Vivaldi To Change User-Agent String To Chrome Due To Unfair Blocking

Because some internet websites unfairly block browsers from accessing their services, starting with Vivaldi 2.10, released today, the Vivaldi browser plans to disguise itself as Chrome to allow users to access websites that unfairly block them. From a report: Vivaldi will do this by modifying its default user-agent (UA) string to the UA string used by Chrome. A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA String contains data about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows looks like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0. UA strings have been in use since the 90s. For decades, websites have used UA agent strings to fine-tune performance and features or block outdated browsers. However, many website owners these days use UA strings to block users from accessing their sites. Some do it because they're not willing to deal with browser-specific bugs, some do it because of pettiness, while big tech companies like Google and Microsoft have done it (and continue to do it) to sabotage competitors on the browser market.

Malware sometimes checks user-agent

[Mike Van Pelt]

I've occasionally run into malware links in spam that check the user-agent in order to hide their malware from anything that looks like it might not be a potential victim. Some of them have fingerprinted more than just the user-agent string; some check other http headers, like http_accept, and return 404 or something innocuous if they detect anything inconsistent with "idiot on the keyboard clicking anything".

Re:

[omnichad]

Malware also checks the user agent so that their search engine results stay looking legitimate for as long as possible. Well, that and making their fake Windows/Mac dialog boxes look real by adjusting for each user agent.

Re:

[DracusMage]

You mean the Democrat who created concentration camps for US citizens who happened to have Japanese ancestry?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mike Van Pelt]

Yeah...

Part of the blame goes to the "news" media that was all-in for Hillary. They actively worked to get the GOP to nominate the only candidate that Hillary could beat. (It obviously didn't work out that way; she couldn't even beat Trump.) They dumbed the GOP debates down to an insult-fest, playing to Trump's strengths, such as they are. NBC News sat on that "Grab the cat" video all through the primaries, when it might have done some good (I'm sure all the time saying "Please let it be Trump. Pleas

Re:

[AK Marc]

I miss the old days. I used to have a plug-in in Opera decades ago when they were the best browser (first to tabs, among other things), that randomized my user string to eliminate tracking. Given the abuse of cookies and other things, I've given up and just let everyone track my uninteresting habits.

Re:Malware sometimes checks user-agent

[NateFromMich]

Opera decades ago when they were the best browser

You have a very imaginative memory.

Re:

[toddestan]

The adware version was the free version, and you could buy Opera in which case you no longer had ads.

Of course, by then people were used to browsers being free, so instead of Opera everyone flocked over to Internet Explorer during those dark years. So while Opera really was the best browser except for the whole ads/cost thing, almost no one used it because they didn't want the ads and didn't want to pay for it either.

Re:

[samwichse]

Opera 5 was 19 years ago... Not quite two decades, but close. I used it from v5 to v12.5 and found it to be the some of the best software I used. I actually bought a copy! Crazy.

Vivaldi To Change User-Agent String To Chrome Due

[wersdfrd]

UC browser is very good, you can get anything you want in this browser, I think in the future it's the new chrome. Beside UC browser, the 9apps is a powerful Android App. They belongs to same company. The app size of 9APPS is relatively smaller compared with the app size of other Android app store, but with same function. Special technology is used of 9apps to break the low internet speed wall, which means even though you are at low internet speed environment, you can also download any apps you want. https: [9apps.com]

F Off

[bloodhawk]

There is never any excuse to block a browser based on vendor/age/bias/perceived safety etc etc. It is not the business of a website what you use on your computer beyond them using identifying information to try and make there site more compatible with you (if they wish). If I want to browser your website with a command line interface that isn't your problem. I modify my user agents in various browsers all the time, sometimes to get around this bullshit, other times because it simply isn't their right to know what I am using and 99.99% of the time they don't need to know. Any site that makes statements they will block Browser X or Y because of political/technical/or whatever wanky reason I simply quit using them.

But that's the problem.

