying".
"Mozilla/5.0" is like an ancient relic which is cherished by software used by web designers and some web servers. Kind of a baseline for "not IE".
The thing you're looking for is "rv:60.0" and "Firefox/60.0". That's the "real" version if anyone cares.
That's my point - it isn't. It's 60.3.0
Note: Chrome and in fact every WebKit based browser also sends "Mozilla/5.0".
Regards,
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 19.12.18 um 22:11 schrieb Dave Howorth:
On Wed, 19 Dec 2018 21:30:47 +0100 Aaron Digulla <digulla@hepe.com> wrote:
Am 19.12.18 um 21:16 schrieb Dave Howorth:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number? That depends what you mean by "lying".
"Mozilla/5.0" is like an ancient relic which is cherished by software used by web designers and some web servers. Kind of a baseline for "not IE".
The thing you're looking for is "rv:60.0" and "Firefox/60.0". That's the "real" version if anyone cares. That's my point - it isn't. It's 60.3.0
Ah. Browsers generally discourage people trying to read too much into the UserAgent string. In the past, some developers have tried to use this to determine the features of the browser. That often failed when unknown strings were encountered. It also becomes incredibly messy when you try to map features to versions. There are much better ways to detect which features a browser supports (like checking for undefined properties). See https://stackoverflow.com/questions/3463915/what-does-it-mean-when-ie-report... Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/12/2018 23.30, Aaron Digulla wrote:
Am 19.12.18 um 22:11 schrieb Dave Howorth:
On Wed, 19 Dec 2018 21:30:47 +0100 Aaron Digulla <digulla@hepe.com> wrote:
Am 19.12.18 um 21:16 schrieb Dave Howorth:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number? That depends what you mean by "lying".
"Mozilla/5.0" is like an ancient relic which is cherished by software used by web designers and some web servers. Kind of a baseline for "not IE".
The thing you're looking for is "rv:60.0" and "Firefox/60.0". That's the "real" version if anyone cares. That's my point - it isn't. It's 60.3.0
Ah. Browsers generally discourage people trying to read too much into the UserAgent string. In the past, some developers have tried to use this to determine the features of the browser. That often failed when unknown strings were encountered. It also becomes incredibly messy when you try to map features to versions. There are much better ways to detect which features a browser supports (like checking for undefined properties).
Well, if when using Firefox I change the User-Agent to say "Chrome, Android" (I don't remember the exact wording) then I get the version of the page best suited for mobile devices, with less load (it interest me to lower the bandwidth when I'm not home). However, it I change to "Firefox, Android" it does not work. I don't know of some approved method to tell the sites I want the mobile version, or that I want a low bandwidth version, or that I want an /accessible/ version.
See https://stackoverflow.com/questions/3463915/what-does-it-mean-when-ie-report...
Well... -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number? It does no lie maybe? By the principle of data parsimony, why would you give information that shall be available to the owner of the system but is of not use but tracking to the outside site? If it is sufficient for a correct service to know the general version and not
In data mercoledì 19 dicembre 2018 21:16:19 CET, Dave Howorth ha scritto: the sub-revision, then this behavior would be perfectly sensible, also from a security point of view. If I do not know a revision, i have trouble to attack a precise revision. Besides, AFAIK you can even force a browser to give an arbitrary indication to web servers to heighten privacy and to make tracking harder. So that would not be a lie. But I am just guessing. _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 19 Dec 2018 21:33:21 +0100 stakanov <stakanov@eclipso.eu> wrote:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number? It does no lie maybe? By the principle of data parsimony, why would you give information
In data mercoledì 19 dicembre 2018 21:16:19 CET, Dave Howorth ha scritto: that shall be available to the owner of the system but is of not use but tracking to the outside site? If it is sufficient for a correct service to know the general version and not the sub-revision, then this behavior would be perfectly sensible, also from a security point of view. If I do not know a revision, i have trouble to attack a precise revision. Besides, AFAIK you can even force a browser to give an arbitrary indication to web servers to heighten privacy and to make tracking harder. So that would not be a lie. But I am just guessing.
Thanks, that's a very reasonable explanation. I wonder if it's correct? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data mercoledì 19 dicembre 2018 22:12:21 CET, Dave Howorth ha scritto:
On Wed, 19 Dec 2018 21:33:21 +0100
stakanov <stakanov@eclipso.eu> wrote:
In data mercoledì 19 dicembre 2018 21:16:19 CET, Dave Howorth ha
scritto:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
It does no lie maybe? By the principle of data parsimony, why would you give information that shall be available to the owner of the system but is of not use but tracking to the outside site? If it is sufficient for a correct service to know the general version and not the sub-revision, then this behavior would be perfectly sensible, also from a security point of view. If I do not know a revision, i have trouble to attack a precise revision. Besides, AFAIK you can even force a browser to give an arbitrary indication to web servers to heighten privacy and to make tracking harder. So that would not be a lie. But I am just guessing.
