Board index » javascript » Should UA string spoofing be treated as a trademark violation?

2006-04-15 10:14:25 AM
cwdjrxyz wrote:
Score adjusted
PointedEars
--
If one person calls you a donkey, laugh at them; if several people do, who
write quite reasonable articles most of the time, you better find yourself
some green pastures to graze. -- saying in de.ALL (translated)
-

cwdjrxyz wrote:
Score adjusted
PointedEars
--
If one person calls you a donkey, laugh at them; if several people do, who
write quite reasonable articles most of the time, you better find yourself
some green pastures to graze. -- saying in de.ALL (translated)
-

VK wrote:
look at the post history of some of the trolls responding to this
thread, and you will see that they treat everyone in the same rude,
troll-like way. The best tactic likely is just to ignore them. Most see
them for what they are.
Since some of the trolls appear to have far too much free time, as
indicated by their many and often extremely long and rude posts to this
group and others, perhaps they need something more productive to keep
them busy and to avoid boredom. Since several appear to be in the UK, I
would like to suggest a useful project for them. The Queen has a web
site at www.royal.gov.uk/output/Page1.asp . Of course the Queen
would hire someone to write her pages. If you take the noted url to the
W3C validator, you find many errors, including some javascript ones. It
would seem the Queen should deserve a site that validates perfectly.
Perhaps some of the UK trolls could correct the code in the site and
contact a member of the royal household staff to explain the problem
and how it could be corrected. The Queen appears to be a very nice and
polite lady in her public speeches. Usenet trolls could benefit greatly
by studying the Queen's speeches in details.
-

VK wrote:
court is quite another matter.
I am not a lawyer, but as anyone with a business that sells products it
designs and makes itself, I have an interest in knowing about trademark
and copyright law as applicable in my own jurisdiction. In regard to
trademark, the primary question is whether its use will confuse
consumers into thinking a product is from one company when in fact is is
from another. A case in point is Apple Corps and Apple Computer, though
there are aspects of that case related to the logo also.
The second issue is the damages that might arise - loss of sales because
consumers bought the 'wrong' product, leveraging another company's good
will, loss of reputation because the second company's faulty products
reflected on the first, and so on.
In regard to user agent spoofing, I don't think any of the above can be
shown. Consumers don't identify browsers by looking at the UA string,
so it can't be a factor in their decision of which browser to use. If
you can't prove that, end of case.
A more tenuous link could be shown if certain user agent strings were
required to make sites work properly (the original reason for doing it).
It might then be shown that this has some effect on consumer choice, but
the obvious conclusion here is inappropriate discrimination by the site.
The UA has the defence of acting as it did to overcome that
discrimination. To go further and try to link it back to trademark
violation is a very long bow to draw.
browser to use.
--
Rob
-

Richard Cornford wrote:
"iframe shim" behind a DIV.
In IE on windows, as I'm sure you know, select lists and other controls
always render on top of other elements, regardless of z-index values. This
is commonly solved by placing an empty iframe behind the element, which
effectively blocks the control from showing through.
This problem only applies to IE on Windows. While there doesn't seem to be
any problem with adding the iframe for other browsers, it would ideally not
be done if not necessary.
What feature-detection could be used to determine the need for the iframe
shim?
It would be possible to feature-detect other things that are known to exist
only in IE on Windows, but it's generally not a good practice to infer
feature X based on the existence of feature Y.
Thoughts?
--
Matt Kruse
www.JavascriptToolbox.com
www.AjaxToolbox.com
-

Matt Kruse wrote:
...
/*@cc_on @*/
/*@if (@_jscript)
var fixNeeded = true;
@else @*/
var fixNeeded = false;
/*@end @*/
It is possible to imagine that some UA producer will implement exactly
the same pre-processor and instruct it to tell that it is Internet
Explorer running JScript.
It is possible - but this already goes beyond the power of any
developer - and beyond any acceptable behavior.
And "semantically" :-) it is not a "yaky UA sniffing". I do not sniff
anything: I just place a piece of code and let it to be executed by any
UA capable to handle it (ignored otherwise).
With SVG programming I still need more UA sniffing because Opera and
Gecko SVG implementations are too different in some important aspects
to treat them equally. Here the biggest challenge was from Opera: this
browser became really determined to be undetectable out of IE. As soon
as some feature check was found, they cover it by a bogus "cork" in the
next upgrade. I really was running out of ideas until I found
windows.opera object (where they keep their a la GreaseMonkey
functions). The only thing bothers me now in my nightmares :-) that if
some new wannabe bastard desides to pretend to be Opera rather than IE
or Gecko. I tranquilize myself by thinking that it's highly doubtful -
though yet possible.
-

