Le 30/10/2016 à 00:34, Nicholas Alexander a écrit :
On Sat, Oct 29, 2016 at 7:21 AM, Kohei Yoshino <kohei.yosh...@gmail.com>
wrote:
So the Battery Status API has just been removed, I think now is a good
time to think about navigator.buildID again, which bug [1] has been
inactive for a whole year.
4 years ago, Firefox 16 removed a minor version number from the user agent
string to mitigate fingerprinting [2][3]. However, the build ID unique to
each minor version is still exposed via the non-standard navigator.buildID
property. Since trackers can easily retrieve build IDs from Mozilla Wiki
[4] to map them to minor version numbers, the fix in Firefox 16 was totally
meaningless.
There were some legitimate use cases on Mozilla properties, for example,
warning visitors who are using an outdated Firefox, but those usages have
been replaced with the UITour API [5]. A comment in the bug [1] explains
that Netflix was also using the build ID to detect a specific playback bug
in Firefox, but it's probably not longer relevant. Given that, I believe
the buildID property should be removed, or at least made chrome-only.
I concur, we shouldn't leak such fine-grained information about the UA to
content. For future discussion, my Nightly uses
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0)
Gecko/20100101 Firefox/52.0
but navigator.buildID is 20161015030203, revealing much more than 52.0.
As for chrome-only -- I wonder how many consumers there are.
about:support, perhaps?
Hi,
IMO the builID is important for our community of nightly testers that
report bug and need to indicate precisely in which build they found a
regression, so keeping that information available via about:support and
extensions such as Nightly Testers Tools seems valuable for mozilla to
me in a chrome context.
Regards
Pascal
--
Pascal Chevrel
pascalc on irc://irc.mozilla.org/nightly
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
