erin 💫
websites should be banned from knowing the operating system they're running under. no exceptions. the web development industry has collectively lost their privilege to know what os im using. i will continue taking away standard web features until you agree to fire the imbeciles that put "linux isn't supported! you're doing scary things that may not work!" messages on my fucking textbook reader. whatever your terrible pdf.js clone is doing that requires knowledge of my operating system, stop doing it immediately
Oct 29 at 12:18amWeb
Show threaderin 💫Oct 29

but platform-specific browser bugs need to get found somehow

then ask the user their operating system, dickhead. also you're not clever enough to tell the difference between an intermittent issue and a platform-specific browser bug, you don't get to play that card

but users are stupid and in-band detection is easier

i don't care! learn to talk to people who don't know computers! greater harm is done to me personally by your shitty fucking os detection warning messages than will be done to you if you are forced to sit down for two seconds and direct an elderly user to open system preferences and take a picture of the "about" section

Show threaderin 💫Oct 29
every browser's ua should report windows by default for all sites permanently and i'm not joking
Show threaderin 💫Oct 29
we did not spend ten years developing API-level feature detection from scratch - testing thrown error messages against known strings, knowing that if this method throws but that one doesn't then the API expects different options - just so that once we finally started making that shit a usable and sane part of the standard, yall could throw your hands up and treat a sloppy User-Agent regex as the Word of Brendan Eich Himself
Show threadconor: conor editionOct 29
@erin petition to make every browser report chrome on windows. even the mobile ones
Show thread40796c19Oct 29
@erin why report any os at that point
just let them deal with it
Show thread40796c19Oct 29
@erin Mozilla/5.0 Gecko/20100101 Firefox/143.0 fixed 
Show thread40796c19Oct 30
@erin actually no
Firefox/143.0
fixed it
Show threaderin 💫Oct 29
@40796c19 almost everyone still pretends to be related to KHTML for Reasons, it feels appropriate to add an additional layer of cruft to remind them of their sins
Show threadvriska, thief of light Oct 29
@erin browsers have already fixed all information in the UA except for the major version and OS
Show threaderin 💫Oct 29
@leo and in an ideal world we'd complete its obsolescence. just completely remove user-agent from relevance (outside cooperative API consumer use-cases, ig) and replace it with an API for getting browser information that can be gated behind user permission for information that might be used for tracking, or something like that
Show threadgudenauOct 29
@erin I wonder how bad not sending one would break stuff.
Show threaderin 💫Oct 29
@gudenau would you like to find out https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/
User-Agent Switcher and Manager – Get this Extension for 🦊 Firefox (en-US)

Download User-Agent Switcher and Manager for Firefox. Spoof websites trying to gather information about your web navigation—like your browser type and operating system—to deliver distinct content you may not want.

Show threadngoomieOct 29
@erin @gudenau i am giving an empty UA string a go
so far nothing bad has happened but i've barely done anything
Show threadngoomieOct 29
@erin @gudenau oh yeah and that one UA tester that extension links to reports nothing for ua-parser.js and platform.js, but for using window.navigator it says i'm using... this:
Show threadgudenauOct 29
@nu @erin I meant to not send the header at all, not send a blank one.
Show threadngoomieOct 29
@gudenau @erin i would imagine it would behave similarly
and in that vein i'm already stopping because i keep getting either flat-out banned from things or barred access until i use a normal UA string
Show threadDarryl ShpakOct 29
@erin @gudenau or reporting BeOS or QNX or something
Show threadSiguzaOct 29
@erin User-Agent: No
Show threadsodiboo Oct 29
@siguza @erin User-Agent: Sigh, I'm just a web browser with a human controlling it. No, you don't get to know which browser is visiting you. It doesn't matter. Yes, this is probably way more fingerprintable than a Chrome UA but I don't care at this point. Please just serve me standards-compliant HTML5 and then promptly fuck off.
Show threadtempestNov 2

@sodiboo @siguza @erin if we saw something this unique and obviously custom set in the logs of our site we'd probably start hiding easter-eggs in the response just for them or something. like:

<!-- oh hey i like your UA, wanna be friends? -->

Show threadlobingeraOct 29
@siguza @erin User-Agent: Bond, James Bond
Show threadJes - Hedgehog Edition Oct 29
@erin chrome mask is p epic
Show threadReid Oct 29
@erin can't we at least make it something funny like Skynet?
Show threadprincess pancake Oct 29
@erin We wouldn't need this shit at all if the flow of installing Windows applications wasn't stuck in 1985
Show threadReid Oct 29
@erin > but platform-specific browser bugs need to get found somehow

Platform-specific bugs which shouldn't even be applicable to the web because the whole point of this piece of shit is that it's a completely independent runtime that doesn't care what's beneath it?
Show thread Ibly 🏳️‍⚧️ Oct 29
@erin "oh but what about automating downloads for the correct operating system" back in my day we had this thing called a "drop-down menu"
Show threadKg. Madee Ⅱ.Oct 29
@EeveeEuphoria @erin lol, and then pull a Microsoft + give me the Mac version when I'm on Linux? Yeah, just let me choose what I want!
Show threadROct 29

@erin unless they fixed it, in some cases linux might actually work *better*

in the early days of ArrayBuffer in Firefox on Linux, it would be subject to the usual memory overcommitment, meaning that you could reserve tons of memory as long as you didn't dirty too much of it

(this isn't nearly as useful as doing shenanigans in a native process, since each individual buffer can only be 2 GiB)

