On Wed 04 Nov 2015 at 14:59:23 +0100, Vincent Lefevre wrote: > On 2015-11-03 13:59:12 +0000, Brian wrote: > > The contention is that overriding a bank security decision and altering > > the user-agent string is unwise and not to be recommended. > > > > Access to digital banking at RBS and Natwest in the UK is allowed only > > when the string "Firefox" is found. Many years ago I used to add it > > myself to what Iceweasel sent. Nowadays there is no need to do that > > because "Firefox" has been added to the user-agent in the Iceweasel > > package (bug #399633). > > > > Who is now responsible for bypassing these banks security mechanisms? > > Iceweasel still advertises itself (in addition to the "Firefox" string) > and is based on Firefox, so that it does not bypass anything. The bank
"Iceweasel" is ignored, as is "LetMeUseMyPreferredBrowser". > can have specific rules for Iceweasel. The rules should be: accept > everything by default, deny strings known to correspond to browsers > that are no longer supported. Perhaps they could abandon this dumb idea of "protecting" their users by completely denying entry using a browser of their choice. Many other banking sites manage quite well without a user-agent suitability test. Or look for the OS used and base access on the present and historical security record of the OS. That's 90%+ of their customers who won't want to be protected against themselves!
