[Rygian]

Now that you mention malice, here's a smoking gun, from the linked bug report:

> (it's not an issue with Firefox's implementation. This can be demonstrated by spoofing the useragent as a Chromium-based browser and attempting the same login flow […]).

[toomuchtodo]

File an FTC complaint. This is potentially anti competitive behavior with a digital paper trail. Microsoft will ignore randos, so engage a regulator. Include the bugzilla post link in the complaint.

https://reportfraud.ftc.gov/

[jacquesm]

Microsoft and uncompetitive behavior? No way!

[heavyset_go]

Same thing goes with your state's AG and Microsoft's AG.

[bscphil]

I don't think this is a smoking gun at all, because we don't know the story of why the difference in behavior was implemented. What not-infrequently happens is that Firefox is late to add support for some new web standard, so sites gate their usage on the user agent (which indicates that they actually bothered to test on Firefox!), and then it takes time for them to get around to removing the check after Firefox adds support.

In fact it's not completely unlikely that that is what happened here. Firefox still has incomplete support for the web authentication API [1], and in particular FIDO2 devices did not work if a PIN is set until Firefox 114 - only a few months ago! I'm not sure if this could be related, but Firefox also still does not support passkeys [2], so I'm sure someone will get blamed for anti-competitive behavior for that at some point.

[1] https://caniuse.com/webauthn

[2] https://caniuse.com/passkeys

[Rygian]

That's a plausible explanation.

If Microsoft solves the issue within the next 30 days, I will consider that you were right.

"30 days" is an arbitrary extension of the timeline for something that was reported 4 months ago to Microsoft, and should have been already fixed.

[dymk]

Smoking gun is a leaked memo indicating the behavior is meant to break Firefox in this specific way

[swells34]

How is that a smoking gun indicating malice?

[Rygian]

Changing behavior based on user agent is necessarily intentional on the part of Microsoft.

That check lies somewhere along the line between "having the direct goal of breaking authentication flow (pure malice)" and "is a completely legitimate programming error (pure incompetence)."

I am not ready to assume pure incompetence (and here's where I might be wrong).

[eNV25]

It means that the website doesn't work in Firefox intentionally. The website was proframmed to not work with Firefox user agent string.

[13of40]

Is firefox blacklisted or are chrome and edge whitelisted?

[swells34]

Ah I see, I thought the parent poster meant malice on the part of Mozilla, got confused by bouncing between comment threads. I could see malice, since it is Microsoft, but what's the "why" of it? I don't really see any motivation that M$ would have to block Mozilla, all it's going to do is piss off users. It's not like people are gonna get fed up and switch to Edge, they'll get fed up and switch to Chrome. If anything, M$ has a great incentive to improve Firefox adoption. The market that uses FF is the same market that is never going to choose Edge. FF and Edge both have a much better position if they can damage Chrome's market share.

[Rygian]

The cynic in me says we will understand the motivation in some antitrust trial one of these years.

[DoctorOW]

Because it is not a bug or mistake in the code but a deliberate loss in functionality based only on the name of the browser.