Vivaldi To Change User-Agent String To Chrome Due To Unfair Blocking (zdnet.com) 88
Because some internet websites unfairly block browsers from accessing their services, starting with Vivaldi 2.10, released today, the Vivaldi browser plans to disguise itself as Chrome to allow users to access websites that unfairly block them. From a report: Vivaldi will do this by modifying its default user-agent (UA) string to the UA string used by Chrome. A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA String contains data about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows looks like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0. UA strings have been in use since the 90s. For decades, websites have used UA agent strings to fine-tune performance and features or block outdated browsers. However, many website owners these days use UA strings to block users from accessing their sites. Some do it because they're not willing to deal with browser-specific bugs, some do it because of pettiness, while big tech companies like Google and Microsoft have done it (and continue to do it) to sabotage competitors on the browser market.
Malware sometimes checks user-agent (Score:4, Interesting)
I've occasionally run into malware links in spam that check the user-agent in order to hide their malware from anything that looks like it might not be a potential victim. Some of them have fingerprinted more than just the user-agent string; some check other http headers, like http_accept, and return 404 or something innocuous if they detect anything inconsistent with "idiot on the keyboard clicking anything".
Re: (Score:2)
Malware also checks the user agent so that their search engine results stay looking legitimate for as long as possible. Well, that and making their fake Windows/Mac dialog boxes look real by adjusting for each user agent.
Re: (Score:1)
You mean the Democrat who created concentration camps for US citizens who happened to have Japanese ancestry?
Re: (Score:2)
Re: (Score:2)
Yeah...
Part of the blame goes to the "news" media that was all-in for Hillary. They actively worked to get the GOP to nominate the only candidate that Hillary could beat. (It obviously didn't work out that way; she couldn't even beat Trump.) They dumbed the GOP debates down to an insult-fest, playing to Trump's strengths, such as they are. NBC News sat on that "Grab the cat" video all through the primaries, when it might have done some good (I'm sure all the time saying "Please let it be Trump. Pleas
Re: (Score:3)
Re:Malware sometimes checks user-agent (Score:4, Funny)
Opera decades ago when they were the best browser
You have a very imaginative memory.
Re: (Score:2)
The adware version was the free version, and you could buy Opera in which case you no longer had ads.
Of course, by then people were used to browsers being free, so instead of Opera everyone flocked over to Internet Explorer during those dark years. So while Opera really was the best browser except for the whole ads/cost thing, almost no one used it because they didn't want the ads and didn't want to pay for it either.
Re: (Score:2)
Opera 5 was 19 years ago... Not quite two decades, but close. I used it from v5 to v12.5 and found it to be the some of the best software I used. I actually bought a copy! Crazy.
Vivaldi To Change User-Agent String To Chrome Due (Score:1)
F Off (Score:5, Insightful)
But that's the problem. (Score:5, Insightful)
The servers-of-content feel completely justified in blocking based on what browser is being used, for (essentially) the reasons you gave.
And, therefore, browser manufacturers feel completely justified in straight-up lying in their user agent strings.
Therefore, user agent strings are quite useless, and the noble endeavor of adjusting content to be more compatible based on the user agent string is ruined.
This is why we can't have nice things.
Re: (Score:1)
Re: (Score:2)
any more than you can wander around and look in other people's windows without restriction.
Unless there's a huge sign with neon lights saying "Hey guys! Come here! Look in this window!" and then a douchebag comes out and says "no, everyone else can look but not you".
Re: (Score:3)
As much as I don't like it, people should have the right to determine who they wish to allow to access their site.
Re:F Off (Score:5, Interesting)
It may be one thing if it's Joe's Blog or something, but it's another when it's, say, a major bank and you're trying to access your account through a *nix box to do something urgent, but the bank only allows windows useragent strings because, according to them, linux is apparently an insecure platform.
In this case, it was more like "You can only come in to the teller if you're not wearing a red shirt. Oh, and no shirt, no shoes, no service. Oh, you have to set up a bill payment in the next twenty minutes so you don't get a late fee? Well, there're clothes stores around. Go buy another shirt."
Re: (Score:2)
It may be one thing if it's Joe's Blog or something, but it's another when it's, say, a major bank and you're trying to access your account through a *nix box to do something urgent, but the bank only allows windows useragent strings because, according to them, linux is apparently an insecure platform.
I know I'm late to the party, but any site blocking a browser because it's insecure is admitting they don't know how to secure a server.
If your security depends on me not doing certain things, You're Doing It Wrong.
Re: (Score:1)
That is what he said you numb nut cocksucker. You really should learn to read.
Re:F Off (Score:5, Insightful)
Get fucked.
My bank blocks anything but mozilla/chrome windows useragent strings. I was temporarily without a computer due to travel and my phone breaking, and only could use a friend's *nix box. It literally wouldn't let me log on, because it "wasn't secure".
I expect my fucking bank's website to operate with any modern web browser, and, yes, I -am- owed fucking access because that's part of the services they provide as part of having an account.
Re: F Off (Score:1)
Gotta get a new bank then. Try a credit union, they suck a bit less.
Re: (Score:2)
Credit unions are awesome. I joined one to get a personal loan to buy a car. They called me back right away and gave me their lowest interest rate. A week later my bank send me a letter saying I am approved for a loan but with a higher interest rate. The bank I've been dealing with for 20 fucking years!
Re: (Score:2)
You literally trust your life's savings to a company you know is utterly incompetent and clueless about security? Wow.
Re: (Score:2)
What can I say, I don't have much to lose. The vast majority of my savings aren't liquid. :)
Re: (Score:2)
Can't we all just be entitled pricks together and like sing Kumbaya or something?
Why does it have to be limited to any particular age group?
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
I don't know why any web site would want to block a legitimate browser from their site, but there are obvious reasons why a web site would block based on a user-agent string. There's malformed strings that are clearly bots or script kiddies. There's crawlers that disobey robots.txt. There's requests from "browsers" that haven't existed since the 90's that are performing vulnerability scans. The list goes on and on.
Blacklists are a never ending game of catch-up, but they stop the dumb and obvious bad actors.
Re: (Score:2)
I don't know why any web site would want to block a legitimate browser from their site
Because they dont know its legitimate. They design their sites very specifically to work with certain browsers and their standards. If they don't recognize your user agent string they can block it so it doesn't render in such a way as to make them look bad and give you a link to download a browser they know works with it.
If browser makers would all follow standards this would be less of an issue. Instead Chrome has become the standard so everyone just uses it as a baseline.
Re:F Off (Score:5, Insightful)
Re: F Off (Score:2)
Re: (Score:3)
So long as you stick with tried and tested features and don't try to use any bleeding edge or proprietary stuff this usually isn't a problem... There are millions of sites out there which render the same on all current browsers without any problem, as well as old versions going back several years.
Re: (Score:2)
adhere to the standards but yield drastically different results
Yes, it's almost as if there's no standard interpretation of the word standard...
Re: (Score:2)
Re:F Off (Score:5, Insightful)
"They design their sites very specifically to work with certain browsers"
Therein is the root cause. Anyone who does that can go fuck themselves up the ass. I will not be partaking of their website.
Re:F Off (Score:5, Funny)
This has been going on since 1993, when some smart-ass thought it would be a good idea to serve different HTML depending on browser capabilities. As browsers evolved, they had to fake their user agent to get the latest features like <blink> tags served to them.
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Re: (Score:3)
ActiveX (Score:1)
I don't see any downside here. (Score:5, Insightful)
If you are a decent web developers, you probably already treat user agent strings as deprecated/obsolete. Feature testing is almost always a better way to go and won't block users unnecessarily.
Personally, changing the user agent string to match chrome is one of the first changes I make in any Firefox installation. It's the only way to avoid getting less-functional pages from every Google property.
Re: (Score:2)
No, this is insane. It is an abuse of what the feature was designed for originally. (Not blaming Vivaldi here.)
The solution is for idiot web developers to not outright block browsers based on user agent string. Sadly, since there are so many terrible web developers out there (and perhaps also some product managers that would force such nonsense), browser developers are forced to do things like this. This ultimately hurts all of us because it makes it impossible to detect a particular browser and actually ha
Re: (Score:3)
The solution is for idiot web developers to not outright block browsers based on user agent string.
Well you can't expect idiots to provide you with the solution.
This is a necessary fix for broken websites.
Re:I don't see any downside here. (Score:5, Interesting)
A similar case: the TERM env variable.
In the past, every terminal used its own incompatible control strings. If you wanted to be portable, you had to include a database of popular terminals; usually nasty hacked and copied from program to program -- until termcap came around (later replaced with terminfo), which was a system-provided library. All was good: terminal vendors distributed their termcap entries, insisted on upstreaming them into operating systems -- the problem stayed but the workaround worked.
Then came vt100. Besides being a revolutionary terminal for other reasons, it was also designed to have extendable constrol strings that degrade gracefully. For example: newer versions had color, but if you send the code, vt100 or vt220 would silently ignore it, rendering proper monochrome text instead of a jumble of controls. It swept the market, and soon all terminals were vt100 compatible.
But this meant the pressure to include termcap entries was no more. The user could just set TERM to a similar device, with okay results. And thus, terminal makers (now mostly done in software), had to falsify their User-Agent^WTERM strings.
Even today, you see libvte-based {gnome-,xfce-,lxde-}terminal, terminator, etc -- all identify themselves as "xterm" (or "xterm-256color") despite being greatly different from xterm, so does QT stuff, etc. And eterm, terminology, putty. Or even modern Windows console.
All because operating systems would take many years to include any new TERM strings. Heck, TERM=linux got popular in 1993 and Solaris still doesn't carry its definition.
Re: (Score:2)
The TERM variable should be handled more like the accept-language header on websites, that is you have a list of supported types ordered by preference. Any software reading it should go down the list until it finds a compatible one.
Unfortunately this would need a big change which would take even longer to implement than a new terminal type.
Re: I don't see any downside here. (Score:1)
Yes! We should all design new systems to accept a range of values that eventually include unknown/new entries and old/unsupported entries, with everything in between.
Single values are weak in any system with longevity.
Re: (Score:2)
Feature testing is almost always a better way to go
We are using a huge amount of javascript, and working around browser bugs is a regular activity. About every third minor update of a browser has a new bug/regression which affects us. In these cases only the user agent string helps. A fix for a few Chrome versions for example breaks both older and newer Chrome versions, and maybe the same regression come back a year later. However, I also understand Vivaldi developers. It is a shame of web developers, especially of popular web sites, if they abuse the user
Re:I don't see any downside here. (Score:5, Insightful)
In my opinion it is far too popular to make excessive overuse of javascript. It makes web pages much bigger than they need to be with longer load times and excessive bugs, all for some fancy feature set that is simply not needed.
There might be a teeny tiny percentage of web sites that have a supremely high load and some very special needs to meet. But 95% of the sites that imagine themselves to be in this category are not, and they are going hog-wild with bloaty, buggy, overkill-y javascript frameworks that serve to gum things up and ruin the web.
Simplicity is beauty. Proper use of the basics can meet 99% of needs. But no....every one of us thinks we are special.
We're not.
Re: (Score:2)
I don't think it's due to devs thinking they are special. Rather it's because they are lazy, and it's much easier to just snag 35 different packages via NPM than it is to use plain old JS. (There's a trendy aspect to it as well)
Re: (Score:2)
I don't think it's due to devs thinking they are special. Rather it's because they are lazy, and it's much easier to just snag 35 different packages via NPM than it is to use plain old JS. (There's a trendy aspect to it as well)
The bloated web is largely due to morons thinking they are devs because they installed a framework/cms and a bunch of crap plugins that sounded cool or claimed to make them more money.
Re: (Score:2)
Re: (Score:2)
If you use a huge amount of JavaScript (or any at all) I will not go to your website.
Re: (Score:2)
"We are using a huge amount of javascript..."
I think I've found your problem.
Just ignore UA (Score:3, Informative)
RFC 7231 quote (Score:1)
RFC 7231, "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content" (2004) is listed as a "PROPOSED STANDARD". Section 5.5.3 says
... implementations are encouraged not to use the product
tokens of other implementations in order to declare compatibility
with them, as this circumvents the purpose of the field. If a user
agent masquerades as a different user agent, recipients can assume
that the user intentionally desires to see responses tailored for
that identified user agent, even if they might not work as well for
the actual user agent being used.
Re: (Score:1)
Which is the only use I have for them: IE 11 (yeah, I know) being crap means I provide polyfills for it from the server without having to have another round trip. But I don't want to send that file to other browsers that don't need it as that wastes bandwidth and penalises users not running outdated software.
The original Opera had to do this too (Score:4, Funny)
I guess the more things change...
They will come after Firefox soon enough (Score:2)
I predict within 5 years a Chrome only web will be a reality and Go
Re: They will come after Firefox soon enough (Score:1)
I have had the sane concern for many years now. Future is not bright for a true standards-based web. Chrome / blink is the new Internet Explorer.
Re: (Score:2)
Do both? (Score:2)
Make one request with the Chrome agent string and another with the correct UA string? It will work great for one-click purchases I am sure. OK, or retrieve static pages such as images with Vivaldi in the agent string?
Why isn't there a unified user string to mask ours (Score:2)
elves? Like a server that every Firefox user can connect to and it will automatically provide a user agent string that every Firefox user can switch to if they want privacy? And maybe some more stuff like plugin configuration etc. bam, no more browser fingerprinting!
Sure I can switch my agent from time to time but if I switch to unique configurations I can still be tracked. What I want is a function that makes my browser look like everyone elses to the outside.
See your UA here ... (Score:2)
... at http://useragentstring.com/ [useragentstring.com]
Re: (Score:2)
Re: (Score:2)
https://duckduckgo.com/?t=ffab... [duckduckgo.com]
Much better. Thanks.
breaking news! (Score:2)
a new browser just implemented ua spoofing, which has been present in most browsers for decades! yay!
Re: (Score:3)
The news is not that they allow for UA spoofing (which they did for ages), but that they switch it to turned on by default, essentially giving up their own unique UA.
Microsoft is falling down on the job (Score:2)
Who are âoetheyâ? (Score:2)
Re: (Score:2)
judging by the characters in your title and body, though, /. *should* have blocked you . . .
(or are you doing it on purpose?
hawk
Re: (Score:2)
LOL.
That was posted from my phone, running Safari. What a mess!
Re: (Score:2)
wow. And it posts characters that safari Mac can't handle after going through the darkness that is the slash code . . .
Missing first sentence (Score:1)
an obscure browser called Vivaldi exists.