otsukare Thoughts after a day of work

UA Sniffing Club

Rule #1

Any hooks a device, a browser can offer will be used.

Devices, browsers identity will not only be used to serve specific content, but people from Marketing will tie campaigns, payment systems, benefits for customers to a certain device and will then require device identification. It's normal, when we put things out there, we give the possibility of them to be used by anyone even outside of their initial purpose. We can't change that. The only way to reduce that is by changing the User-Agent strings and make them shorter to remove possible hooks. And to offer better alternatives to group of people who have certain requirements with regards to devices, software or market segments.

Rule #2

Any schemes based on user agent sniffing will fail in the future.

The user agent detection strategies are based on what is the known scheme for user agents. If a new device, a new browser appears on the market, scripts will fail and not provide the good user experience. This a future fail strategy. Sometimes badly designed script will just fail. In the past, when Opera switched for the browser version number from one digit to two digits, sites starting to fail. They had to lie about their version numbers, which in return added another layer of detection legacy.

Rule #3

Everyone is lying about who they are.

It is amazing how much the user agent strings have been constructed to lie. Check Safari user agent string on Mac OS X (apple):

Mozilla/5.0 (Macintosh; Intel Mac OS X 1076) AppleWebKit/536.26.17 (KHTML like Gecko) Version/6.0.2 Safari/536.26.17

It says

  • "I'm Mozilla." No, you are not.
  • "I'm KHTML." No, you are not. KHTML can just say "I'm your father"
  • "I'm Gecko." No, you are not.

Which in return creates more patterns on server side for detection and forces browsers to lie about who they are such as Opera BrowserJS or Firefox OS UA override. It's damaging for the market as a whole.

Rule #n

(certainly more rules to come.)