Sadly I got a delayed, canned response from Support. *sigh*

I agree with you; additionally, this is equivalent to "deceptive advertising". 

On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

The browser info I get from my nook color browser is this:

• Browser CodeName: Mozilla

• Browser Name: Netscape

• Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

• Cookies Enabled: true

• Platform: Linux armv71

• User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

Have them switch to mobile mode, perhaps?

Mozilla/5.0 (Linux; U; Android 2.1; en-us; LogicPD Zoom2 Build/ERD79) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/

Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.

---

victorbos wrote:

I agree with you; additionally, this is equivalent to "deceptive advertising". 

 

On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

 

The browser info I get from my nook color browser is this:

 

• Browser CodeName: Mozilla

 

• Browser Name: Netscape

 

• Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

• Cookies Enabled: true

 

• Platform: Linux armv71

 

• User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

---

And tell me...what is "deceptive" about the NC's advertising?    I see nothing about it have a specific UA string?

You're so right. Its AOK.  Thanks.

---

withfeeling wrote:

Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.

---

You're right. It's not the entirety of the security strategy, though; it only selects which security policies are needed for each operating system.

The issue is that it's being offered an incorrect security policy when it presents itself as a completely different operating system. The scan software for Mac OS X doesn't run on Android.

Yes, because it identifies as Linux, which loads the proper security scan.

Unfortunately it involves an extra step of telling the user to schlep through menus when it could have been taken care of by simply offering the correct underlying operating system.

Now that the option's exposed without Aboutebug being required, I can at least write up documentation for it, and hopefully they'll read it.

Good idea but it won't help a default user.

Aside from security, there is a functionality issue here. Any site using a mobile browser detection script will treat the Nook as a desktop browser.

I wonder if the UAS was set this way for some techincal reason or if this was a mistake with the WebKit build B&N used?

While I agree that this is not really a security issue (that is, that any security based on user-agent strings is problematic), this is a significant problem: Right now, the Nook is indentifying itself as a desktop browser, and it's not.

Why is that a problem? Consider drop-down menues: Most are designed to work with hover states, not click states. You hover over an item and its associated menu drops down, hover over a child and its submenus pop out, etc, until you find and click on the one you want.

Obviously this won't work with touch screens (where touching is hovering), unless your drop-down code somehow detects the touch screen, which is harder than it sounds  -- can't reliably do it by any of the traditional best-practice methods of feature detection, so you end up having to write code that is at some level keyed to user agent strings.

Given that the Nook identifies itself as a Mac, you don't have a way to accommodate drop-down menus on the Nook.

Switching to mobile is not a viable option for most users, because that means you get the mobile version of the website on many high-end sites. That's a bit of a problem for a rich-display device like the Nook.