Re: User-Agent strings, privacy and Debian browsers

[Drew Parsons <dparsons@debian.org>]

Peter Eckersley wrote:
> Consider for a moment a typical User-Agent string sent by a Debian web browser:
> 
> Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070802 Iceape/1.1.4 (Debian-1.1.4-1)
> 
> Unfortunately, the fact that this information identifies a specific
> package and version of that package means that Debian users (already a
> select group) have their browsing identities further distinguished by
> their User-Agent strings.
> ...
> What do people think of picking a single User-Agent string for all
> versions of all of Debian's Gecko-based browsers?


>From the other responses, it seems clear that we do not want to do this
for technical reasons.

Your concern addresses a potential social problem, not a technical
problem. Perhaps you will have more success getting us to appreciate
what you're trying to say if you can explain it more thoroughly in
social terms?  

That is, what problem are you trying to solve exactly? 

Can you provide actual examples where identification by User-Agent has
led to tangible harm, or may be reasonably expected to lead to harm in
the near future, rather than than simply being some hypothetical tool
open to abuse by some future tyrannical government or corporation?

If we can be convinced the actual danger is real, then the technical
solution is of course trivial.

Drew