Am Donnerstag, 13. September 2012 08:28:23 UTC+2 schrieb Jonas Sicking: > * Some content providers strike deals with hardware manufacturers > > which allow devices made by the manufacturer to access content for > > free. One way that this is implemented is by looking for tokens in UA > > strings and serve content based on this. This is obviously terribly > > insecure and easy to spoof, however the hurdle is large enough that > > this is a "good enough" solution in many cases. I.e. the cost of > > developing a more secure solution, and the cost of losing users due to > > having to ask them to enter passwords etc is higher than the lost > > revenue due to people hacking the system by changing their UA string. > > > > * App stores only want to deliver applications to devices which they > > know will run on the device. Today many stores in our target market > > (Brazil) apparently do this by looking at hardware tokens in UA > > strings. This is a scenario where we strongly want people to do > > capability checking by using the DOM for reasons that we are all way > > too familiar with. However this isn't what stores do today and so we > > would have to convince them to switch to this system. Additionally > > capability checking isn't always perfect, since currently it's hard to > > detect performance metrics. >
When Microsoft fixed IE, they implemented (A) a compat mode and (B) an updateable white/blacklist containing sites that are always served in compat mode. IMHO this is a good solution for this problem, too. Fx should go with a platform agnostic UA but, based on a special list, serves a tailored UA. This list should update with newly found incompatible and newly fixed sites. Users can report a problem they have on a site and try the Android-token-UA-string. Mozilla can add the site to the list and even evangelize the creators of the website to update it to feature detection. The "list feature" can be implemented similar to the phishing protection service. Other posts mentioned a whitelist but the key feature is the globally updated list, otherwise the user experience degrades enormously. Shall I file on bug on that? _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
