Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 25 2020, @06:05PM   Printer-friendly [Skip to comment(s)]
from the all-your-user-agent-are-belong-to-us dept.

Chrome Phasing out Support for User Agent

Google announced its decision to drop support for the User-Agent string in its Chrome browser. Instead, Chrome will offer a new API called Client Hints that will give the user greater control over which information is shared with websites.

[...] When Netscape came out,[...] it adopted the User-Agent string and added additional details such as the operating system, language, etc. These details helped websites to deliver the right content for the user, though in reality, the primary use case for the User-Agent string became browser sniffing.

[...] Browser sniffing continued to play a significant part in determining the browser capabilities for many years, which led to an unfortunate side effect where smaller browser vendors had to mimic popular User-Agents to display the correct website - as many companies only supported the major User-Agent types.

With JavaScript popularity rising, most developers have started using libraries such as Modernizer, which detects the specific capabilities of the browser, as this provides much more accurate results.

As a result, the most significant usage for the User-Agent remained within the advertising industry, where companies used it to 'fingerprint' users, a practice that many privacy advocates found to be problematic - mainly as most users had limited options to disable/mask those details.

If advertisers (other than Google) are unable to fingerprint our browsers we might be condemned to having fewer ads on our web pages to watch.

[A more in-depth article is available on ZDNet; the entire Client Hints proposal is available on GitHub. This is subject to modification — but it has been under development since at least January of 2019 — so don't wait for it to get formally adopted if you have any issues with it; get your feedback in soon.-Ed.]


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Insightful) by DannyB on Wednesday March 25 2020, @06:19PM (2 children)

    by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @06:19PM (#975554) Journal

    it has been under development since at least January of 2019 — so don't wait for it to get formally adopted

    But March is national procrastination week.

    From TFA . . . [github.io]

    It is not a W3C Standard nor is it on the W3C Standards Track.

    Well that's encouraging. Who is Google that they would expect all the many web browser to implement something witch is not a W3C standard?

    --
    What can be done to stop bloggers from using the wrong color schemes?
    • (Score: 1, Touché) by Anonymous Coward on Thursday March 26 2020, @07:07AM (1 child)

      by Anonymous Coward on Thursday March 26 2020, @07:07AM (#975764)

      Which browsers? Chrome, Chrome or Chrome?

      • (Score: 2) by DannyB on Thursday March 26 2020, @02:16PM

        by DannyB (5839) Subscriber Badge on Thursday March 26 2020, @02:16PM (#975878) Journal

        Chrome. Chromium. Edge. Safari? Others?

        --
        What can be done to stop bloggers from using the wrong color schemes?
  • (Score: 5, Insightful) by DannyB on Wednesday March 25 2020, @06:24PM (1 child)

    by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @06:24PM (#975556) Journal

    Why is the new UA Client Hints API [github.io] even needed? And why is User Agent needed?

    Bravo for getting rid of User-Agent. But why replace it with something more structured?

    In the age of browser standardization where all browsers can render all modern standards, it seems a server no longer needs to customize content to particular browsers. IE is dead, at long last. (although some people still use it, and some banks think it's great stuff)

    As long as the vast array of different browser implementations that we have to choose from all implement modern standards, who needs a user agent? And who needs a replacement for it?

    --
    What can be done to stop bloggers from using the wrong color schemes?
    • (Score: 0) by Anonymous Coward on Thursday March 26 2020, @04:09AM

      by Anonymous Coward on Thursday March 26 2020, @04:09AM (#975719)

      Google needs the replacement for it. Ad companies are going to ad, and ads that can track your targets better are worth more.

  • (Score: 2, Interesting) by Anonymous Coward on Wednesday March 25 2020, @06:28PM (5 children)

    by Anonymous Coward on Wednesday March 25 2020, @06:28PM (#975558)

    Anyone have a good Bobby Tables style user agent string? I don't think most ad networks run the highest quality code...

    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @07:22PM

      by Anonymous Coward on Wednesday March 25 2020, @07:22PM (#975576)

      Use a blank string and watch the fireworks.

    • (Score: 2, Interesting) by Anonymous Coward on Wednesday March 25 2020, @08:11PM (3 children)

      by Anonymous Coward on Wednesday March 25 2020, @08:11PM (#975589)

      Googlebot

      Gets around many paywalls.

      A zillion years ago, I used to use "web browser", but as time went on, most major sites became broken due to retarded user agent sniffing. Most did not degrade gracefully, just some stupid, "We haven't a clue what we are doing, so please use browser X at version Y."

      • (Score: 2) by Pino P on Thursday March 26 2020, @12:46AM (2 children)

        by Pino P (4721) on Thursday March 26 2020, @12:46AM (#975656) Journal

        Googlebot

        Gets around many paywalls.

