473,736 Members | 1,757 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Should UA string spoofing be treated as a trademark violation?

VK
I wandering about the common proctice of some UA's producers to spoof
the UA string to pretend to be another browser (most often IE).

Shouldn't it be considered as a trademark violation of the relevant
name owner? If I make a whisky and call it "Jack Daniels", I most
probably will have some serious legal problems. "Mozilla" partially
appeared because NCSA stopped them from using "Mosaic" in the UA
string.

Is it some different situation with the current spoofing?
P.S. And no, I am not starving for browser sniffing. But the stats
impact is obvious.

Apr 13 '06 #1
79 3774

VK wrote:
I wandering about the common proctice of some UA's producers to spoof
the UA string to pretend to be another browser (most often IE).

Shouldn't it be considered as a trademark violation of the relevant
name owner? If I make a whisky and call it "Jack Daniels", I most
probably will have some serious legal problems. "Mozilla" partially
appeared because NCSA stopped them from using "Mosaic" in the UA
string.

Is it some different situation with the current spoofing?
P.S. And no, I am not starving for browser sniffing. But the stats
impact is obvious.


It seems that this problem would be of concern mainly to Microsoft, and
Microsoft has plenty of good lawyers and usually will use them for the
least little copyright violation they see. I would thus guess that
either there is not a copyright violation or Microsoft considers this
problem unimportant. Of course copyright laws can vary somewhat around
the world, and they are not enforced very well in some countries. I am
quite willing to leave the copyright aspects of this "problem" to
Microsoft. However, I think that every browser variation should have a
unique ID number assigned by an international agency, and that any
browser should be blocked from the web that does not have such an ID.
This would allow meaningful browser detection on the rare occasions
that it is really needed - for example the browser has a bug that other
browsers do not have. Howover, I am sure that this is wishful thinking
on my part, just as is a requirement that all new pages be blocked from
the web unless they completely validate at the W3C html and css
validators.

Apr 13 '06 #2

cwdjrxyz wrote:
VK wrote:
I wandering about the common proctice of some UA's producers to spoof
the UA string to pretend to be another browser (most often IE).
<snip> It seems that this problem would be of concern mainly to Microsoft, and
Microsoft has plenty of good lawyers and usually will use them for the
least little copyright violation they see. I would thus guess that
either there is not a copyright violation or Microsoft considers this
problem unimportant.
Don't be silly, Microsoft couldn't take action against anyone as they
virtually invented UA string spoofing, and every browser they have
released since IE 4 has spoofed Netscape 4 (hence 'Mozilla/4.0' at the
start of their UA string).

It was Microsoft's action in spoofing Netscape that resulted in the
change between HTTP 1.0 and 1.1 where the latter no longer specifies
the UA header as a source of information, only suggests that it could
be used as such. By the time HTTP 1.1 was written the horse had long
since bolted.
... , and that any browser should be blocked from the web
that does not have such an ID.
At which point the people writing the browsers you have never heard
off, and would so assume are incapable of anything, start spoofing
browser IDs. We just end up back where we are now, with lots of people
wasting their time thinking about browser IDs in the same way people
have been wasting their time assuming that user agent strings could be
a source of information.
This would allow meaningful browser detection on the rare occasions
that it is really needed
Many more people declare a need for browser detection than are actually
capable of coming up with some example where feature detection could
not answer the question if asked.
- for example the browser has a bug that other
browsers do not have.
Don't all browsers have a bug that other browsers do not have? But most
significant bugs can be tested for without browser detection. If you
think otherwise you are welcome to suggest a concrete example and see
if it can't be feature detected.
Howover, I am sure that this is wishful thinking

<snip>

Yes it is.

Richard.

Apr 13 '06 #3
VK wrote:
I wandering about the common proctice of some UA's producers to spoof
the UA string to pretend to be another browser (most often IE).

Shouldn't it be considered as a trademark violation of the relevant
name owner? If I make a whisky and call it "Jack Daniels", I most
probably will have some serious legal problems. "Mozilla" partially
appeared because NCSA stopped them from using "Mosaic" in the UA
string.

Is it some different situation with the current spoofing?