[Brain-Fu]

The servers-of-content feel completely justified in blocking based on what browser is being used, for (essentially) the reasons you gave.
And, therefore, browser manufacturers feel completely justified in straight-up lying in their user agent strings.
Therefore, user agent strings are quite useless, and the noble endeavor of adjusting content to be more compatible based on the user agent string is ruined.

This is why we can't have nice things.

Re:

[maralatho]

Prepare for the warm feeling of Sir Tim Berners-Lee's urine upon your back.

Re:

[Dunbal]

But then again a what is the point of a website that doesn't actually want to share a web page? There are other ways to connect two computers together that don't involve port 80/8080...

any more than you can wander around and look in other people's windows without restriction.

Unless there's a huge sign with neon lights saying "Hey guys! Come here! Look in this window!" and then a douchebag comes out and says "no, everyone else can look but not you".

Re:

[Xenx]

Except your analogy is wrong. This would be like someone putting a sign out that says "Come look in my window, unless you have a red shirt on" and then everyone mentioned the sign that says to look in the guys window. So, people with a red shirt go to look and get turned away.

As much as I don't like it, people should have the right to determine who they wish to allow to access their site.

Re:F Off

[Invidious]

It may be one thing if it's Joe's Blog or something, but it's another when it's, say, a major bank and you're trying to access your account through a *nix box to do something urgent, but the bank only allows windows useragent strings because, according to them, linux is apparently an insecure platform.

In this case, it was more like "You can only come in to the teller if you're not wearing a red shirt. Oh, and no shirt, no shoes, no service. Oh, you have to set up a bill payment in the next twenty minutes so you don't get a late fee? Well, there're clothes stores around. Go buy another shirt."

Re:

[drew_kime]

It may be one thing if it's Joe's Blog or something, but it's another when it's, say, a major bank and you're trying to access your account through a *nix box to do something urgent, but the bank only allows windows useragent strings because, according to them, linux is apparently an insecure platform.

I know I'm late to the party, but any site blocking a browser because it's insecure is admitting they don't know how to secure a server.

If your security depends on me not doing certain things, You're Doing It Wrong.

Re:

[Retired ICS]

That is what he said you numb nut cocksucker. You really should learn to read.

Re:F Off

[Invidious]

Get fucked.

My bank blocks anything but mozilla/chrome windows useragent strings. I was temporarily without a computer due to travel and my phone breaking, and only could use a friend's *nix box. It literally wouldn't let me log on, because it "wasn't secure".

I expect my fucking bank's website to operate with any modern web browser, and, yes, I -am- owed fucking access because that's part of the services they provide as part of having an account.

Re: F Off

[nullchar]

Gotta get a new bank then. Try a credit union, they suck a bit less.

Re:

[ArchieBunker]

Credit unions are awesome. I joined one to get a personal loan to buy a car. They called me back right away and gave me their lowest interest rate. A week later my bank send me a letter saying I am approved for a loan but with a higher interest rate. The bank I've been dealing with for 20 fucking years!

Re:

[Gavagai80]

You literally trust your life's savings to a company you know is utterly incompetent and clueless about security? Wow.

Re:

[Invidious]

What can I say, I don't have much to lose. The vast majority of my savings aren't liquid. :)

Re:

[weilawei]

Can't we all just be entitled pricks together and like sing Kumbaya or something?

Why does it have to be limited to any particular age group?

Re:

[bloodhawk]

I may have no right to choose whether they serve me or not, but I fucking damn well do have a right for them to not be able to choose what I use on my machine or to be discriminated against simply because I don't match their arsehole view of the world. Millennial wankers like you are what make the web so bad. Standards exist for a reason, you can test for functionality, there is absolutely zero reason to discriminate against based on your choose of browser or in this case user agent string.

Re:

[Anonymous Coward]

yeah what a bastard. How dare he say he has any right whatsoever about his own viewing platform. Next he will be telling us movie studios don't have a right to dictate what TV brand you use at home or what car you are allowed to drive in each city. What a self entitled prick.