        Shhh! Don't spill the beans, or sites will start using reverse DNS on each IP address that presents a Googlebot UA [google.com].

        • (Score: 3, Interesting) by toddestan on Thursday March 26 2020, @03:35AM (1 child)

          by toddestan (4982) on Thursday March 26 2020, @03:35AM (#975713)

          Really, this shouldn't work for other reasons. I think Google should send sites that let Googlebot through but present a paywall to everyone else straight to the bottom of their search results.

          • (Score: 4, Informative) by Pino P on Thursday March 26 2020, @03:54AM

            by Pino P (4721) on Thursday March 26 2020, @03:54AM (#975717) Journal

            I think Google should send sites that let Googlebot through but present a paywall to everyone else straight to the bottom of their search results.

            This was the case until October 2017, when Google rolled out Flexible Sampling [google.com] to replace its former First Click Free policy. Googlebot even provides a way for publishers to post structured data to mark the difference [google.com] between a paywall and cloaking.

  • (Score: 5, Insightful) by bradley13 on Wednesday March 25 2020, @06:37PM (4 children)

    by bradley13 (3053) Subscriber Badge on Wednesday March 25 2020, @06:37PM (#975560) Homepage Journal

    Note that, according to the HTTP specification, the User-Agent string is optional. However...

    There are a lot of web developers out there who are apparently incapable of correctly implementing a specification. If you fail to send a User-Agent string, many websites break. They apparently have some sort of if statement logic: if browser-x send X else if browser-y. Only they forgot the final "else" where they ought to send content even if the don't know the browser type.

    Anyway, relying on User-Agent just indicates that a website is relying on non-standard browser behaviors. Another sign of quality web development. If you site doesn't work on *any* modern browser, your site is broken. Period.

    I would like to believe that this change to Chrome will force web developers to clean up this mess. Unfortunately, it won't. According to TFA, Chrome will still send User-Agent and offer "Client Hints". In total, this will almost certainly provide even more information to track users.

    --
    Everyone is somebody else's weirdo.
    • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @06:59PM (2 children)

      by Anonymous Coward on Wednesday March 25 2020, @06:59PM (#975570)

      My frankenbrowser sends null as a user agent. I get a bunch of null pointer errors from websites.

      • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @07:55PM (1 child)

        by Anonymous Coward on Wednesday March 25 2020, @07:55PM (#975588)

        My browser occasionally identifies itself as a copy of mozilla running on a DEC system running TOPS-20..sorry, I meant mozzarella running on a DEC..

        • (Score: 0) by Anonymous Coward on Thursday March 26 2020, @04:46AM

          by Anonymous Coward on Thursday March 26 2020, @04:46AM (#975736)

          A transexual browser, eh?

    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @07:43PM

      by Anonymous Coward on Wednesday March 25 2020, @07:43PM (#975582)

      "this will almost certainly provide even more information to track users."
      looking through the document this is exactly what it does. So I guess the default will be all on in a browser like chrome and only power users will go and switch it off. Something like tor-browser will default all off.

  • (Score: 4, Interesting) by SomeGuy on Wednesday March 25 2020, @06:39PM (4 children)

    by SomeGuy (5632) on Wednesday March 25 2020, @06:39PM (#975562)

    User agents have been a pain for a long time. But they are part of HTTP.

    There are actually STILL some web sites out there that block my web browser because my "OS" part of the string just happens to contain "Windows 95". Change it and it lets me in just fine. I tried contacting one of these sites and just got back the usual shit along the line of "derr we block that because viruses, u shud upgrade because teh security deeerr drool, drool, drool." The irony is several of these sites are vintage computing related.

    On the other hand, sometimes changing IU strings could force some sites to give me an actual USABLE interface that was not full of retarded bullshit.

    So, the real question is what happens to any web browsers that don't do the same thing as Gurgle Crumb? Will they be blocked from internet access altogether?

    • (Score: 2) by DannyB on Wednesday March 25 2020, @06:46PM (2 children)

      by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @06:46PM (#975563) Journal

      What would happen, I wonder, if a user agent indicated one of the text mode browsers? [wikipedia.org]

      Maybe a web site would know that you are too unfortunate to have JavaScript, blinking seizure inducing animated GIFs, local storage, and other such wonderful features; and the site would taylor the content accordingly. Suppose you could falsely indicate that browser as your user agent in order to avoid the web site sending you JavaScript and animated GIFs, etc.?

      --
      What can be done to stop bloggers from using the wrong color schemes?
    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @09:04PM

      by Anonymous Coward on Wednesday March 25 2020, @09:04PM (#975602)

      User agents have been a pain for a long time. But they are an optional part of HTTP.