Show threadLMR 🇦🇹🇪🇺🏳️‍🌈🏳️‍⚧️🏴‍☠️Oct 29
@erin alternatively: make it opt-in with popup, like notifications and camera/mic access. and make it mandatory for browsers to have a spoofing option for them to be standard compliant.
Show threaderin 💫Oct 29
@_r this would be great if it had been like this from the beginning, unfortunately i feel like at this point if it's possible to request then nobody's going to stop requesting it and then we're just going to make the popup desensitization worse for users when every single page continually asks them what os they're on even if it's not needed
Show threadLMR 🇦🇹🇪🇺🏳️‍🌈🏳️‍⚧️🏴‍☠️Oct 29
@erin no popup. auto-deny and make people find it and enable it themselves if they want it so badly. per-website, yes
Show threaderin 💫Oct 29
@_r would be cool, but i'm doubtful any major browsers will ever admit that nag popups aren't real consent
Show threadLMR 🇦🇹🇪🇺🏳️‍🌈🏳️‍⚧️🏴‍☠️Oct 29
@erin yeah no of course not. none of this will ever happen. we will stay at the status quo
Show thread0xC0DEC0DE07EAOct 29
@erin @_r anyone putting nagging messages in their page for you to see is going to convert their nagging message to “Please allow all surveillance options for your convenience as this site works best with—ah, you got me, we sell your data, fucking every byte we can get our hands on.”
Show threadStadler BLÅHAJ Evowo Oct 29
@[email protected] @erin no just like have it silently deny. make devs have to explicitly do navigator.requestUserAgent() for it to popup, and have the getter for userAgent just have a silently denied permission in the site's permission list. Similar to some browsers with window.open() :3
Show threadShadSterlingOct 29
@erin they were supposed to put the JavaScript in a sandbox, not the user
Show threadseungjinOct 29
@erin
Not just OS, I do not feel good when it asks where I am and even tries to see what I’ve visited through my other browser tabs.
Show threadKo Simon toku ingoa Oct 29
@erin iPad Safari tells websites that it’s MacOS so they’ll present the full web experience, so it is possible to make your browser lie.
Show threadkyOct 29
@erin websites should be banned from executing scripts on my computer without my explicit permission
Show threadStadler BLÅHAJ Evowo Oct 29
@erin same goes for browser-choice. unless you manually do behaviour fingerprinting you have no right to know you're running on version 128.69.420 of obscure firefox fork 69. the site shouldn't behave differently based on browser choice, only based on feature availability.
Show threadMitsuneeOct 29
@memdmp @erin unfortunately you can't really check for individual Web API features while on the backend and the same people who yell about this stuff want to minimize JS as much as usual, which is quite the contradiction ​
Show threadFrost, wolf of winter 🐺🎄Oct 29

@memdmp @erin to be fair one time we had to sniff the user agent to work around a silly bug in Safari where it SUPPORTED the feature (color matrix transforms) but did it wrong (not liking linear blend mode and only operating in sRGB, IIRC), and I don't think you can feature test for that

but normally? yeppp.

Show threadStadler BLÅHAJ Evowo Oct 29
@erin @IceWolf this is an exception. also safari is kil and was the bane of my existence when working at $COMPANY
Show threadStadler BLÅHAJ Evowo Oct 29
@erin @IceWolf every production layout bug was caused by safari so like awawa
Show threadReid Oct 29
@erin also, lets' remove shit like WebUSB and WebBluetooth. There's no good reason to allow direct hardware access to software which fundamentally cannot be trusted.
Show threadm_on_stairOct 29
@[email protected] @erin mf which software can you fundamentally trust? that debian maintainer sure as fuck isnt reading the source
Show threadReid Oct 29
@m @erin yeah, but once a package is installed I know the code won't change. Can't say the same for websites
Show threadllewellyOct 29
@erin in the old days programmers needed to know what OS an application ran under so they could write code which would break as soon as popular assumptions about said OS proved untrue. These days they need to know in order to invade privacy.
Show threadQybatOct 29

@erin I have a suspicion this is because the site uses some anti-copying measures to prevent dirty pirates* from downloading the textbooks and sharing them with people who didn't pay.

*Me

Show threadAmber Oct 29
@erin pearson telling me linux isnt supported
Show threaderin 💫Oct 29
@puppygirlhornypost2 this is what inspired this post yeah
Show threadvoidsent dollOct 30
@erin @puppygirlhornypost2 this one posted about the exact same thing several months ago lol
Show threaderin 💫Oct 30
@0x57e11a @puppygirlhornypost2 fuck pearson all my homies hate pearson
Show threadAmber Oct 30
@erin @[email protected] there is a reason i knew it by name.
Show thread&mut selves QyriadOct 29
@erin YES FUCKING PLEASE
Show threadMichael SumnerOct 29
@erin yeh, I came for the single line rustup Linux install, why are there only .exe files ...
Show threadmelodyOct 30
@erin i think the idea is that "oh like you can automatically select which download for their OS :)" but clearly its abused
try a user agent faker
Show threadEvalynFeb 11
@melody @erin I yoinked my user agent straight from windows MS edge and slapped it in my Firefox on Linux and it broke a ton of crap sadly. Though thinking about it I wonder what would have happened if I had a proper Firefox windows user agent?
YouTube mainly was blocking me hard with the spoofed User agent and even in plain FF/Linux it loves to break its self
Show threadCelesteOct 30
@erin Add EME to the list of things that should be banned from the web entirely.