Then the ideal would be to normalize the user agent string to look identical on every platform. My point is: they can't do that. e.g. A linux machine identifying itself as windows would be spotted immediately. Instead, they have to reduce entropy by bucketing you according to your device/OS/arch.
I don't think there is a point there. In case of the Tor browser, they use the user agent to blend in, so they are not a good candidate to do anything about how stupid the user agent is.
It's the current heavyweights who could change it for the better: Google and Apple. If either introduced a major change in how they present the user agent, websites would be very quick to adapt (if they need to in the first place...), or else. Otherwise, no change will happen - and I think this will be the case, same as with the HTTP "Referer" (misspell of "referrer").
Fun fact, non-browsers actually have much nicer user strings. I run an internet radio, and there is a lot of clients like
Linux UPnP/1.0 Sonos/85.0-64200 (ZPS1) Nullsoft Winamp3 version 3.0 (compatible)
> In case of the Tor browser, they use the user agent to blend in, so they are not a good candidate to do anything about how stupid the user agent is.
No. They don't use it to blend in. If they wanted to blend in they would be modifying every platform's user agent string to look like Windows x86_64 or something. They don't do that because there's no way they could possibly get away with it.
Instead, they're resigned to simply censoring the minor version number of the browser to reduce entropy.
> Fun fact, non-browsers actually have much nicer user strings. I run an internet radio, and there is a lot of clients like
And those tools will get blocked by various CDNs for not having a browser user agent string, not having a browser-like TLS handshake, etc. This is why projects like curl-impersonate and golang's utls had to be created.
