main/postmarketos-ui-{gnome,phosh}: less revealing epiphany user-agent
EDIT: old text below, after discussion, this MR isn't using a tor browser / firefox user agent, but a chrome on pixel (webkit) one, Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.96 Mobile Safari/537.36
.
Make it less trivial to fingerprint users of the epiphany browser on postmarketOS, by replacing the postmarketOS specific user-agent with the current user-agent from Tor Browser for Android.
Old:
Mozilla/5.0 (postmarketOS device, like iPhone; X11; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0 Safari/605.1.15 Epiphany/605.1.15
New:
Mozilla/5.0 (Android 6.0; Mobile; rv:68.0) Gecko/20100101 Firefox/68.0
The new user-agent is much harder to fingerprint, as it has less specific versions, and is therefore used more widely:
- "Android 6.0" (always used on Android, not matter what the actual Android version is)
- "rv:68.0" and "Firefox/68.0" is only changing the major version, never the minor version (verified on Android with a current Tor Browser 68.10)
- Gecko/20100101: doesn't seem to get updated much either - 2010 was ten years ago.
The only downside is, that epiphany pretends to be firefox now, which is just about the only browser that is not using some webkit fork as their browser engine, but their own thing. I thought about using a webkit/blink user-agent and researched chrome, webview and safari user agents. But there is no nice generic one that we could use, where the versions don't change often. Oftentimes, the device name is even included.
Websites are supposed to not rely on the user agent to guess what features a browser supports, but instead use proper feature detection APIs. At least modern websites appear to do that, so I think this is a good trade-off.
Related:
- https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
- https://gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h?h=tor-browser-68.10.0esr-10.0-1
- https://developer.chrome.com/multidevice/user-agent
- https://webaim.org/blog/user-agent-string-history/