      FTFY

  • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @06:56PM

    by Anonymous Coward on Wednesday March 25 2020, @06:56PM (#975568)

    not bug but a feature?
    the public facing webserver presents "this is a test site! it works!" with any "wrong" user-agent string; the correct one, delivered via some side-channel, will let you in?
    or even, on the fly, user-agent string switching according to some algo?

    tbh methinks this is just a thinly veiled "certificate" to confirm to web-site operators (like banks and clubbermints) that "hey, look our browser confirms itself (you can run some test from your site too) and is totally up to all stundards and securitis that we keep making more and more complicated for nothing and with lots of advertisement monies (thanks for that btw), so that we end up being the only thru and honest browser on the planet".

  • (Score: 4, Informative) by shortscreen on Wednesday March 25 2020, @07:49PM

    by shortscreen (2252) Subscriber Badge on Wednesday March 25 2020, @07:49PM (#975586) Journal

    So now I won't have to waste time trying to figure out what magic user agent to spoof to get a site to load because web developers had their collective head up their collective ass. Instead I'll get a blank page because my browser only supports Client Hints (TM) version 1.24857WTF and they require at least version 1.3666FOAD.

  • (Score: 4, Insightful) by Bot on Wednesday March 25 2020, @09:26PM (1 child)

    by Bot (3902) on Wednesday March 25 2020, @09:26PM (#975608) Journal

    Chrome pushing its marketshare weight to force new standards.
    Bring back the "this site works best with..." animated fake 3d gifs.

    --
    Account abandoned.
  • (Score: 4, Informative) by bryan on Wednesday March 25 2020, @09:45PM (1 child)

    by bryan (29) <bryan@pipedot.org> on Wednesday March 25 2020, @09:45PM (#975612) Homepage Journal

    Google fails user agent checks on its own Gmail service. Unless your user agent matches one of a few "major" browsers, you are unable to login to the site.

    As a developer of a small CEF [wikipedia.org] based browser, I've been bitten by this misfeature in Gmail and other badly coded websites. In my case, a "fake" user agent string that matches a popular browser allows the site to function normaly.

    • (Score: 1, Informative) by Anonymous Coward on Thursday March 26 2020, @02:01AM

      by Anonymous Coward on Thursday March 26 2020, @02:01AM (#975677)

      So does Netflix. Tried to watch a movie recently with a year-old version of Firefox and Netflix told me to update my browser. Changed the user agent instead and the movie played fine.

  • (Score: 0) by Anonymous Coward on Thursday March 26 2020, @12:01AM

    by Anonymous Coward on Thursday March 26 2020, @12:01AM (#975644)

    Generally the session goes:

    HTTP Request, HTTP Response.

    This models goes HTTP Request, HTTP Response, HTTP Request, HTTP Response for ONE page.

    That is a fairly significant amount of additional latency.

    Really what this does is create an initial basis for a negotiation protocol. Which is to say that Google may be looking to do what Brave is doing, it is just hiding it in a: "We're Google and we're here to help, don't mind the shovel and the bag of lye." kind of way. That isn't to say it is a bad thing.

    Here is the million dollar question: If sessions have multipart negotiation by default, doesn't that make the web provider a telecom provider? You are negotiating the sale of a transmission, which is pretty much the same as long distance tarriffing from an architecture standpoint. The initial headers don't constitute content. PPP does this with LCP options, and since we aren't talking about content, but rather the right to transmit content, you might as well do PPP over TCP all the way to the web server and do the session negotiation in LCP. Right? It isn't content, so you could do that. If your negotiating transmission rates, it doesn't matter what protocol you do it with.

    This is the part where somebody stands up and says: doesn't "Orchid Protocol" do this? Yes. But if it is anything like telegram, it's first versions will be primarily used to backhaul traffic from root kits, and run of the mill consumer malware, like say.... Windows.

    Lots going on. Fun to see how it evolves.

  • (Score: 1, Touché) by Anonymous Coward on Thursday March 26 2020, @05:03AM (1 child)

    by Anonymous Coward on Thursday March 26 2020, @05:03AM (#975746)

    If advertisers (other than Google) are unable to fingerprint our browsers we might be condemned to having fewer ads on our web pages to watch.

    On the contrary, you'll have more, to compensate for the lack of target.
    But don't believe them, you'll have more anyways.

    • (Score: 2) by MostCynical on Thursday March 26 2020, @06:32AM

      by MostCynical (2589) on Thursday March 26 2020, @06:32AM (#975762) Journal

      Fishing gear, computers, hair tonic, funeral homes AND baby supplies?

      --
      Books are a poor substitute for female companionship, but they are easier to find. P Rothfuss “The Wise Man's Fear"
(1)