Robert Kairo, (a.k.a. KaiRo), SeaMonkey project leader has announced a new SeaMonkey bug bounty program offering developers payments of up to $1,000 for resolving some important and currently unassigned bugs.

The list of seven WANTED! bugs ranges from purportedly simple ones like porting Firefox information bars to SeaMonkey ($100 bounty) to some more complex like adding web feed aggregation support to SeaMonkey Mail ($800) and implementing dynamic user agent spoofing for SeaMonkey ($1,000).

Dynamic UA spoofing is a controversial feature that would allow SeaMonkey to present itself to a web server as another browser and avoid weak browser identification techniques some web sites use. Since SeaMonkey, Camino, Firefox, Netscape, Flock, K-Meleon and other browsers use the same Gecko rendering engine they should all be treated the same way. Some sites however, instead of looking for a specific rendering engine, Gecko, they try to identify Firefox specifically and may default to less functional interfaces or not work at all for other Gecko-based browsers, which is just absurd.

The bug also specifies a central service that will keep an updated list of what sites should SeaMonkey impersonate, making it a dynamic, smarter solution.

While the idea seems clever and practical, in the end it doesn’t help to solve the rampant lack of support for web standards. a technique that should ideally disappear.

Browser identification is a consequence of the crazy Browser Wars I in the late 90s and the exact opposite of web standards. Discriminating content or functionality serving based on the user agent (the browser) or even the rendering engine (WebKit, Trident, Gecko, Presto or any other) has serious consequences including added development cost to keep up several versions and most importantly limited access based on a specific piece of software or hardware,

There’s no simple or immediate answer to the problem and the SeaMonkey project has opted to follow the user agent spoofing route.

Back to the bounty program, I must note that it’s not the first time a bug bounty program is made available. Currently, Mozilla has an active program for security bugs and in the past, Mark Shuttleworth (Ubuntu’s Self Appointed Benevolent Dictator for Life) started a similar initiative back in 2003.