From a technical (and probably a realistic) standpoint, it probably
isn't really relevant. Especially considering that the greatest impact
UA spoofing has is to raise the statistical % usage of IE - and I'm sure
Microsoft isn't too concerned about that.

From a theoretical legal standpoint, you're probably right.
Apr 13 '06 #4
VK

Richard Cornford wrote:
Don't all browsers have a bug that other browsers do not have? But most
significant bugs can be tested for without browser detection. If you
think otherwise you are welcome to suggest a concrete example and see
if it can't be feature detected.


To not be nasty - but exclusively as a "burden of proof":

The current SVG Cairo engine used in Firefox 1.5.x cannot render
textpaths under Windows 98. Even more nasty: it just stops SVG
rendering on the first occurence of textpath. It is mentioned on
Mozilla's site but doesn't help on a practical run.

While the SVG Cairo support itself can be detected by
if (document.imple mentation.hasFe ature('org.w3c. dom.svg', '1.0'))
for Windows 98 adjustments I have to sniff for "Win98" in UA's string.

Though this sample is not perfectly "clear" as I'm sniffing for OS, not
UA.

Apr 13 '06 #5

Richard Cornford wrote:

At which point the people writing the browsers you have never heard
off, and would so assume are incapable of anything, start spoofing
browser IDs. We just end up back where we are now, with lots of people
wasting their time thinking about browser IDs in the same way people
have been wasting their time assuming that user agent strings could be
a source of information.


Of course you are right. So the international agency that assigns
browser IDs would have to have the ability to enforce the standards and
heavily fine or otherwise penalize browser writers who violate them. On
a more general level, we have to have international and national
standards for broadcasting radio and TV to avoid chaos. However the
situation on the web has approached anarchy in many respects, resulting
in unnecessary problems for both the writers of web pages and users.
The technical control of radio and TV broadcasting on an international
and national basis is not perfect, and a few rogue countries have
jammed broadcasts from time to time, for example. However, in my
opinion, the situation is far better in the broadcast field than it now
is on the web. I am only talking about enforcement of technical
standards. I do not think that regulation of content standards is a
good thing in most cases, although there could be rare exceptions. The
problem here is that what is acceptable in one society may not be so in
another. A good example is China. Both Google and Yahoo have recently
attracted the attention of the US Congress, and others, concerning
giving personal information about users that the Chinese official
demand. In some cases such information has apparently been used to jail
people who do not agree with some official Chinese policy - in other
words, a political "crime". That is apparently the price of their
doing business in China, but there are many who highly object on a
moral basis and claim that if giving personal information is the cost
of doing business in China, then the company should not operate there.

Apr 13 '06 #6
cwdjrxyz wrote:
Richard Cornford wrote:
At which point the people writing the browsers you have never
heard off, and would so assume are incapable of anything,
start spoofing browser IDs. We just end up back where we are
now, with lots of people wasting their time thinking about
browser IDs in the same way people have been wasting their
time assuming that user agent strings could be a source of
information.
Of course you are right. So the international agency that
assigns browser IDs would have to have the ability to enforce
the standards and heavily fine or otherwise penalize browser
writers who violate them.


That is fine so long as it cuts both ways and any web author who is
caught excluding a browser because it identifies itself is subject to
equivalent fines and penalties. Anything short of that and you are
inviting a browser monopoly that would not be in the public interest.

<snip> .... I am only talking about enforcement of technical
standards.

<snip>

Aren't you the 'cwdjrxyz' who blew his credibility in alt.html by
championing a content negotiation script that disregarded the mechanism
laid out in the HTTP 1.1 specification and actually failed so badly that
it would send XHTML to browsers that explicitly declared their rejection
of it:-

<news:11******* **************@ f14g2000cwb.goo glegroups.com>

I don't think I will have much regard for any assertions you may make in
favour of technical standards until after I have seen some evidence that
you follow them yourself.

Richard.
Apr 13 '06 #7
VK wrote:
Richard Cornford wrote:
... suggest a concrete example
and see if it can't be feature detected.


To not be nasty - but exclusively as a "burden of proof":

The current SVG Cairo ...

<snip>

That is not a concrete example, it is a hearsay report from the most
unreliable source available.

