Chrome wants to kill browser user agent strings, cites compatibility and privacy concerns

The user agent string is the part of the browser that identifies itself to websites. It tells sites the browser and browser version number you are using, as well as limited information about your device. However, it has become an ever-growing problem for both users and developers over the past decade, so Google wants to switch to something else.

If you’re not familiar with web development, browsers have continuously updated their user agent strings to become longer, to maintain compatibility with websites and minimize end-user impact. For example, when Microsoft introduced Internet Explorer in the early 90’s, it added “Netscape” to its user agent string to make sites think it was the more advanced Netscape Navigator browser.

This back-and-forth has continued to this very day, with Chrome’s user agent string now containing references to “Mozilla” (Netscape’s codename), “AppleWebKit” (because Chrome is based on Safari), “Safari,” “KHTML” (the engine Safari was based on), and “Gecko” (Firefox’s rendering engine):

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36

User agents have become even more complicated in the modern era of Chromium-based browsers. The new Microsoft Edge changes its user agent string for each site to avoid being detected as the old Edge, while Vivaldi recently announced it will no longer include its own branding in the user agent to fix sites that block non-Chrome browsers. User agent strings are also commonly used to track people as they move across websites, in the same fashion as third-party cookies.

Google’s new proposal is comprised of two parts. First, it wants to ‘freeze’ the user agent string, meaning the contents will no longer stay up-to-date (as removing it entirely would cause countless websites to cease working). Chrome 83, currently slated for release in June, will freeze the browser and OS versions in the string. With Chrome 85, the plan is to make all desktop browsers use a similar string, while doing the same for mobile.

The second component is a replacement API, currently named ‘User-Agent Client Hints.’ This will allow sites to detect most of the same information that the user agent string provides, but in a more standardized and privacy-protecting manner. The exact limitations for accessing this information will be up to each browser ⁠— for example, a browser might block access to 32-bit/64-bit information until you choose to download an executable file.

The exact details of this will likely change over the next few months, but with Safari and Firefox already interested, this should give nefarious websites one less avenue for tracking you.

https://www.androidpolice.com/2020/01/14/chrome-wants-to-kill-browser-user-agent-strings-cites-compatibility-and-privacy-concerns/

Leave a Reply