Re: Lynx and log files from Gregory J. Rosmaita on 1999-07-25 (w3c-wai-ig@w3.org from July to September 1999)

From: Gregory J. Rosmaita <unagi69@concentric.net>
Date: Sun, 25 Jul 1999 02:58:51 -0400
To: WAI Interest Group Emailing List <w3c-wai-ig@w3.org>
Message-Id: <4.1.19990725025840.009a6040@pop3.concentric.net>
Len asked:
>What do the brower sniffer segregators typically do if they encounter a
>browser they don't recognize

that's a good question, and one for which i don't have a definitive answer, as
i've never succumbed to the urge to sniff a browser...  i suppose that they are
simply looking for the string (or, rather, prefix) "Mozilla" in the user-agent
header, before issuing an accept, as i doubt that anyone has the energy or
inclination to maintain a list of excluded browsers and their user-agent header
prefixes...  how diverse the latter are, i don't know -- i don't, for instance,
know the user-agent header for the w3 browser, and i don't know where to find a
definitive list of user-agent headers.. . yet, while i don't know all of the
possible permutations for prefixes are, i do know that MSIE and Netscape both
declare as Mozilla, as does Mosaic, i believe...  don't know about Opera -- a
dug around a bit in my C:\browsers\opera directory, but couldn't find anything
that contained the user-agent declaration for the browser...  

i searched about a bit in "Connected: An Internet Encyclopedia", in which, if
you look long enough, you can find something about pretty much everything
technical that has to do with the web, and which is located at
        http://www.shopthenet.net/publiclibrary/CIE/
but it is late, and i am tired, so i didn't turn up too terribly much...  

i did find something interesting, though, when i searched MetaCrawler for the
string "browser sniffing":
        http://msdn.microsoft.com/workshop/management/browser.asp
which supposedly sniffs not only what browser you are using, but what OS... 
worked with MSIE, as expected, but using Lynx32, it simply returned empty
values across the board (which i also expected)...    when i tried it using
Opera 3.51 (i know -- i need to upgrade!), it couldn't tell me the browser or
browser version number (it actually reported "Not Supported"), but it did
determine that i was running Windows 95...   

i also (courtesy of MetaCrawler) turned up an online course in JavaScripting
hosted by the University of Nebraska, Lincoln's Instructional Technology
Group...  they have what appears to be a pretty extensive collection of
resources located at:
        http://itg.unl.edu/teaching_resources/
there, there is an instructional page on browser sniffing, and one using the
fruits of browser sniffing to shunt users either to what it refers to as the
"high-bandwidth" version of the site or the "low-bandwidth" version of the
site...  the sample source code and accompanying exegesis, clearly shows that
-- at least at the University of Nebraska, Lincoln -- they teach students,
faculty, and staff to sniff thus:

1) a javascript runs to check the user-agent header, so as to determine the
browser, version, and OS

2) if the javascript detects the prefix "Mozilla" in the user-agent header
carried by the browser, it assumes that the browser is either Netscape or MSIE
(and if it is not sure, it will assume Netscape, as do the three browser
sniffing shareware applications that i also stumbled across in the course of my
search)

3) if it identifies the browser requesting the document as a "Mozilla"
compliant browser, it sends the request on to the "high-bandwidth" version of
the site; and, if it fails to find the "Mozilla" prefix, it assumes that the
browser isn't capable of handling graphically oriented content, and shunts it
off either to the low bandwidth version of the site, or to a page that advises
the user to join the twentieth century before it ends...

all of which is a pretty un-discriminating way to discriminate on the basis of
browser!

that the check goes no further than the prefix is bourne out by the output of
the browser sniffer that the ITG at UNL uses to demonstrate the javascript in
action... the browser sniffer, located at the following (extremely long) URL:
http://itg.unl.edu/teaching_resources/resource_bank/javascripts/browser_snif
fing/sniffing_action.html 
when i tried it using Opera, it performed somewhat better than the microsoft
sniffer--while it reported that i was using Netscape (so it does look for that
initial Mozilla!), it also reported my user-agent header as:
        Mozilla/4.0 (compatible; Opera/3.0; Windows 95) 3.51 [en].
which i answers the question, "does Opera declare as Mozilla?", with a pretty
resounding yes...  it also shows that this particular javascript doesn't really
care what follows the "Mozilla" prefix, for if it did, it would have used the
user-agent header to correctly identify the browser...

so, i suppose that you could declare:
        Mozilla/4.0 (compatible; Supreme-Ultimate/0.0; DOS 2.0) 0.0 [gd]
and you could still get around the typical browser sniffer, even though you
declared a non-existent browser, running on a non-graphical platform, using
what is probably an un-supported language, as gd is the ISO 639 value for Scots
Gaelic...

actually, i'm not sure how much longer that will be true, however, or even if
it is still true, as i know of a great many sites who indulge in very
sophisticated browser-sniffing, so as to return to the declared user-agent
content quote best suited unquote for it...  there are benign uses of it, such
as sniffing browsers by the level of their support for CSS, and then either
delivering the user to the CSS-enabled version of the site or else the non-CSS
(i.e. quote straight HTML unquote) version of the site, but most of the uses
i've encountered are more properly classified as mis-uses...

which is why i would like to see the next iteration of the Web Content
Accessibility Guidelines address browser sniffing directly, for if a site rates
as Triple-A compliant, but only those users using browsers declaring as
"Mozilla" can breach the browser-sniffer to gain access to that site, then that
site's Triple-A conformance claim is worthless

i'd be interested in what anyone who has browser sniffed has to say on the
topic,
gregory
--------------------------------------------------------
He that lives on Hope, dies farting
     -- Benjamin Franklin, Poor Richard's Almanack, 1763
--------------------------------------------------------
Gregory J. Rosmaita <oedipus@hicom.net>
   President, WebMaster, & Minister of Propaganda, 
        VICUG NYC <http://www.hicom.net/~oedipus/vicug/>
--------------------------------------------------------
Received on Sunday, 25 July 1999 02:55:01 UTC