[nSLUG] User agent spoofing

Jeff Warnica jeff at coherentnetworksolutions.com
Tue Jan 23 22:52:11 AST 2007

On Tue, 2007-01-23 at 22:12 -0400, Oliver Doepner wrote:
> Hello,
> I guess we all agree that using OS / browser detection to deny users 
> access to a website is a broken policy.

Absolutely, but its not black and white. the tsn site, for example was
not just blocking off (untested) browsers arbitrarily. 

> It's nice and dandy to work around that bullshit but I think it's also 
> important to let the site creators know that it's an unnecessary 
> inacceptable annoyance. The more people complain the bigger the chance 
> that they stop implementing such nonsense.

In some cases, it is totally unnecessary. In some cases, it is necessary
because of poor implementation choices. In some cases, given the spec
and/or target and/or specific technology required to implement the other
two, it is absolutely necessary.
> It find it acceptable to show a message that the OS / browser is not 
> explicitly supported and that you might not be able to take full 
> advantage of the site.


> I like what Gmail does: It falls back to a basic HTML version for 
> browsers that do not fully support all the JavaScript, CSS and other 
> fancy technologies that the Gmail site usually uses _and_ it lets the 
> user know about this with the mild suggestion to use a more capable 
> browser.

Or, what tsn.ca does. Allows just about everything access to most of
their site. And detect things that have specifically been tested against
advanced features, and provide somewhat specific "error" messages to
everyone else.

Embedded video has always been something that has never quite worked
right. Even on supported platforms. Youtube and Google video works with
something as lowly as Flash 7, but looks, in general, like ass.

> Interestingly, I noticed this behaviour of Gmail yesterday when I tried 
> the "User Agent Switcher" extension in Firefox: I had set it to 
> "Netscape 4.8 (Windows XP)" and had forgotten to switch back to default.


Bad: "You can't use this site because we think that it is possible to
provide pixel perfect rendering (even on the browsers we have tested),
and we haven't tested yours; Goodby"

Bad: "You can't use this site because we took shortcuts, or used
extensions: Goodby"

Annoying, but better: s/Goodby/good luck, anyway/g

Reasonable: "Here is most of our content, or most of the site, but this
specific area wont work with your browser"

Acceptable: "Here is the site, but with nifty things not working because
your browser isn't supported. But most of the features do work, if in
other ways.

There is no ideal solution here, because any non-trivial site will use
CSS, and will use javascript, too the point that none of the major
browsers agree universally on how to accomplish a required feature.

"Look ugly but works everywhere" isn't an option for most sites. It
isn't an option for usability types, it isn't an option for marketing
types. Thus, browser hacks, browser detects, and browser denies.

The browsers are all wrong. Nothing implements all the standards, or the
entirety of particular standards, and what they do implement is often
wrong. Everyone implements their own extensions. The standards are
themselves frequently wrong - both from the perspective of people who
know something about design, and from computer scientists - leaving
browser vendors to choose what is right: the spec, the right thing,
something else, or nothing. The spec process moves very slowly. Vendors
move very slowly. Users move very slowly to upgrade. Thus, browser
hacks, browser detects, and browser denies.


More information about the nSLUG mailing list