Hacker News new | past | comments | ask | show | jobs | submit login

Here's a good comparison: Android Chrome's user agent:

Mozilla/5.0 (Linux; Android 6.0.1; SM-G928F Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36

Versus Android Firefox's user agent: Mozilla/5.0 (Android 9; Mobile; rv:66.0) Gecko/66.0 Firefox/66.0

Note how the Chrome browser announces your phone model and software build version to the world.

With regional models with carrier customised software builds, simply the user agent can be used to fingerprint a user.




It's ironic that in a time when the browser used matters less than ever thanks to good HTML5 standard support and differences lie more in the fringe, most recent corners of the living standard, the user agent strings are more detailed than ever.

It would help if the browser vendors, particularly Google, took a step back and spent some time thinking about why user agent strings were invented. They're more like cludges to know how to present a web page, which are less needed nowadays because you can request things like mobile device dimensions, provide HiDPI resources that are only used in case they are needed, provide entirely different views depending on mobile or web, etc. All without peeking at that ugly string. Beyond that, we have polyfills and frameworks that guarantee cross-browser compatibility and minimum supported versions, again without resorting to peeking at browser engine build numbers or worse because the detections are now largely integrated in the standards themselves.


Actually browser compatibility is not getting better, it is getting worse.

I was working for a firm last year that made a system with a browser front end that only supported Chrome and Safari, not Edge or Firefox -- this is happening everywhere, and it is why MS threw in the towel with Edge.


I don't think that anecdote fares well against the many ways in which browser compatibility has improved


Browser compatibility is better in early 2019 than I think it was in early 2011. I think it is worse than it was in early 2018.


Browser compatibility is improving because the incompatible browsers are dying off.


Yup it's disgusting. Even in private mode sites know it's me with my build version and ip.


To be honest most people are confused about "private mode", I agree there should be privacy options enabled by default with it, but the reality is pretty much "no browser history will be stored (locally) and your session / cookies will be isolated between private mode and "normal mode"


Indeed. It's intended as a method of watching porn without having it pop up in the address autocomplete later when your kids are trying to go to the Peppa Pig website.


I don't expect serial numbers to be sent even in public mode. Android build plus ip might as well be a serial number.


Google still knows my precise location sometimes even when I'm connected to a VPN. The browser itself uses more (Wifi network, phones linked to your account) than just your IP to determine it, and there's no way to control it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: