Ben Bucksch wrote:
> I propose the following changes to the UA-string:
>
> Bug 55366
> The language part currently shows the language of the used chrome
> localization. The HTTP explicitly discourages revealing the UI language
> to the site. I suggest to always return "en".
> We have the Accept-Language HTTP header, which is the official way and
> which can be customized by the user.
> Later, we could use that pref to determine which language to report in
> the UA-string, but I don't know of pages which use the value in the
> UA-string or the JavaScript-function, so that is not high on my priority
> list.
I'm w/ you 100% on the above. However, the reality is that *many* sites
(in particular international websites) grep for the lang piece in the UA
string (ignoring the Accept-Languages header). I don't think we can cut
them off. Someone from i18n should weigh in here.
> Bug 57555
> Currently, we reveal the exact version number (up to the build number on
> newer OSes) of Windows. That allows for targetted attacks to exploit the
> known security holes of the particular OS version. I don't see a reason
> why I site would *need* to know that, at least non that would justify
> the risk for the user. Thus, I have a patch to return on of 3 values:
>
> * "WinNT" for Windows NT 3.x, 4.0, W2K, Windows XP etc.
> * "Win9x" for Win95, 98, ME
> * "Win" as fallback
>
> Unix and BeOS is already fixed. Mac unknown.
I'm sure people use this dat for tracking, but I agree, it's probably
too descriptive.
Jud