Re:

[in10se]

I don't know why any web site would want to block a legitimate browser from their site, but there are obvious reasons why a web site would block based on a user-agent string. There's malformed strings that are clearly bots or script kiddies. There's crawlers that disobey robots.txt. There's requests from "browsers" that haven't existed since the 90's that are performing vulnerability scans. The list goes on and on.

Blacklists are a never ending game of catch-up, but they stop the dumb and obvious bad actors.

Re:

[geek]

I don't know why any web site would want to block a legitimate browser from their site

Because they dont know its legitimate. They design their sites very specifically to work with certain browsers and their standards. If they don't recognize your user agent string they can block it so it doesn't render in such a way as to make them look bad and give you a link to download a browser they know works with it.

If browser makers would all follow standards this would be less of an issue. Instead Chrome has become the standard so everyone just uses it as a baseline.

Re:F Off

[Dunbal]

If only there were some sort of standard that all browsers complied with...

Re: F Off

[NagrothAgain]

The issue is often less about standards and more about differing implementations which all technically adhere to the standards but yield drastically different results. Then of course there are problems with known bugs or other quirks. When used properly the agent string allows a site to serve content in the best way possible for the consumer. Unfortunately it also allows site operators to be dicks.

Re:

[Bert64]

So long as you stick with tried and tested features and don't try to use any bleeding edge or proprietary stuff this usually isn't a problem... There are millions of sites out there which render the same on all current browsers without any problem, as well as old versions going back several years.

Re:

[Dunbal]

adhere to the standards but yield drastically different results

Yes, it's almost as if there's no standard interpretation of the word standard...

Re:

[Dunbal]

Ooops meant to respond to parent. My bad.

Re:F Off

[Retired ICS]

"They design their sites very specifically to work with certain browsers"

Therein is the root cause. Anyone who does that can go fuck themselves up the ass. I will not be partaking of their website.

Re:F Off

[jrumney]

This has been going on since 1993, when some smart-ass thought it would be a good idea to serve different HTML depending on browser capabilities. As browsers evolved, they had to fake their user agent to get the latest features like <blink> tags served to them.

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Re:

[AK Marc]

If you allow them to connect, then it doesn't work right, then they complain. If you don't allow them to connect, then they can't open a ticket that it doesn't work right.

ActiveX

[pdxtabs]

That depends how much ActiveX is on your site.

I don't see any downside here.

[Fritzed]

If you are a decent web developers, you probably already treat user agent strings as deprecated/obsolete. Feature testing is almost always a better way to go and won't block users unnecessarily.

Personally, changing the user agent string to match chrome is one of the first changes I make in any Firefox installation. It's the only way to avoid getting less-functional pages from every Google property.

Re:

[enigma32]

No, this is insane. It is an abuse of what the feature was designed for originally. (Not blaming Vivaldi here.)

The solution is for idiot web developers to not outright block browsers based on user agent string. Sadly, since there are so many terrible web developers out there (and perhaps also some product managers that would force such nonsense), browser developers are forced to do things like this. This ultimately hurts all of us because it makes it impossible to detect a particular browser and actually ha

Re:

[NateFromMich]

The solution is for idiot web developers to not outright block browsers based on user agent string.

Well you can't expect idiots to provide you with the solution.
This is a necessary fix for broken websites.

Re:I don't see any downside here.

[KiloByte]

A similar case: the TERM env variable.

In the past, every terminal used its own incompatible control strings. If you wanted to be portable, you had to include a database of popular terminals; usually nasty hacked and copied from program to program -- until termcap came around (later replaced with terminfo), which was a system-provided library. All was good: terminal vendors distributed their termcap entries, insisted on upstreaming them into operating systems -- the problem stayed but the workaround worked.

Then came vt100. Besides being a revolutionary terminal for other reasons, it was also designed to have extendable constrol strings that degrade gracefully. For example: newer versions had color, but if you send the code, vt100 or vt220 would silently ignore it, rendering proper monochrome text instead of a jumble of controls. It swept the market, and soon all terminals were vt100 compatible.

