[NoboruWataya]

I often think about this in connection with my user agent. I am sure it helps identify me. If I spoofed a Chrome/Windows UA that would probably be better from a privacy perspective. But if we all do that then web designers will never know that we exist. I want people to know there are Firefox and Linux users out there.

[kube-system]

Spoofed UAs are easily detected. And if you are spoofing your UA you are among a very small subset of users.

[godelski]

Easy to detect but companies are lazy. I remember when Netflix first worked for Linux on chrome but not Firefox. I changed my agent and was good to go. After some months I emailed them asking to lift the agent block. They assured me they weren't blocking by agent. I sent them screenshots. They doubled down. So I said ¯\_(ツ)_/¯ and just kept using the agent until they unblocked it

[kube-system]

Absolutely, but the parent was speaking about privacy. Access is a different story, because you can test different user agent strings, and immediately determine whether you get access. By contrast, you can't change a user agent string and readily determine whether or not you've broken someone's ability to track you.

[godelski]

My example of access is just a clearer example of laziness. Maybe they were tracking but it seems unlikely, right? If they were, why not block? Laziness is a much better explanation.

I can get feedback with access, I can't get feedback with tracking. That's why I mentioned access.

[kube-system]

They probably weren't tracking you, that was probably a case of directing a user toward a supported browser for customer support purposes. I would imagine that was a requirement in somebody's Jira ticket, solved with a few lines of code.

By contrast, tracking people on the web is a multibillion dollar industry, and there are out of the box commercial libraries that do very sophisticated tracking. None of these solutions rely on user agent string alone.

The vast majority of websites by count are not doing anything sophisticated. But some are.

[godelski]

The announcement came with the claim about DRM. So I believe there was some "legal" issue about it. I'm also sure they didn't actually care that much.

  > By contrast, tracking people on the web is a multibillion dollar industry

Of which Netflix is a part of.

  > The vast majority of websites by count are not doing anything sophisticated. But some are.

And this is my point. Somewhere like fingerprint.com is trying to use all the tools available. But most places aren't. Facebook and Google? Sure, I buy that. But mentioning that many places are lazy is not the same thing. It is a game where we can't win completely and we still need to let people know that small gains are still meaningful. A major problem we face with privacy is that people feel so powerless that it is useless to fight back. But that's not true. Just because your bulletproof vest doesn't stop a missile doesn't make it useful. A bulletproof vest that only stops small caliber is still better than no vest, since most shots are small caliber. Pareto is still alive and well here.