Richard.
Apr 13 '06 #8

Richard Cornford wrote:
cwdjrxyz wrote:
Richard Cornford wrote:
At which point the people writing the browsers you have never
heard off, and would so assume are incapable of anything,
start spoofing browser IDs. We just end up back where we are
now, with lots of people wasting their time thinking about
browser IDs in the same way people have been wasting their
time assuming that user agent strings could be a source of
information.


Of course you are right. So the international agency that
assigns browser IDs would have to have the ability to enforce
the standards and heavily fine or otherwise penalize browser
writers who violate them.


That is fine so long as it cuts both ways and any web author who is
caught excluding a browser because it identifies itself is subject to
equivalent fines and penalties. Anything short of that and you are
inviting a browser monopoly that would not be in the public interest.

<snip>
.... I am only talking about enforcement of technical
standards.

<snip>

Aren't you the 'cwdjrxyz' who blew his credibility in alt.html by
championing a content negotiation script that disregarded the mechanism
laid out in the HTTP 1.1 specification and actually failed so badly that
it would send XHTML to browsers that explicitly declared their rejection
of it:-

<news:11******* **************@ f14g2000cwb.goo glegroups.com>

I don't think I will have much regard for any assertions you may make in
favour of technical standards until after I have seen some evidence that
you follow them yourself.


I do not see what bringing up an unrelated reference to another group
has to do with this. You quote only one post in a very long thread. In
summary I use a php include to force a browser to accept true xhtml 1.1
if it reports it will accept it at all in the header exchange. It is up
to the browser maker to decide if they want to allow true xhtml using
the mime type for xhtml+xml or not. If they do not allow it then my php
include reverts to html 4.01 strict. If I did not do that, my pages
would not work on IE6! Thus I do not send xhtml to browsers that do not
indicate that they will accept it! In some cases the browser says it
will accept either the mime type for true xhtml or the mime type for
html. In some of these cases it says it prefers html. In that case I
have found that the common browsers that will accept both html and true
xhtml, but "prefer" html, work just fine if you force the xhtml path in
the header exchange. My guess is that some browser makers specify that
they prefer html just to be on the safe side. One should not confuse a
"preference " for the browser with the code that can be used to indicate
that preference in the header exchange, if a browser writer so wishes.
In addition a few lesser used browsers do not indicate what they will
accept in the header exchange, although they sometimes really will
accept true xhtml just as well as well as html. Apple's Safari comes to
mind here. In that case, I err on the safe side and use html 4.01
strict, because browser detection of some of these browsers is not safe
because they can spoof another browser.

I now have dozens of pages served as described above, and they all
validate perfectly as xhtml 1.1 or html 4.01 strict at the W3C
depending on what path is selected by the header exchange. Furthermore,
the pages work properly for the xhtml 1.1 or html 4.01 strict path
selected by the header exchange I use. You can see several such pages
by going to http://www.cwdjr.info/media/playersRoot.php .

Apr 14 '06 #9
VK

Richard Cornford wrote:
The current SVG Cairo ...

<snip>

That is not a concrete example, it is a hearsay report


You imply that I do not use SVG but just making up a problem? It is not
clear how did you come up to this conclusion - unless you think
yourselve telepathic.

Here is the feature detection block I'm currently using, and believe me
I did not make it just to post it here:

....
/**
* Feature detection block.
*/
/*@cc_on @*/
/*@if (@_jscript_vers ion >= 5.5)
if (document.names paces['v'] == null) {

document.namesp aces.add('v','u rn:schemas-microsoft-com:vml','#defa ult#VML');
}
SVL.UA = 'IE';
SVL.VL = 'VML';
@elif (@_jscript)
SVL.UA = 'IE';
@else @*/
if (document.imple mentation) {
if (window.opera) {
SVL.UA = 'Opera';
SVL.VL = 'SVG';
}
else if (document.imple mentation.hasFe ature('org.w3c. dom.svg', '1.0'))
{
SVL.UA = 'Gecko';
SVL.VL = 'SVG';
}
else if ((window.netsca pe)&&(window.ne tscape.security )) {
SVL.UA = 'Gecko';
}
else {
/*NOP*/
}
}
/*@end @*/
....

Apr 14 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.