VK wrote:
occur on Mac.
--
Matt Kruse
www.JavascriptToolbox.com
www.AjaxToolbox.com
-

Matt Kruse wrote:
/*@cc_on @*/
/*@if (!@_mac)
var fixNeeded = true;
@else @*/
var fixNeeded = false;
/*@end @*/
Alternatively:
/*@cc_on @*/
/*@if (@_win32)
var fixNeeded = true;
@else @*/
var fixNeeded = false;
/*@end @*/
(I guess it is secure to disregard a possibility of Windows 3.x ;-)
You need JScript.Net check maybe?
/*@cc_on @*/
/*@if (@_jscript_version>= 7)
var lang = 'JScript.Net';
@elif (@_jscript_version < 7)
var lang = 'JScript';
@else @*/
var lang = 'JavaScript';
/*@end @*/
To not run over and over :-) here are all conditions you can check:
@_win32
True if running on a Win32 system.
@_win16
True if running on a Win16 system.
@_mac
True if running on an Apple Macintosh system.
@_alpha
True if running on a DEC Alpha processor.
@_x86
True if running on an Intel processor.
@_mc680x0
True if running on a Motorola 680x0 processor.
@_PowerPC
True if running on a Motorola PowerPC processor.
@_jscript
Always true.
@_jscript_build
Contains the build number of the JScript scripting engine.
@_jscript_version
Contains the JScript version number in major.minor format.
Enjoy!
-

RobG <rgqld@iinet.net.au>writes:
IE6's user-agent string (on my computer) is:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215)
The initial Mozilla/4.0 is a spoof of Netscape 4. The remaining data can
be used to discover that it actually isn't Netscape 4 by servers that
know what to look for, while those that don't know will be spoofed.
Most people have forgotten that this is how, and where, spoofing started :)
FireFox's is:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
It claims to be Mozilla/5.0, which it isn't. It's perhaps acceptable, since
it's in the general family of browsers reporting that name.
I don't remember what Opera's default is any more. It used to be an
IE-spoof. Mine is set to report as Opera, and I only very rarely have
problems with that (I still spoof for MSDN)
(And, also IANAL, I agree on the arguments against it being trademark
violation)
/L
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
-

"VK" <schools_ring@yahoo.com>writes:
in Opera since the earliest Javascript capable Opera browsers.
annoying programmers that refuse to let pages work on them, even
though they implement all the features that are needed. As long as
programmers use browser detection as a white-list of browsers that are
allowed to work on their page, browser makes will try to prevent their
browser from being excluded (usually for no good reason).
If the programmers used feature detection instead, then they won't
need to know what browser it is, only what features are available. A
completely new but feature complete browser would work with old pages
then. Using browser detection as a white-list, it would be
unnecessarily excluded.
/L
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
-

Lasse Reichstein Nielsen wrote:
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; en) Opera 8.54
(with different OS and language of course for different users)
I presume it currently holds the record of spoofing :-) by claiming
three browsers at once. At least they mention the real one now (Opera)
too but AFAIK it is a rather recent improvement.
it cannot draw VML graphics, initialize ActiveX objects and use
behaviors. I understand that it is always possible to serve some
generic all-in-one script to sniff the real situation client-side and
act accordingly. But since when server-side content preparation became
an illegal technique? It is very often that the requested page doesn't
exists at all - but being prepared out of raw data per call.
-

VK wrote:
So far as I know, it does not use actual ActiveX (unless you add
unofficial plugins that float around from time to time), and Opera has
been very anti-ActiveX, at least in the past. Yet, for the last few
upgrades, Opera will run the WMP9 and 10 media player if you use only a
Microsoft ActiveX object to code for the media playing. I have no idea
what Opera is doing to get this to work - hopefully someone knows. Of
course there have been ActiveX plugins for the WMP only for Netscape,
Mozilla and Firefox in the past, but you had to download them, and the
mentioned browser writers tended to discourage this. The reason for an
ActiveX plugin for the WMP is that some only write for IE using an
ActiveX object and do not bother to write a path for most other
browsers that do not come with ActiveX.
Since I work with quite a bit of media, I have noted something else
interesting at the server of my host. You of course get records of the
user agent for visiting browsers. However these days you often get a
record of the visit of a player, such as the WMP, Real, etc. Actually
some of the modern media players are now running about 3 times the byte
size of a small browser such as Opera or Firefox. Part of this
complexity is due to inclusion of new features for selling and
protecting media.
-