But this meant the pressure to include termcap entries was no more. The user could just set TERM to a similar device, with okay results. And thus, terminal makers (now mostly done in software), had to falsify their User-Agent^WTERM strings.

Even today, you see libvte-based {gnome-,xfce-,lxde-}terminal, terminator, etc -- all identify themselves as "xterm" (or "xterm-256color") despite being greatly different from xterm, so does QT stuff, etc. And eterm, terminology, putty. Or even modern Windows console.

All because operating systems would take many years to include any new TERM strings. Heck, TERM=linux got popular in 1993 and Solaris still doesn't carry its definition.

Re:

[Bert64]

The TERM variable should be handled more like the accept-language header on websites, that is you have a list of supported types ordered by preference. Any software reading it should go down the list until it finds a compatible one.
Unfortunately this would need a big change which would take even longer to implement than a new terminal type.

Re: I don't see any downside here.

[nullchar]

Yes! We should all design new systems to accept a range of values that eventually include unknown/new entries and old/unsupported entries, with everything in between.

Single values are weak in any system with longevity.

Re:

[dshk]

Feature testing is almost always a better way to go

We are using a huge amount of javascript, and working around browser bugs is a regular activity. About every third minor update of a browser has a new bug/regression which affects us. In these cases only the user agent string helps. A fix for a few Chrome versions for example breaks both older and newer Chrome versions, and maybe the same regression come back a year later. However, I also understand Vivaldi developers. It is a shame of web developers, especially of popular web sites, if they abuse the user

Re:I don't see any downside here.

[Brain-Fu]

In my opinion it is far too popular to make excessive overuse of javascript. It makes web pages much bigger than they need to be with longer load times and excessive bugs, all for some fancy feature set that is simply not needed.

There might be a teeny tiny percentage of web sites that have a supremely high load and some very special needs to meet. But 95% of the sites that imagine themselves to be in this category are not, and they are going hog-wild with bloaty, buggy, overkill-y javascript frameworks that serve to gum things up and ruin the web.

Simplicity is beauty. Proper use of the basics can meet 99% of needs. But no....every one of us thinks we are special.

We're not.

Re:

[rogoshen1]

I don't think it's due to devs thinking they are special. Rather it's because they are lazy, and it's much easier to just snag 35 different packages via NPM than it is to use plain old JS. (There's a trendy aspect to it as well)

Re:

[NateFromMich]

I don't think it's due to devs thinking they are special. Rather it's because they are lazy, and it's much easier to just snag 35 different packages via NPM than it is to use plain old JS. (There's a trendy aspect to it as well)

The bloated web is largely due to morons thinking they are devs because they installed a framework/cms and a bunch of crap plugins that sounded cool or claimed to make them more money.

Re:

[dshk]

It does not matter why we or anybody else have to use JavaScript a lot. You can bet by the way, that after these experiences this is the last language/environment we would chose voluntarily. My point is that if we have this experience, than there are a hundred thousand web site who uses only one tenth of javascript but meet the same version dependent bugs. By the way, browsers have bugs not only in javascript but in css too.

Re:

[Retired ICS]

If you use a huge amount of JavaScript (or any at all) I will not go to your website.

Re:

[BranMan]

"We are using a huge amount of javascript..."

I think I've found your problem.

Just ignore UA

[jawtheshark]

Really, no site should block any UA. Hell, UAs simply shouldn't be sent to servers any more. They serve absolutely no purpose except this kind of stupid blocking.

RFC 7231 quote

[davidwr]

RFC 7231, "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content" (2004) is listed as a "PROPOSED STANDARD". Section 5.5.3 says

... implementations are encouraged not to use the product
tokens of other implementations in order to declare compatibility
with them, as this circumvents the purpose of the field. If a user
agent masquerades as a different user agent, recipients can assume
that the user intentionally desires to see responses tailored for
that identified user agent, even if they might not work as well for
the actual user agent being used.

