search

browser-update / browser-update

Remind users to update their browser in an unobtrusive way
http://browser-update.org
MIT License
377 stars 82 forks source link

Add Waterfox support - it's very recent & up to date #397

Closed RealRaven2000 closed 6 years ago

RealRaven2000 commented 6 years ago

Waterfox 56.2 is a 64bit clone of Firefox and is up to date regarding security fixes from m-c. I have switched over because I am a legacy Add-on developer and my Firefox Extensions are hard (Zombie Keys) or impossible (Menu on Top, QuickPasswords) to port to web extensions, as there are currently no sufficient UIs that give the privileged access required. As you know Firefox Quantum dropped XUL & XPCOM support for extension developer.

My User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

josselex commented 6 years ago

Interesting. A few questions regarding this:

2018-05-23 11:33 GMT+02:00 RealRaven2000 notifications@github.com:

Waterfox 56.2 is a 64bit clone of Firefox and is up to date regarding security fixes from m-c. I have switched oveer because I am a legacy Add-on developer and my Firefox Extensions are hard (Zombie Keys) or impossible (Menu on Top, QuickPasswords) to port to web extensions, as there are currently no sufficient UIs that give the privileged access required.

My User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/browser-update/browser-update/issues/397, or mute the thread https://github.com/notifications/unsubscribe-auth/AIErKhSm7LMvaIF3kC2PewzE8xDq5o3Uks5t1SzrgaJpZM4UKGRo .

josselex commented 6 years ago

With the user-agent string you supplied, we cannot distinguish Firefox from waterfox... Is this the real user agent string of waterfox?

2018-05-23 13:11 GMT+02:00 Thomas Hümmer jossele@gmx.de:

Interesting. A few questions regarding this:

  • Will the browser be supported on window xp and vist beyond august 2018?
  • Does it have an auto-update feature?
  • Will the rendering engine be improved or will it be stuck at the gecko version of Firefox 56?

2018-05-23 11:33 GMT+02:00 RealRaven2000 notifications@github.com:

Waterfox 56.2 is a 64bit clone of Firefox and is up to date regarding security fixes from m-c. I have switched oveer because I am a legacy Add-on developer and my Firefox Extensions are hard (Zombie Keys) or impossible (Menu on Top, QuickPasswords) to port to web extensions, as there are currently no sufficient UIs that give the privileged access required.

My User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/browser-update/browser-update/issues/397, or mute the thread https://github.com/notifications/unsubscribe-auth/AIErKhSm7LMvaIF3kC2PewzE8xDq5o3Uks5t1SzrgaJpZM4UKGRo .

RealRaven2000 commented 6 years ago
  • Will the browser be supported on window xp and vist beyond august 2018?

I am not sure, good question for the author; I know that he is regularly updating the project, not sure if it is in sync with the Firefox ESR cycle

  • Does it have an auto-update feature?

Yes, it does. It was just one or two weeks ago. See: https://blog.waterfoxproject.org/waterfox-56.2.0-release-download

  • Will the rendering engine be improved or will it be stuck at the gecko version of Firefox 56?

Again, I do not know. It shouldn't be impossible to merge in browser components without losing XUL / XPCOM compatibility, but sure he will need some community help for it. It does support e10s, but some of the Add-ons can currently block it (I will have to rewrite mine as well because of the added barrier between chrome and content; but with Fx quantum this would have been pointless as they also denied accessing XPCOM for us)

With the user-agent string you supplied, we cannot distinguish Firefox from waterfox... Is this the real user agent string of waterfox?

I left a comment on: https://github.com/MrAlex94/Waterfox/issues/178 and recommended adding Waterfox for website browser detection.

Peacock365 commented 6 years ago

Will the browser be supported on window xp and vist beyond august 2018?

Waterfox in its most current iteration (version 56) does not support XP and Vista. Support won't be coming back in the future.

With the user-agent string you supplied, we cannot distinguish Firefox from waterfox... Is this the real user agent string of waterfox?

Yes, that's its real user agent. It is used because some websites discriminate against minor browsers via the user agent string, this leads to websites breaking when they don't have to.

Will the rendering engine be improved or will it be stuck at the gecko version of Firefox 56?

It won't be stuck at this Gecko version. Next version will be based on Firefox 60 ESR according to @MrAlex94 (the Waterfox developer).

grahamperrin commented 6 years ago

An experimental string:

Mozilla/5.0 (X11; FreeBSD amd64; rv:56.2.0) Gecko/20100101 Firefox/56.2.0

– yields the following result:

2018-05-31 08 54 29 waterfox

Your web browser (Firefox 56.2) is out of date. …

Rationale for this experimental string

From https://github.com/burocratik/outdated-browser/issues/294#issue-328030113:

Truly there will never be a Firefox 56.2.0.

The distinction might allow services such as http://outdatedbrowser.com/ and Browser-Update.org to be enhanced; maybe to associate Firefox/56.2.0 with Waterfox (not with Firefox) and recognise Waterfox 56.2.0 as current.

Meta, tracking: (LIST) Waterfox issues yet unresolved. · Issue #538 · MrAlex94/Waterfox

Peacock365 commented 6 years ago

@grahamperrin:

Changing the user agent string to contain the value Firefox 56.2.0 is extremely bad advice. Why? Because it will raise awareness for Waterfox (as you said) and will thus make fingerprinting easier. You will not benefit in any way from this either, as the browser is still going to be identified as "outdated" (as websites only check for the major version number, which would still be 56!). Also, it doesn't reflect higher web standard compatibility (a reason for raising the number in the user agent string), as the web standard support of Waterfox 56 and Firefox 56 is the exact same, Waterfox is just a security-patched version of said Firefox.

