Posted by: kurtsh | May 6, 2010

NEWS: Internet Explorer 9.0 to trim the User Agent String

image This is kinda big news for a couple of reasons.  Internet Explorer 9.0 is not only shortening the User Agent String, it is doing so as the default offering to pages that one visits during an IE9 browsing session. 

Here is an example of what the User Agent String looks like from a IE8 browser vs. and IE9 browser:

  1. IE8 User Agent String:
    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Zune 4.0; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; MS-RTC LM 8)
  2. IE9 User Agent String:
    Mozilla/5.0 (compatibile; MSIE 9.0; Windows NT 6.1; Trident/5.0)

This is particularly interesting because this change improves overall performance by sending a shorter string to visiting end points that the browser connects to by transmitting less information for processing but additionally, many sites can’t digest long UA Strings so the information sent may be bounced by the destination causing a delayed response.  It also is claimed to improve interoperability and compatibility by eliminating version conflicts because IE9 will no longer send additions to the UA string made by other software installed on the machine such as .NET and many others.

What no one seems to have mentioned is how the User Agent String is used to identify you as a unique individual on the Internet.

image HOW THE USER AGENT YOU SUBMIT IS USED TO IDENTIFY YOU ON THE INTERNET
If you visit the web site http://panopticlick.eff.org/, you can very easily see how the user agent string from your computer identifies you on the Internet to web sites.  The IE8 User Agent String above for example is effectively my fingerprint on the Internet:  It’s actually EXTREMELY RARE.  So rare, that out of the 826030 users that have tried Panopticlick, I’m the only person with that exact string.

This is obviously disconcerting that something so simple as the browser capabilities of your machine can be used to identify you to web sites and effectively track you across things like advertising networks, such as Google’s "DoubleClick” which resides on millions upon millions of web sites, or “Google Ads” which is leverages by many blogs & information sources on the Internet.  Having a "unique user agent string” effectively allows people to track where you go, what you do, and collect all that information.

However the simplification of the User Agent String changes all of this – nullifying IE9 User Agent strings as a means of tracking users.

Posted in Uncategorized

«
»

Categories