Chrome User Agent phase out #62
Comments
|
Thank you, it has indeed been well on my mind the last couple weeks. You'll still be able to detect that it is Chrome but the Version and OS will no longer be reliable. On the one hand I'm kinda sad about it, on the other hand it is legitimately a powerful detail used in fingerprinting. I just wish there was a solution other than "use JavaScript" to get browser information moving forward, as that complicates a lot of things. |
|
I'm pinning your ticket as I'm sure others will come with questions. |
|
Will we be able to still get the platform/device type do you think? |
So presumably we'll be able to seperate Desktop from Mobile, but not say Windows from macOS or Android from iOS |
|
https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html This has taken chrome a lot longer to rollout than expected. From the sound of it, it won't begin rolling out until ~Chrome 101 It does however seem like we will be able to use the |
|
@donatj I use this library in an app for my work and have client hints coming up as something to address. Would be happy to help with implementation if you are interested. |
|
A reference for how the user agent is changing: https://www.chromium.org/updates/ua-reduction/ Does seem like you will be able to differentiate OS as well as desktop/mobile. The version will just be unreliable. |
|
@donatj As this is coming up for my work, I'm going to do a fork (and then I'll do a PR back to here) to add unit tests for the reduced strings, just to assure they will work (it looks to me like they will). I'm also going to look into how to add the client hints support. Looks like client hints are opt-in based on the server (you have to send what headers you want). So it seems like they could be implemented as a separate option. Seems like either:
|
|
@derikb Reading your first link, it seems like we'll still get three major data points
I'm curious if major Chrome version is enough for most people? It's been enough for my needs anyway. I'm open to the idea of parsing I'm confused about |
|
Yeah, that whole Accept-CH things seems a bit over complicated. (I'm reading it the same way you are.) Would seem simpler to let the browser/user decide what strings they want to expose. Those sample Sec-CH-UA headers in that MDN page are a bit crazy too. Confused why they all have incorrect brand strings as well as a generic and a specific string. Makes the parsing more complicated for sure. Seems like at least a good first step for the forthcoming Chrome changes is making sure the "reduced" strings work/parse right. Maybe a good second step is just parsing Sec-CH-UA if the UA is empty (so it's just a fallback albeit one with slightly less data), since that seems to get passed all the time, if I'm reading that correctly. |
|
Forked the repo and went through the info in https://www.chromium.org/updates/ua-reduction/ and compared to existing unit tests (and tried a few minor variations based on their examples) and I don't see anything that needs changing to handle the reduced user agents. The main difference I can see as far as the base platform/browser/version data goes is that version will be pegged to major version only. |
|
If I am reading this all correctly, the UA strings in Chrome are not actually being removed yet. So if you only need the basic OS, browser, and browser major version data, you don't actually need to us client hints (At this time). |
|
I'm going to close this, we're well into "the future" now and we're still doing roughly OK with the limited but still existing UAs 
I'm hopeful this will stay pinned while being closed. If not, I may reopen it. |
I just read an article on zdnet.com https://www.zdnet.com/article/google-to-phase-out-user-agent-strings-in-chrome/ and was wondering if that will make this not work anymore.
The text was updated successfully, but these errors were encountered: