Re: [perpass] HTTP user-agent fingerprinting from Roberto Peon on 2013-09-13 (ietf-http-wg@w3.org from July to September 2013)

From: Roberto Peon <grmocg@gmail.com>
Date: Fri, 13 Sep 2013 15:55:17 -0700
To: Martin Thomson <martin.thomson@gmail.com>
Cc: James M Snell <jasnell@gmail.com>, Fred Akalin <akalin@google.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Karl Dubost <karl@la-grange.net>, Patrick Pelletier <code@funwithsoftware.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAP+FsNd4LHVtXk_sFXOnDr=YDgimKP66=LJoywhEHTFVwngYsA@mail.gmail.com>

There are conflicting goals here:
1) Modify the presentation of a site based on the user-agent.
2) Ensure that pages are using feature-probing instead of assumptions based
on the user-agent.

There are valid reasons for both.

I'm ambivalent because I can't think of a good solution that resolves the
conflict in a manner that is useful.
Feature probing is great, but can cause harm (i.e. some features crash
browsers).

-=R

On Fri, Sep 13, 2013 at 3:48 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> On 13 September 2013 15:41, James M Snell <jasnell@gmail.com> wrote:
> > An alternative possible approach could build on the typed codec work..
> > that is, use compact opaque binary values for user agent as an
> > alternative to the current string-based value. For those who need the
> > backwards compatibility, the legacy string values would still be
> > available and usable.. but we'd have a simple transition path for
> > something better.
>
> As it pertains to tracking, I don't see an opaque binary blob to have
> characteristics different from a string.  It does make the identifier
> less useful for the aforementioned purposes, which leads me to
> conclude that something like that would be lose-lose.
>
>

Received on Friday, 13 September 2013 22:55:44 UTC