4

The User Agent used by some sites (e.g. banks) to block old browsers is a little out-of-date and doesn't always reflect the system.

On my Mojave, Catalina, and Monterey systems, it announces itself as Intel Mac OS X 10_15_7 and Safari 16.2 even though I downloaded the version of Orion specific to each OS and the included WebKit is newer than the WebKit included with 16.2. This causes some sites to reject access claiming my browser is too old even though the included WebKit is actually newer than the WebKit included with versions of the browser they do accept.

FYI, the two most common sites I see used to check a browser version via User Agent are:
https://www.whatsmybrowser.org
https://www.whatismybrowser.com

I defer to others whether it makes sense for Orion to promote itself by default or match Safari's. However assuming the latter I recommend the User Agent string match the latest version of Safari that doesn't have a newer WebKit. For example, if a version of Orion is using WebKit 618.1.2 then perhaps match to Safari 17.3.1 as it appears Safari 17.4 is using 618.1.15. On the other hand if a version of Orion is using WebKit 619.1.1 then match to Safari 17.4 until a newer version of Safari comes out.

Then as far as announced OS version, I would match the actual OS version unless doing so creates risks around fingerprintering or OS-specific attacks. If not using the actual version is done deliberately to avoid fingerprinting, etc, I would at least pick a newer of the OS to project. For example, when pretending to be Safari 17.4 as above, project Monterey since that is the lowest version of the OS that can run Safari 17.4.

In the meantime, I just manually set my own Custom User Agent along these lines and made it the default so just suggesting this change to the default for other users.

Version 0.99.127-rc (WebKit 619.1.1)

Mojave (10.14)

  • Vlad replied to this.

    bzgnyc Can you give concise summary of what needs to be changed?

        I recommend updating the default (and I suppose Safari-specific) User Agent string with each update that includes a WebKit version update.

        For example, the latest Orion 99.127 (Beta or RC) reports the following on both my Mojave, Catalina, and Monterey systems (using the Orion downloaded with the OS-specific links):
        Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15

        In Orion, I recommend matching the default (and Safari-specfici) User Agent strings to match the latest version of Safari with a similar but not newer WebKit. For example on Monterey with Safari 17.4, this is:
        Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15

        Just to be clear I not suggesting updating the WebKit versions as I understand for whatever reason Apple, etc decided to fix those at some point in the past and report the same 605.1.15 version of WebKit regardless of whatever the reason version of Webkit is behind the scene. I am just suggesting updating the # after the "Version/".

        Optionally, also update the listed OS to the actual OS:
        Mozilla/5.0 (Macintosh; Intel Mac OS X 12_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15

        I can't say whether the last one is a good idea and defer to others. As above, the latest Safari on Monterey still reports the OS as Catalina in the OS portion of the User Agent string. Maybe reporting the exact OS version is giving away too much information as far as fingerprinting or OS-specific attacks.

        FYI, one site says that Safari 17.3.1 on Sonoma reports this User Agent string:
        Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15

        However, I can't verify that one way or another at the moment.

        Finally please note I am assuming this is just updating a few strings or resources and/or minor modifications to the code. If for some reason this translates into a whole thing, kill it. Not worth a big investment in time.

        • dino replied to this.

          bzgnyc we will need to folow Safari UA exactly as Safari uses, like even on latest Sonoma Safari and STP's UA still says Mac OS X 10_15_7 and same for WebKit version 605.1.15 because there's some reason

          • Keeping consistancy accross all macOS versions
          • Fingerprinting and privacy I guess

          Related reason can be found here
          https://bugs.webkit.org/show_bug.cgi?id=216593

          However, we will update Safari version to match latest Safari UA

              dino Thanks that makes sense. I had heard something about reported WebKit version being permanently fixed and was guessing something similar as far as the OS. Updating the Safari version to match the latest that use a similar WebKit (e.g. 17.4 these days) works for me.

                6 days later

                Confirming all looks good with Version 0.99.127.2-rc (WebKit 619.1.1) Build date Apr 4 2024

                No one is typing