Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's no longer possible to properly detect the platform version, so we shouldn't try to #160

Open
mbeijen opened this issue Feb 27, 2023 · 3 comments
Open

It's no longer possible to properly detect the platform version, so we shouldn't try to #160

mbeijen opened this issue Feb 27, 2023 · 3 comments
Labels
bug pull request welcome

Comments

@mbeijen
Copy link
Contributor

mbeijen commented Feb 27, 2023

Since about a year, all major browsers no longer properly show the platform they're running on to combat fingerprinting and to improve privacy.

See https://developer.chrome.com/articles/user-agent-client-hints/ and https://www.chromium.org/updates/ua-reduction/

As a result, a Windows 11 device will always show up as Windows 10 according to the user agent parsing in this module (and a Windows 10 device will also show up as Windows 10) and Mac devices will show up as running on 'macOS Catalina' while they might be running Monterey or Ventura.

Expected Behavior

If you want to manage your sessions, it can be confusing or even alarming to show sessions from 'windows 10' while you know for sure you only have devices running Windows 11. I would expect to see proper identifyable information

Current Behavior

On the latest releases of macOS or Windows, django-user-sessions shows incorrect information
For instance, on my recent Mac my user-agent is:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0

where sw_vers does not show 10.15 but rather 12.6 (Ventura)

% sw_vers
ProductName:	macOS
ProductVersion:	12.6.3
BuildVersion:	21G419

Possible Solution

We should limit the device information to show just 'macOS', or 'Windows', so there is no incorrect information displayed in the sessions overview

Steps to Reproduce (for bugs)

  1. Use a device on Windows 11 or macOS newer than Catalina
  2. Log in to a Django instance and navigate to /account/sessions or check the 'device' column in the sessions table
  3. Observe the incorrect information
@mbeijen mbeijen added the bug label Feb 27, 2023
@WhyNotHugo
Copy link
Member

Sounds like excluding versions would be best here. Are other browsers following suit here? Or should be do this only for Chrome/Chromium?

@urzbs
Copy link

urzbs commented Oct 16, 2023
edited

its still possible to detect the correct OS (depening on the clients browser), https://www.whatismybrowser.com/ will tell you that you are using windows 11.

they also write how it is detected (is called "client hints"). however i dont know how much coverage there is from browser developers.

Works with Chrome. (Does not work with Firefox).

i think the most consistent solution is to cut-off the version from the users display.

@mbeijen
Copy link
Contributor Author

mbeijen commented Oct 17, 2023

Sounds like excluding versions would be best here. Are other browsers following suit here? Or should be do this only for Chrome/Chromium?

Yeah, indeed it would be best to exclude the version and just show "Windows" or "macOS" or "Linux" or... instead. All major browsers have implemented these anti-fingerprinting measures (Chrome, Firefox, Edge, Safari)

@ataylor32 ataylor32 mentioned this issue May 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug pull request welcome
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mbeijen @WhyNotHugo @urzbs