A young Italian lad working at the local palace stables was deeply in love with the princess. He wanted to attend the party organized by his master and expressed his passion. At the entrance, it was decided that he didn't have the quality of the fine society to be able to participate. Not deterred by this ignorance, he decided to come back wearing a mask. He passed through the entrance like a breeze and since then he has been able to spend countless hours with the princess.
In case you would be thinking that's an old romantic cliché story… you would be half right. It is a cliché, but it's not old, it is happening every day with browsers trying to access Web sites.
Browsers Wearing A Mask
Before working at Mozilla, I was part of the Developer Relations Team at Opera. To cope with the Web sites barring the entrance to the browser based on the
User-Agent (UA) string, Opera (Presto) had a list of domain names for which the browser was lying about its identity by wearing another UA mask. You can discover the list of sites which thought Opera was not good enough for letting the users enjoy the content:
It's about 210 domain names as of today. Since then Opera switched to the Blink rendering engine (Webkit fork), but I have been told by Andreas Bovens that the spoofing was still happening for the Opera Blink browser.
At Mozilla for Firefox OS only, the story is too familiar. And the cliché continues its own life. The Web Compatibility Team is working on trying to get rid of the UA override by contacting Web sites. As of today, there are still 114 domain names with UA override. You can help by contacting the sites following the instructions from the guide. That said, not all sites have UA override in place, and there are plenty more Web sites showing issues of this type.
What about Internet Explorer, the old Emperor of the Web, the one we had to fight such a long time because Web sites were targetting exclusively this browser. Well same old story, with a funny turn of events. A bit like if a noble could not attend any more the parties because we would have lost his fortune. IE for certain domains has to lie about itself and its capabilities.
Ubuntu [added on 2013-11-15]
This one is a new addition. Ubuntu has exactly the same type of issues for their mobile browsers, and drumroll.
So we are being told that UA detection is often the only way to solve some of the issues. Because of that we have started to ask the community to collect the use cases for UA detection. The goal here is not to approve or disapprove UA detection but to understand the problem space and find better ways when it is possible.
The part which is not acceptable is that in many cases the browsers have to lie to be able to participate. When you are asking why they ignore this browser, the responses are many:
- "Browser X is not visible in our stats": Well, if the site blocks the entrance because of its UA, it will not be visible. Logical. And if the browser lies about who is it, it will still not be visible in the stats.
- "We didn't test that browser": Yes but we did and we know it's working, so please let it go through.
- "Ah there is such a thing like the browser X": Future fail development, you will never know what will hit your Web site and you have to allow for the unknown to come visit your site even if the experience is not optimal.
- "We have version 1.5 of the XYZ UA detection framework, the browser X is not into it.": Old and unmaintained UA detection frameworks are plenty. People don't necessary updates the framework, or the release cycle is so long that it takes six months to one year to upgrade. Sometimes the update fees are too high to bother.
Let's all stop that. It's not good for the Web. It's definitely not good for the users. If you do UA detection, do it in a way which embraces the unknown, not in a way which targets only a few well known city dwellers. Let the romance be in between the princess and the lad.