Don Marti

Mon 20 Aug 2012 07:25:05 AM PDT

Firefox's secret shame

Mike Ratcliffe asks, "How well does your browser protect your privacy?" and suggests some Firefox extensions. (One more: RequestPolicy).

But Firefox has a deeper problem. It's what the EFF calls the browser fingerprint.

For historical reasons, Firefox has a User-Agent string—the text that a browser uses to identify itself to the server—that's just packed with information. Seriously. Look at all this detail.

Why is all that crap in there? Some of it is needed to tell some sites that the browser can do certain things. Many web sites do "browser sniff" in order to decide whether or not to offer advanced features. Although there are better ways to deal with this now, the Firefox developers are reluctant to make any changes that would break legacy sites.

Daniel Cawrey writes, in Firefox Competitive Strategy Must Focus On Privacy, Since Firefox is the only truly open browser and its features do not depend primarily on investor concerns, Mozilla has a unique opportunity to go to great lengths protecting the privacy of its users while they are on the Internet.

That's a great idea. How about a compromise? Instead of dropping User-Agent entirely, minimize it to a single common string, one that contains the commonly sniffed information. Start with a privacy option to enable this minimal User-Agent, and give sites a chance to fix their sniffing when the early adopter privacy-hawk users turn it on. When it works for the privacy freaks, make it the default.

(Photo: Dave Young)