Mozilla omits CPU architecture information from Firefox's user agent
Mozilla plans to omit CPU architecture information from Firefox's user agent and several supported APIs to reduce the digital fingerprint of Firefox users.
Web browsers reveal information automatically to websites that users open in the applications. The user agent reveals information about the browser and browser version, operating system, and, up until recently, also the CPU architecture.
Fingerprinting scripts use user agent information and other information, e.g. language and location, to create digital fingerprints. The accuracy of fingerprints increases with the number of unique data points.
Firefox won't reveal one of the information bits to scripts and sites anymore going forward. The change, implemented already in recent Firefox Nightly 69 builds, omits CPU architecture information from the user agent.
Firefox used to differentiate between the following CPU architectures:
- 32-bit Firefox on 32-bit operating systems.
- 32-bit Firefox on 64-bit operating systems.
- 64-bit Firefox on 64-bit operating systems.
Firefox users who run Firefox 69 will notice that scripts that return the user agent won't differentiate the information anymore. A simply Google search for check user agent reveals that as seen on the screenshot below.
The current Nightly version of Firefox run on a test system returns the following user agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
The change affects 32-bit Firefox installations that run on 64-bit versions of a Windows or Linux operating system. These versions will use the following user agent as of Firefox 69:
- Linux: Linux x86_64 instead Linux i686 on x86_64
- Windows: Win64 instead of WOW64
The change applies to the user agent and the APIs navigator.userAgent, navigator.platform, and navigator.oscpu.
Modifying the user agent information in this way is a low risk change according to Mozilla that should not impact functionality or compatibility.
Mozilla's plugin finder service used the information provided by the user agent to direct users to the correct Flash Player download. Adobe Flash is the last plugin that Firefox supports but the installer is universal so that a differentiation is no longer necessary. Flash, additionally, will be retired in late 2020.
The change is the first step of a more extensive rewriting process that will remove CPU architecture information entirely from the Firefox user agent and relevant APIs. The major change requires extensive testing as it has a higher probability of causing web compatibility issues on sites that implement user agent sniffing techniques.
Firefox omits CPU architecture information going forward and will even hide architecture information entirely in the near future; that's a good step in the right direction. It could lead to incompatibilities, however on sites that sniff user agents.
Now You: What is your take on the change? (via Sören Hentzschel)Advertisement