Partially freeze the User Agent string
We want to partially freeze (but not remove) the User Agent string in HTTP requests as well as in navigator.userAgent. The browser's brand and significant version will continue to be sent unfrozen, as well as its desktop/mobile distinction. This removal relies on https://www.chromestatus.com/feature/5995832180473856. Its timeline will be finalized once UA-CH ships.
The User-Agent string is an abundant source of passive fingerprinting information about our users. It contains many details about the user’s browser and device as well as incorrect information (Mozilla/5.0, anyone?) that were or are needed for compatibility purposes, as servers grew reliant on bad User Agent sniffing. On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular to minority browsers, resulting in browsers lying about themselves, and sites (including Google properties) being broken in some browsers for no good reason. The User Agent Client Hints feature provides an alternative source for the information the User Agent string provides (both in its request header form as well as its JS API one). Its main advantages are: It provides the required information only when the server requests it, making any fingerprinting that relies on it be active fingerprinting, which can be detected and acted-upon by the browser. It provides the information in small increments, so servers are less likely to touch many fingerprinting bits in order to figure out one detail about the browser. (e.g. brand and major version) And finally, since it provides the information in small increments, it requires less parsing, so it is less likely that servers will get it wrong and cause compatibility issues.
Status in Chromium
In development (tracking bug)
Consensus & Standardization
Last updated on 2020-02-28