Opened 4 months ago

Last modified 4 months ago

#29866 new defect

TBA: "Request desktop site" should use desktop Tor Browser user agent

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile
Cc: antonela Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With the desktop site option enabled, the user agent is "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0".
Replacing the X11/Linux part with the Windows one might cause issues on some sites, but I don't think it's expected for sites to work better with it in anyway, so it should be repurposed as a "blend in with desktop TBB users" button (maybe the option name should be changed to something along those lines, too.)

Child Tickets

Change History (2)

comment:1 Changed 4 months ago by sysrqb

Cc: antonela added

Somewhat related, if we ever enable Sync on Android, then we'll need a solution for #26982 as well as ensuring the java-based network connections and the Necko-based networks use the same UAS.

For this bug, I agree Tor Browser should use the standard resistFingerprinting UAS when the "Desktop Site" is requested. I don't think many (most?) Tor Browser users really know their requests when using an Android device are distinguishable from a request coming from a desktop platform (because the-web), so changing the menu option may be more confusing. I'm adding antonela because it is something to consider/think about for the future, especially around use testing.

Tweaking the UAS is an easy fix: https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/chrome/content/browser.js?h=tor-browser-60.6.1esr-8.5-1#n3350

comment:2 Changed 4 months ago by cypherpunks

I don't think many (most?) Tor Browser users really know their requests when using an Android device are distinguishable from a request coming from a desktop platform

That's a pretty important detail.
Perhaps the option could be moved to the "Security Settings" menu (and made persistent) instead, or it could even be automatically activated when using the "Safest" security level? Though I'm not sure if that would complicate things with Torbutton.

Note: See TracTickets for help on using tickets.