Re:

[mrbester]

Which is the only use I have for them: IE 11 (yeah, I know) being crap means I provide polyfills for it from the server without having to have another round trip. But I don't want to send that file to other browsers that don't need it as that wastes bandwidth and penalises users not running outdated software.

The original Opera had to do this too

[Translation Error]

Back when Opera was an innovative browser developed by many of the people now at Vivaldi, it had the ability to identify as one of the bigger browsers on a site by site basis. When it didn't, far too many sites either blocked it or disabled 'advanced features'. At one point, Opera even released a Bork edition [opera.com] that displayed MSN as if it were written by the Swedish Chef to highlight the fact that the site intentionally rendered improperly in the standard Opera browser.

I guess the more things change...

They will come after Firefox soon enough

[xack]

In fact the only reason Google hasn’t murdered Mozilla yet is because they know what happened to Microsoft. The only other counterweight is Apple but Webkit is genetically related to blink so doesn’t help diversity. With EdgeHTML out of the game Blink/Webkit has the same market share is higher than IE in 2003 and compatibility is even worse as it’s not enough to just use that engine you have to lie about your user agent.

I predict within 5 years a Chrome only web will be a reality and Go

Re: They will come after Firefox soon enough

[nullchar]

I have had the sane concern for many years now. Future is not bright for a true standards-based web. Chrome / blink is the new Internet Explorer.

Re:

[OneoFamillion]

Same. And browser functionality as well as the number of web standards has skyrocketed, which means that once Firefox is extinquished, truly new competition is very unlikely to pop up. Especially one whose funding is not based on pure evil, it's hard to compete with a monopoly that gives away its product for free.

Do both?

[backslashdot]

Make one request with the Chrome agent string and another with the correct UA string? It will work great for one-click purchases I am sure. OK, or retrieve static pages such as images with Vivaldi in the agent string?

Why isn't there a unified user string to mask ours

[Dirk Becher]

elves? Like a server that every Firefox user can connect to and it will automatically provide a user agent string that every Firefox user can switch to if they want privacy? And maybe some more stuff like plugin configuration etc. bam, no more browser fingerprinting!

Sure I can switch my agent from time to time but if I switch to unique configurations I can still be tracked. What I want is a function that makes my browser look like everyone elses to the outside.

See your UA here ...

[CaptainDork]

... at http://useragentstring.com/ [useragentstring.com]

Re:

[NateFromMich]

https://duckduckgo.com/?t=ffab... [duckduckgo.com]

Re:

[CaptainDork]

https://duckduckgo.com/?t=ffab... [duckduckgo.com]

Much better. Thanks.

breaking news!

[znrt]

a new browser just implemented ua spoofing, which has been present in most browsers for decades! yay!

Re:

[jarkus4]

The news is not that they allow for UA spoofing (which they did for ages), but that they switch it to turned on by default, essentially giving up their own unique UA.

Microsoft is falling down on the job

[drew_kime]

I don't think this has anything to do with browser strings, but lately I've found Microsoft's own sites work better in Chrome than in IE. I've heard Edge works, too, but I like keeping IE as the default. It makes me chuckle every time it locks up and I have to switch to Chrome.

Who are âoetheyâ?

[nuckfuts]

Iâ(TM)ve been using Vivaldi as my primary browser for a couple of years now. I donâ(TM)t think Iâ(TM)ve ever been blocked by any website because of my browser.

Re:

[hawk]

judging by the characters in your title and body, though, /. *should* have blocked you . . .

(or are you doing it on purpose?

hawk

Re:

[nuckfuts]

LOL.

That was posted from my phone, running Safari. What a mess!

Re:

[hawk]

wow. And it posts characters that safari Mac can't handle after going through the darkness that is the slash code . . .

Missing first sentence

[cthulhu11]

an obscure browser called Vivaldi exists.