Thanks, that's a very reasonable explanation. I wonder if it's correct? Why don't you check out with your browser the following amusing and also educating page:
https://ip-check.info/?foundHTTPS=true Click on start test and compare the results. You may try to tweak your browser with the tips they give. It gives you insight about what your browser leaks. Another is this one: https://panopticlick.eff.org/ about tracking. _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, 19 Dec 2018 23:53:04 +0100 stakanov <stakanov@eclipso.eu> wrote:
In data mercoledì 19 dicembre 2018 22:12:21 CET, Dave Howorth ha scritto:
On Wed, 19 Dec 2018 21:33:21 +0100
stakanov <stakanov@eclipso.eu> wrote:
In data mercoledì 19 dicembre 2018 21:16:19 CET, Dave Howorth ha
scritto:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
It does no lie maybe? By the principle of data parsimony, why would you give information that shall be available to the owner of the system but is of not use but tracking to the outside site? If it is sufficient for a correct service to know the general version and not the sub-revision, then this behavior would be perfectly sensible, also from a security point of view. If I do not know a revision, i have trouble to attack a precise revision. Besides, AFAIK you can even force a browser to give an arbitrary indication to web servers to heighten privacy and to make tracking harder. So that would not be a lie. But I am just guessing.
Thanks, that's a very reasonable explanation. I wonder if it's correct? Why don't you check out with your browser the following amusing and also educating page:
https://ip-check.info/?foundHTTPS=true Click on start test and compare the results. You may try to tweak your browser with the tips they give.
Excellent. I haven't seen either of those tests before, so thanks very much :) The JonDonym one seems a bit confused, though helpfully detailed. It says 'WARNING: You are supposed to surf with your own or an inadequately protected IP address. You are observable.' which is a bit strange English so I'm not entirely sure what it's trying to say. But I think it means the world and its dog can see who I am. But then above they give completely the wrong location for me and the IP address is a dynamic one from my ISP so isn't tied to me either. The worst things are that my ISP can track me, but I trust them in so far as I trust anybody, and that my browser advertises that I run Linux, but if we don't then people won't build their websites etc to cater for us. Otherwise I would run UserAgentSwitcher.
It gives you insight about what your browser leaks. Another is this one: https://panopticlick.eff.org/ about tracking.
And Panopticlick seems reasonably happy with me. Good! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data giovedì 20 dicembre 2018 04:16:35 CET, Dave Howorth ha scritto:
On Wed, 19 Dec 2018 23:53:04 +0100
stakanov <stakanov@eclipso.eu> wrote:
In data mercoledì 19 dicembre 2018 22:12:21 CET, Dave Howorth ha
scritto:
On Wed, 19 Dec 2018 21:33:21 +0100
stakanov <stakanov@eclipso.eu> wrote:
In data mercoledì 19 dicembre 2018 21:16:19 CET, Dave Howorth ha
scritto:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
It does no lie maybe? By the principle of data parsimony, why would you give information that shall be available to the owner of the system but is of not use but tracking to the outside site? If it is sufficient for a correct service to know the general version and not the sub-revision, then this behavior would be perfectly sensible, also from a security point of view. If I do not know a revision, i have trouble to attack a precise revision. Besides, AFAIK you can even force a browser to give an arbitrary indication to web servers to heighten privacy and to make tracking harder. So that would not be a lie. But I am just guessing.
Thanks, that's a very reasonable explanation. I wonder if it's correct?
Why don't you check out with your browser the following amusing and also educating page:
https://ip-check.info/?foundHTTPS=true Click on start test and compare the results. You may try to tweak your browser with the tips they give.
Excellent. I haven't seen either of those tests before, so thanks very much :)
The JonDonym one seems a bit confused, though helpfully detailed. It says 'WARNING: You are supposed to surf with your own or an inadequately protected IP address. You are observable.' which is a bit strange English so I'm not entirely sure what it's trying to say. But I think it means the world and its dog can see who I am. But then above they give completely the wrong location for me and the IP address is a dynamic one from my ISP so isn't tied to me either.
The worst things are that my ISP can track me, but I trust them in so far as I trust anybody, and that my browser advertises that I run Linux, but if we don't then people won't build their websites etc to cater for us. Otherwise I would run UserAgentSwitcher.
It gives you insight about what your browser leaks. Another is this one: https://panopticlick.eff.org/ about tracking.
And Panopticlick seems reasonably happy with me. Good! Yes, there is a commercial interest as Jondonym is a java based service enhancing anonymity on payment. It is similar to a vpn. As long as you do not feel you want to hide your ip address for privacy reasons, the proposed websites are just good to check whether you settings are adequate for what is the purpose of parsimony.
If you use firefox you may be interested in: disconnect me privacy badger https everywhere ublock origin and cookie auto delete. YMMV, but these are quite effective enhancers against commercial tracking. Glad you liked it. Have fun! _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/12/2018 14.42, stakanov wrote:
Yes, there is a commercial interest as Jondonym is a java based service enhancing anonymity on payment. It is similar to a vpn.
A person I know was sweet-talked into purchasing "vpn protection" by an antivirus company (they were antivirus client, in Windows; I don't remember the name, a major brand). But they had no idea on how to install or use it, so they asked me to do it for them. Instead I told them to drop the payments in the future, because they are not really that keen on privacy and it is an unneeded complication and a expense. If they were, I would have installed Tor for them instead. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On 20/12/2018 16:11, Carlos E. R. wrote:
On 20/12/2018 14.42, stakanov wrote:
Yes, there is a commercial interest as Jondonym is a java based service enhancing anonymity on payment. It is similar to a vpn. A person I know was sweet-talked into purchasing "vpn protection" by an antivirus company (they were antivirus client, in Windows; I don't remember the name, a major brand). But they had no idea on how to install or use it, so they asked me to do it for them.
Instead I told them to drop the payments in the future, because they are not really that keen on privacy and it is an unneeded complication and a expense. If they were, I would have installed Tor for them instead.
- Or, still simpler : "Tails" on a thumb-drive <https://tails.boum.org/> ..... rgds -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/12/2018 16.47, ellanios82 wrote:
On 20/12/2018 16:11, Carlos E. R. wrote:
On 20/12/2018 14.42, stakanov wrote:
Yes, there is a commercial interest as Jondonym is a java based service enhancing anonymity on payment. It is similar to a vpn. A person I know was sweet-talked into purchasing "vpn protection" by an antivirus company (they were antivirus client, in Windows; I don't remember the name, a major brand). But they had no idea on how to install or use it, so they asked me to do it for them.
Instead I told them to drop the payments in the future, because they are not really that keen on privacy and it is an unneeded complication and a expense. If they were, I would have installed Tor for them instead.
- Or, still simpler : "Tails" on a thumb-drive
This person is not computer literate, needs hand holding on any change or task, such as copying photos to a stick. many people like that. So, no such thing as Thumb OS. That antivirus company has some cheek selling VPNs to the old public. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On 19/12/2018 23.53, stakanov wrote:
In data mercoledì 19 dicembre 2018 22:12:21 CET, Dave Howorth ha scritto:
Thanks, that's a very reasonable explanation. I wonder if it's correct? Why don't you check out with your browser the following amusing and also educating page:
https://ip-check.info/?foundHTTPS=true Click on start test and compare the results. You may try to tweak your browser with the tips they give.
It gives you insight about what your browser leaks.
Interesting, but they have a commercial interest. They say, for instance, that my User-Agent string should say Windows something (I can not copy paste the floating text), and mark it in Red as "bad". No chance of me doing that.
Another is this one: https://panopticlick.eff.org/ about tracking.
They also have a commercial interest into scaring me. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On 12/19/2018 02:16 PM, Dave Howorth wrote:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
It's not so much a lie, but a general reference to supported features -- but, it is also something you can use to your advantage: https://wiki.archlinux.org/index.php/Firefox/Privacy#Change_user_agent_and_p... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data giovedì 20 dicembre 2018 00:03:31 CET, David C. Rankin ha scritto:
On 12/19/2018 02:16 PM, Dave Howorth wrote:
I've just noticed that when Firefox on my Leap 15.0 system, which currently says it is 60.3.0esr (64-bit) in the Help/About, tells web servers that it requests pages from that it is
"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"
Why does it lie about its version number?
It's not so much a lie, but a general reference to supported features -- but, it is also something you can use to your advantage:
https://wiki.archlinux.org/index.php/Firefox/Privacy#Change_user_agent_and_p latform Thank you David, this is a VERY useful link. Arch Linux does quite some interesting documentation / WIKI.
_________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Aaron Digulla -
Carlos E. R. -
Dave Howorth -
David C. Rankin -
ellanios82 -
stakanov