Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 25 2020, @06:05PM   Printer-friendly
from the all-your-user-agent-are-belong-to-us dept.

Chrome Phasing out Support for User Agent

Google announced its decision to drop support for the User-Agent string in its Chrome browser. Instead, Chrome will offer a new API called Client Hints that will give the user greater control over which information is shared with websites.

[...] When Netscape came out,[...] it adopted the User-Agent string and added additional details such as the operating system, language, etc. These details helped websites to deliver the right content for the user, though in reality, the primary use case for the User-Agent string became browser sniffing.

[...] Browser sniffing continued to play a significant part in determining the browser capabilities for many years, which led to an unfortunate side effect where smaller browser vendors had to mimic popular User-Agents to display the correct website - as many companies only supported the major User-Agent types.

With JavaScript popularity rising, most developers have started using libraries such as Modernizer, which detects the specific capabilities of the browser, as this provides much more accurate results.

As a result, the most significant usage for the User-Agent remained within the advertising industry, where companies used it to 'fingerprint' users, a practice that many privacy advocates found to be problematic - mainly as most users had limited options to disable/mask those details.

If advertisers (other than Google) are unable to fingerprint our browsers we might be condemned to having fewer ads on our web pages to watch.

[A more in-depth article is available on ZDNet; the entire Client Hints proposal is available on GitHub. This is subject to modification — but it has been under development since at least January of 2019 — so don't wait for it to get formally adopted if you have any issues with it; get your feedback in soon.-Ed.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday March 26 2020, @12:01AM

    by Anonymous Coward on Thursday March 26 2020, @12:01AM (#975644)

    Generally the session goes:

    HTTP Request, HTTP Response.

    This models goes HTTP Request, HTTP Response, HTTP Request, HTTP Response for ONE page.

    That is a fairly significant amount of additional latency.

    Really what this does is create an initial basis for a negotiation protocol. Which is to say that Google may be looking to do what Brave is doing, it is just hiding it in a: "We're Google and we're here to help, don't mind the shovel and the bag of lye." kind of way. That isn't to say it is a bad thing.

    Here is the million dollar question: If sessions have multipart negotiation by default, doesn't that make the web provider a telecom provider? You are negotiating the sale of a transmission, which is pretty much the same as long distance tarriffing from an architecture standpoint. The initial headers don't constitute content. PPP does this with LCP options, and since we aren't talking about content, but rather the right to transmit content, you might as well do PPP over TCP all the way to the web server and do the session negotiation in LCP. Right? It isn't content, so you could do that. If your negotiating transmission rates, it doesn't matter what protocol you do it with.

    This is the part where somebody stands up and says: doesn't "Orchid Protocol" do this? Yes. But if it is anything like telegram, it's first versions will be primarily used to backhaul traffic from root kits, and run of the mill consumer malware, like say.... Windows.

    Lots going on. Fun to see how it evolves.