Should we band together in solidarity for a common UA?
7 votes vaeringjar — 7 votes, 7 commentsSource

In response to redrose and after fiddling with my own browser after trying out https://panopticlick.eff.org, I feel like we should take this further. Regardless of whatever Mozilla wants to do, should the rest of us free software and privacy users (whether Icecat or Tor or else similar), should we come together for a declaration/specification of a common UA? Tor traditionally uses a Mozilla on a Windows type system, but should we do this and identify as Windows also as free software users? And should we even represent Mozilla at all? Or should we have some kind of rotating UA browser plugin? How do you handle your own UA settings?

I’m kinda intigued with this idea. One of the things I can’t stand is when a webmaster causes a website to break by saying that my browser isn’t compatible, when it works fine. This is proven by changing one’s User Agent and having the website magically work. The majority of “your browser is not compatible with this website.” are bull crap.

I did some digging and found this one, RUA.

I wonder what UA archive.org uses…

Looks cool. It’s good to see they support mozilla-based rather than just the Google Surveillance Browser.

archive.org_bot. The string is something like this Mozilla/5.0 (compatible; archive.org_bot; Wayback Machine Live Record; +http://archive.org/details/archive.org_bot).

Ah cool thanks!

Since I use iridium I actually use the most used UA from this site: https://techblog.willshouse.com/2012/01/03/most-common-user-agents/

This actually sometimes fixes websites for me, sometimes with a normal Linux UA sites won’t play videos because they think I don’t have codecs..

I use some firefox extensions that changes my UA. There are a few problems though:

  • as others here have said, some websites will not work properly because they make assumptions based on your UA. For example, I used to use a blank UA, literally a blank string, and some websites even thought I was a bot
  • the browser tends to send a lot more personal information than the UA alone. Tor for example even suggests using its default window size (ie. do not maximize your window) in order to reduce fingerprinting. It really annoys me that in 2019 we users still don’t have browsers that disable sharing of sensible information by default
  • with all the adblocks and security extensions that I’ve installed, my panopticlick’s fingerprint score is “your browser has a unique fingerprint”. So basically I’m blocking ads, but they can still track me because I have a unique fingerprint compared to other browsers

So if the choice is either sharing private info or not being able to use the web, what I would do is send random information, basically meaningless garbage. For the UA this would mean changing it on every request, sometimes send “Windows” and sometimes “Linux”, sometimes send “Edge” and sometimes “Firefox”. Still, I have a feeling they will still be able to make a unique fingerprint using javascript, for example checking if some javascript functions are defined in your browser or not.

should we come together for a declaration/specification of a common UA?

this definitely intrigues me, but what would it look like? And would it have any benefit for privacy, more than using a random string? Maybe the declaration/specification can indeed be about how to use a random UA? :)