"VK" <schools_ring@yahoo.com>writes:
Yep, Opera 3.62 reports:
Mozilla/4.0 (Windows NT 5.1;US) Opera 3.62 [en]
i.e., spoofing Netscape 4 to the uninitated, but revealing itself to be
Opera to those who knows that it exists.
Still, that should be handled by content negotiation, not feature
inference from the user-agent string. It wouldn't have been spoofed
to begin with, if people hadn't abused it.
that can understand it, just because they don't recognize its name,
have made the bed they now lie in (if that's an idiom in English).
/L
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
-

onlymyself33@netscape.net wrote:
Richard, Michael, or Lasse, as those people are in fact invaluable
contributors to this newsgroup, who have made their points well.
While "cwdjrxyz" and the like are not at all, and they have not.
trying to come up with (for some people hard) technical facts; not some
cuddle script-kiddie Web forum, its members telling you what you want to
hear, that you may be used to. If you can't stand the heat, stay out of
the kitchen.
<URL:jibbering.com/faq/>
Score adjusted
PointedEars
-

Lasse Reichstein Nielsen wrote:
-

Lasse Reichstein Nielsen wrote:
Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/XX (KHTML, like
Gecko) Safari/YY
And on Intel:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/XX (KHTML,
like Gecko) Safari/YY
<URL:developer.apple.com/internet/safari/faq.html>
where XX and YY are appropriate version numbers. With the debug menu
enabled, it takes a second to change it to any of a number of strings,
including Netscape 4, 6, 7, IE 5 Mac, IE 6 Windows, even Konqueror 3.
There is still one site that, when I log in, reports:
"This site is not optimised for Netscape 6. We recommend
you use Microsoft Internet Explorer Version 6.0 or
Netscape 4.77 or 4.78."
I ignore the warning and everything works as expected.
Stumbled across this site that appears to have a fairly exhaustive list
of UA strings:
<URL:www.pgts.com.au/pgtsj/pgtsj0208c.html>
--
Rob
-

Lasse Reichstein Nielsen wrote:
backups. In case anyone needs the information for several other current
browsers in 2003, I can provide that also. The information was obtained
on a Windows XP OS.
______________________________________________________________________
Opera 7.21
appCodeName=Mozilla
appMinorVersion=
appName=Microsoft Internet Explorer
appVersion=4.0 (compatible; MSIE 6.0; Windows NT 5.1)
userAgent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.21
[en]
vendor - NN6 up only=undefined
vendorSub - NN6 up only=undefined
document.all object support=true
getElementById object support=true
java support=true
Height=768
Width=1024
Available Height=738
Available Width=1024
Color Depth=32 bit
innerWidth=1022
innerHeight=584
clientHeight=584
clientWidth=1022
language for NN & Opera=en
language for IE & relatives=en
IE4 browser language or IE5 up op. sys.lang=en
Presistent cookies enabled?=true
CPU Class(IE4+)=undefined
On Line(IE4+)?=undefined
Operating System(NN6+)=undefined
Platform=Win32
Product Name(NN6+)=undefined
Product Version(NN6+)=undefined
Operating System Language(IE4+)=undefined
User Profile(IE3+)=undefined
document.body.clientWidth object support=true
document.body.clientHeight object support=true
document.body object support=true
window.innerHeight object support=true
_____________________________________________________________________
-

RobG wrote:
Mozilla
KDE
Gecko
Safari
I just love this part: "like Gecko" - what a hell does it suppose to
mean? Almost but no sigars? That sustains my old idea that some UA
strings are being prepared under sever toxic influence.
Now if would be cool to see the Konqueror string. To become the winner
it should be now something like "(KHTML, like Safari) close to Gecko
almost MSIE".
:-)
-

"VK" <schools_ring@yahoo.com>writes:
occurence of the string "Gecko" in the user-agent string before
allowing browser to use their site. An again they got what they asked
for.
cops an robbers - every time someone tries to use the user-agent
string inappropriately, the browser makers change it so that their
browser still matches.
/L
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'
-

VK said the following on 4/16/2006 4:27 PM:
I would go for this logic if new browsers would be *exact* functional
equivalents of UA's they are spoofing.
Stop trying to determine the UA and start testing for features and that