General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Validity of user agents for tracking.
One participant maintains that this is a viable method to track the browser and the OS used to access the website and that given a large enough population is useful in tracking the desired information. This participant did bring up that the user agent can be altered to indicate that a user agent and the associated information can be altered to something other than what is really being used, but also that such spoofing is relatively rare and statistically insignificant. The other participant that because of routing issues and spoofing UA based methods of browser and OS determination are only slightly better than useless.
This discussion grew from the Linux/Windows religious discussion.
This is a continuation of that discussion.
It is my position that even though UA's can be spoofed without difficulty they are a useful indicator of what OS and browser is being used. The reason for this is that spoofing is a method that, while not illegal, smacks of methods that criminal hackers/crackers use. It is so close to the border that in some US jurisdictions, such as Wisconsin, there is a very real possibility of finding criminal charges levied against you. I make no judgment as to how valid those charges would be, only that the possibility exists. I myself spoof my UA when needed; one such example is one bank I use supported only IE 6 and 7. Because I routinely use Linux as my prefered OS and we all know that Internet Explorer works with Linux, I have to spoof my UA presented by Firefox to indicate IE 6 or 7 on a Win 32 or 64 bit platform to access my account information. (The bank in question included FF as a supported browser when I presented these concerns and the news articles from WI. showing an ongoing criminal prosecution for UA spoofing.)
Is UA tracking by itself viable for the given purposes? No. However when used in conjunction with time expiring cookies this might be a viable method. UA strings survive proxies, unless the proxy is setup to strip the UA, or to spoof it. The reason is that when the web page finally returns to the originator, it needs to present the proper layout to the requesting browser. Sometimes funny things happen when you read a Safari layout in FF or IE 7. With my own website hosted by Yahoo Small Business Web Hosting, I track individual users, OS's and browsers with the UA string and time expiring cookies. It is a little more complex than simple cookie/UA tracking because I also use IP tracking to indicate whether the user is a unique IP. I then analyze this information to determine what browsers to support. For those concerned I only collect UA, OS, and IP information for the stated purpose; If I see a large number of repeated IP's I might do a reverse DNS to make a sales call, but so far have resisted the temptation. I also use this method as an experiment in tracking and blocking spam.
Can this method return spurious data? Certainly. One legitimate example would be were if several employees of a large viewing my website from the same server in a short time period. Could someone use proxies to obscure their IP? Certainly. There are many faults with this method, but I assert that for the purpose given it is a viable method.
What do you think?
Next contestant in "The Guess is Right," poleeaaase.