The user agent string is as it is because it doesn't raise awareness for Waterfox (which would ease fingerprinting) and because websites are no longer complaining that a browser outside of the major five (Chrome, Firefox, IE/Edge, Safari, Opera) is used.

Hence why this is not an issue, and is completely misplaced in: https://github.com/MrAlex94/Waterfox/issues/538

RealRaven2000 commented 6 years ago

But having Waterfox pretend to be an outdated version of Firefox will eventually gatekeep Waterfox users out of websites who insist on their visitors using only up-to-date browsers (usually government & official sites). Why can't an "up to date version of Waterfox" be added? Should we fake our UA and just lie about the version number to stay in sync with the real Firefox?

Peacock365 commented 6 years ago

But having Waterfox pretend to be an outdated version of Firefox will eventually gatekeep Waterfox users out of websites who insist on their visitors using only up-to-date browsers (usually government & official sites).

Agreed. However, the suggestion to use Firefox 56.2.0 won't fix this, as website will just be checking the major version number (version 56), and still present a message saying the browser is outdated. Plus it would raise awareness of Waterfox in a negative way, i.e. fingerprinting.

Why can't an "up to date version of Waterfox" be added? Should we fake our UA and just lie about the version number to stay in sync with the real Firefox?

It's not a lie, mate. The web standard support of Waterfox 56 and Firefox 56 is 100% same. Waterfox 56 is Firefox 56, just in a security-patched way. Much like Firefox ESR 60 is Firefox 60.0, just in a security-patched way. Notice how Firefox ESR and the standard Firefox release of the same version don't have different user agent strings either? Firefox ESR 60 identifies as Firefox 60.0, regardless whether or not it has received security updates, e.g. Firefox ESR 60.0.1 - it's still Firefox 60.0...

The only problem I see with Waterfox's current user agent string are the "outdated" messages. This could be fixed by Waterfox identifying as e.g. Firefox 60.0. But using Firefox 56.2.0 is not going to fix the "outdated" messages + it's going to raise fingerprinting dangers by identifying as a mainstream browser version number that never existed (and which Mozilla wouldn't use either if that version indeed existed, see my release - ESR comparison).

Peacock365 commented 6 years ago

@grahamperrin

The downvoting lunacy again, you already did that here: https://github.com/MrAlex94/Waterfox/issues/545

If you...

...want to change the user agent for better fingerprinting. ...want to change it for no reason, because web standard support hasn't changed compared to Firefox 56. ...want to change it in order to fix the outdated browser problem, despite it not being a viable solution.

By all means, go ahead with it. Nobody is stopping you. No need to downvote me. This is pretty embarrassing, pal. Why, oh why do I have to put up with people like you? This is online troll behavior, plain and simple.

Aaaaand... there is the downvote for me pointing out the downvoting lunacy on your part. The irony is strong with this one.

RealRaven2000 commented 6 years ago

Just to clarify when I asked "should Waterfox lie" I meant souks we pretend to be version 60? Or will this break some websites because they serve outdated ECMAscript? I am interested because I have written several Addons (and maintaining over 10 years) that manage to be backward and forward compatible worth a window of usually 2 to 3 years. Firefox Quantum forbidding XPCOM access was the biggest disappointment in their existence because it took away the single most useful feature of all existing browsers: fully privileged Addons. Unfortunately Thunderbird will eventually follow suit which will leave 10,000s of my users or in the rain if I can't find the time to patch in tons of API code for replacement. Painful times ahead. In light if that a message like "your browser is outdated" adds insult to injury.

josselex commented 6 years ago

Hi,

I now whitelisted Waterfox by looking for "Firefox 56.2" in the user agent string. A few notes from me:

Please move the discussion of the Waterfox github page.

Peacock365 commented 6 years ago

@josselex

Just wanted to point out some things in relation to your last comment:

Please add a an explicit name of the browser to the user agent string. (...)

This was the case before it was decided to delete the Waterfox part of the string. Many sites still discriminate against minor browsers if their user agent string differs even a little from the major ones. You mentioned Vivaldi - it faces the exact same problem.

I cannnot recommend Waterfox for users if it will be stuck at the base of firefox 56 forever since sites may require newer technologies.

As I already said above, it will be rebased on FF ESR 60 soon. So no, it won't be stuck at ver. 56.

I now whitelisted Waterfox by looking for "Firefox 56.2" in the user agent string. A few notes from me:

No point in that, the next Waterfox version is likely going to be 56.3, so you would have to change that anyway when it arrives. Plus there are no plans to change the Firefox user agent string at this point, I suppose, for fingerprinting reasons.

Nota bene: I wonder how you'll deal with Firefox ESR 60 once Firefox 61 is out, considering that FF ESR 60 will have the exact same user agent string like Firefox 60.0. How are you going to identify this ESR version? Same trouble as with Waterfox.

Peacock365 commented 6 years ago

@RealRaven2000

Just to clarify when I asked "should Waterfox lie" I meant souks we pretend to be version 60?

This would still be better tan "Firefox 56.2" I suppose, and would actually fix the "outdated" messages.