Who owns the User Agent?

Via “Scoble”:http://radio.weblogs.com/0001011/2005/03/19.html#a9675 I found “Why AutoLink is Evil”:http://www.allpeers.com/blog/?p=69 and “Greasemonkeys and Obfuscators”:http://www.allpeers.com/blog/?p=62 and have this to say:
Trying to protect your code from user initiated changes is no better than all the right-click “HTML source protection” scripts we all learned to loathe, circumvent and laugh at.

Are you going to prevent users from turning off images, scripts, and plugins? Are you going to prevent user css, voice or braille output?
Doing this might “break” the pages for some obscure “author” definition of “break”, but it fixes pages for _users._
If you don’t like that a small percentage of your users disable advertising by any of these methods, go to paid subscriptions. If your business won’t survive on that, it’s very likely not a viable business model.

What I have in mind is a system that modifies the DOM in ways that change the internal structure without changing the presentation.

Keep in mind: HTML is _not_ a presentational format — it doesn’t define colour and layout — it defines the structure and semantics of a document. Two structurally and semantically different documents might for visual media look the same — the problem is that people will actually want to, for good reasons that are _their own reasons_ want to use your documents with different media. If you randomly change the order of content, change names of elements, do severe semantic overloading to “obfuscate” your document, that document is very likely going to be useless to someone using features like “Opera’s voice capabilities”:http://www.opera.com/voice/index.dml.
So, please: Don’t try to break _my_ web. Work _with_ users, not _against_ them. If you do, they will find ways to circumvent you, and if they can’t find that way, they’ll ignore you anyway. The user owns their User Agent, not you.

Leave a comment


  1. I hope that I didn’t give the impression that I’m condoning the practice of obfuscating websites. I just think that in this world of RIAA lawsuits and cinemas patrolled with night-vision goggles, it’s likely to happen as script hacking becomes more widespread.
    I basically agree with everything you say, except that I still think HTML is very much a presentational format. The advent of XHTML+CSS is fairly recent and is unambiguously a step in the right direction. But the web is still composed of lots of pretty dodgy HTML. If you have the technical skill to make use of fragile client-side scripts, by all means do so. But this isn’t a solution that’s going to scale over a large user base.

  2. bq. I hope that I didn’t give the impression that I’m condoning the practice of obfuscating websites.
    Matthew, my rant wasn’t aimed at you personally, it is a general rant, because I don’t want the bad old days back. I use the web from a variety of different media, and I specifically don’t want to be locked back into only viewing it from desktop platforms.
    No matter how much someone would want to obfuscate their markup, there are limits to what they can and can’t do, and still leave a website usable, and I have faith that most people aren’t going to want to do that.
    They can do it in two ways:
    # Obfuscate everything before they send it to the client, and then use some scripting means to deobfuscate it in the client. Bye-bye Google-Juice, bye-bye accessibility, and bye-bye users.
    # They can send sensible documents, and then obfuscate them in the client. Which is basically how Apple applies DRM to iTunes – “it didn’t exactly work”:http://fuware.nanocrew.net/pymusique
    As long as content producers also produce the viewers, neither scenario will work for them, and for those few who try, they’re going to discover that it’ll cost them far more than what they gain.

  3. Arve,
    Your comparison of DRM and website obfuscation is very apt. They’re both ridiculous from any rational viewpoint, but the sad fact is that DRM is a *huge* topic in the media world and it ain’t going away any time soon. Of course, there will always be ways to get around DRM (and I’m sure the same is true of obfuscation as well), but it’s still a pain in neck.
    I just posted another entry in attempt to clarify my position with respect to AutoLink and Greasemonkey. I guess I’m still being purposely inflammatory (must be due to a genetic defect or something :-), but if your biggest concern is being able to repurpose content (e.g. on other devices) then you should welcome the idea of an Extensible Web with open arms. I’m planning to write a longer essay describing in more detail how this would work.