© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
This bug is covering multiple interconnected suggestions. There are basically 3 different changes already suggested here:
1) Drop minor versioning
2) Drop Gecko build date
3) Use stable Firefox branding and versioning in development builds
As to each point:
#1:
I like the idea but I think it won't affect as much as it looks. Most people should ideally be on the latest minor update to their major version. Anything less than 100% update rate is a problem with our updating system, which includes users simply not doing it. This needs to be fixed, and simply exposing the progress is a side effect. As to detecting exploits, that can be done by simply trying them all and seeing what sticks. I don't think knowing what to shoot for is that big of a deal as things go. There's also other plenty of way worse things that need fixing before this will make any real difference (as noted).
Doing #1 would also break Mozilla Addons and would need some replacement detection method, as noted in comment 1. I don't think doing all of this is worth the effort. I can't argue that this wouldn't help fingerprintablity, but I am arguing that it's not necessarily the best way to go at this point.
#2 for stable builds:
No effect. The Gecko version, build date, and application version are all directly correlated. The build date is duplicate information that isn't needed, but it adds nothing to a fingerprint as-is.
#2 for branch/trunk builds:
Really helpful. With branch/trunk builds this date is really fingerprintable and getting rid of it would be great. Alpha/beta users get no real effect, as with stable.
#3:
Would help with some (but not all) non-stable UA sniffing problems, but not much else aside from the same effects of #1. I don't see too much of an improvement from betas claiming to be stable, and I imagine you might be able to find a way to get something to break. (i.e. site "supporting" a version as soon as an alpha is released, then breaking when stable comes out with no way to tell them apart) If you really wanted to you could probably figure out what things really are by feature detection for API changes in some instances. It's also a smaller population of users which means more fingerprintable though less widespread of an effect.