Note: please see the “Experiment Timeline” section for our extension request - the rest of the details are the same as before.
Contact emails abe...@chromium.org, miketa...@chromium.org Original I2E https://groups.google.com/a/chromium.org/g/blink-dev/c/R0xKm1B7qoQ/ Explainer https://developer.chrome.com/blog/user-agent-reduction-origin-trial/ Specification None, but we intend to specify the reduced UA in https://compat.spec.whatwg.org/#ua-string-section as it ships. Summary We want to reduce the amount of information the User Agent string exposes in HTTP requests as well as in navigator.userAgent, navigator.appVersion, and navigator.platform. The browser's brand and significant version, its desktop/mobile distinction and the platform it is running on will continue to be sent. We would like to run an Origin Trial for sites to opt into the Reduced User-Agent (and related navigator properties) to proactively test for breakage. See below for more details. Design Doc https://docs.google.com/document/d/1feIxK9S7oNgT2oGGebbxE9X0O-4wTKcsP_gRaY99tq4/edit#heading=h.2navvbygwxwb Blink component Blink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> TAG review https://github.com/w3ctag/design-reviews/issues/640 TAG review status Closed as “Satisfied with concerns” ( https://github.com/w3ctag/design-reviews/issues/640) Risks: Interoperability and Compatibility The compatibility risk is low, as we’re planning to reduce the amount of information in the UA string, rather than remove the header. Most existing UA detection code should continue to work. It is only future UA detection code that will need to move to use the UA client hints instead. In the long term, we expect this change to improve compatibility, as UA detection based on UA-CH is bound to be more reliable than the current status quo. We hope this Origin Trial will help us flesh out site compat issues we can’t predict a priori. As for interoperability, other vendors are on board with UA information reduction, but not necessarily with the UA Client Hints mechanism that is supposed to replace it. That can create a tricky situation, where developers would need to rely on the User-Agent string for some browsers and on UA-CH for others. Edge: Positive signals ( https://twitter.com/_scottlow/status/1206831008261132289) Firefox: Public support for reducing UA string information - “freezing the User Agent string without any client hints—seems worth-prototyping” (from https://github.com/mozilla/standards-positions/issues/202#issuecomment-558294095 ) Safari: Shipped to some extent. Safari has attempted to completely freeze the UA string <https://twitter.com/rmondello/status/943545865204989953?lang=en> in the past, but somewhat reverted that decision <https://bugs.webkit.org/show_bug.cgi?id=182629#c6>. Nowadays, their UA string seems mostly frozen, with updates only to the browser version. Web developers: Mixed signals. Some positive comments on Twitter, blink-dev, etc., as well as some negative sentiment. Experiment Summary This experiment is going to be a bit different from a normal Origin Trial; the goal is less about gathering information on the design of a new API than it is about enabling developers and administrators to test and ensure compatibility with our proposed changes. This change represents a large compat challenge with very subtle pitfalls and vast dependencies, it’s incredibly important we give developers any opportunity to test systems at every level. As for engaging with the trial itself, there will be two components controlled by the same Origin Trial: 1. Reducing the information in the associated JS getters, if the Origin Trial is enabled. 2. A client hint that gets set when the Origin Trial is enabled, where the client hint indicates to the origin that the User-Agent request header contains the reduced value. Because of the experimental nature of this client hint, a valid Origin Trial token must be sent in the response header by the origin for the client hint to take effect or be stored (in order to prevent platform burn-in for this temporary client hint token). During the process of conducting the Origin Trial, we may find that we need to request an exception to the per-site (and possibly global) limits imposed by Origin Trials. In practice, Origin Trials rarely exceed their quota limits, but if necessary, there is time between when the limits have been exceeded and the Origin Trial is turned off, where we can work with the users on reducing their usage and/or lifting the limits. Please see the design document <https://docs.google.com/document/d/1feIxK9S7oNgT2oGGebbxE9X0O-4wTKcsP_gRaY99tq4/edit#heading=h.2navvbygwxwb> describing the experiment for more information. Experiment Goals The goal of this trial is to enable developers to test how reducing the User-Agent request header and the related navigator getters will affect their systems and make sure they have all of the tools they need for an effective migration to User Agent Client Hints <https://web.dev/migrate-to-ua-ch/>. We hope that by providing sufficient time to test and provide feedback we can validate our current plans for UA Reduction and safely roll them out to the web at large. We will be relying heavily on user and developer feedback to understand where breakage occurs, or where use cases are not accounted for. We will create a GitHub repository as well as a public mailing list for gathering feedback. When the OT is ready, we plan to publish developer guidance on how to enroll and provide feedback. Experiment Timeline M101-M103 Reason this experiment is being extended We have a partner that would like to continue testing the fully reduced UA string. Due to an issue in their experiment design, they weren't able to launch the OT and collect any data. We would like to extend the OT by 3 milestones, if possible. We believe the risks for burn-in don't apply, because this OT just enables what we hope will be the default behavior in the future. We are encouraged by the fact that no other OT participants provided negative feedback, or reports of site breakage, so we feel like this extension is pretty safe. Draft spec: https://compat.spec.whatwg.org/#ua-string-section TAG review: Closed <https://github.com/w3ctag/design-reviews/issues/640> as “Satisfied with concerns” bit.ly/blink-signals requests: Firefox and Safari have already shipped UA reduction in varying forms. Outreach for feedback from the spec community: N/A WPT tests: There are WPTs covering general UA string behavior but nothing specific to UA reduction yet (until the various phases land in the stable channel). Experiment Risks Despite the proposed changes being net-positive in terms of privacy, there are some compat risks, as many sites have come to rely on the shape of the User-Agent header and related JS interfaces. Site breakage can take many forms, both obvious and non-obvious. However, since sites are in control of the Origin-Trial and Accept-CH headers, a site can quickly opt out of the experiment when breakage is encountered. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? No (All but WebView) Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ? Not yet. Flag name #reduce-user-agent Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=955620 https://bugs.chromium.org/p/chromium/issues/detail?id=1222742 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5704553745874944 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BWdJ_4Qek62u8_g8iQzAG%3Dxuvz-%2BFaMMEfqW0Y92PFXgMbAQw%40mail.gmail.com.
