[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iceweasel updates

On Wed 04 Nov 2015 at 14:59:23 +0100, Vincent Lefevre wrote:

> On 2015-11-03 13:59:12 +0000, Brian wrote:
> > The contention is that overriding a bank security decision and altering
> > the user-agent string is unwise and not to be recommended.
> > 
> > Access to digital banking at RBS and Natwest in the UK is allowed only
> > when the string "Firefox" is found. Many years ago I used to add it
> > myself to what Iceweasel sent. Nowadays there is no need to do that
> > because "Firefox" has been added to the user-agent in the Iceweasel
> > package (bug #399633).
> > 
> > Who is now responsible for bypassing these banks security mechanisms?
> Iceweasel still advertises itself (in addition to the "Firefox" string)
> and is based on Firefox, so that it does not bypass anything. The bank

"Iceweasel" is ignored, as is "LetMeUseMyPreferredBrowser".

> can have specific rules for Iceweasel. The rules should be: accept
> everything by default, deny strings known to correspond to browsers
> that are no longer supported.

Perhaps they could abandon this dumb idea of "protecting" their users by
completely denying entry using a browser of their choice. Many other
banking sites manage quite well without a user-agent suitability test.

Or look for the OS used and base access on the present and historical
security record of the OS. That's 90%+ of their customers who won't want
to be protected against themselves!

Reply to: