User-Agent Reduction
miketaylr@chromium.org
3 second talk preview
Mozilla/1.0 (Win3.1)
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
Mozilla/5.0 (compatible; Konqueror/3.2; FreeBSD) (KHTML, like Gecko)
Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.44
etc.
Parsing is painful and fragile
Mechanism for covert tracking
Exposes highly identifiable data on every request
Requires messy parsing logic that is prone to bugs
User-Agent Reduction
User-Agent: Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4076.0 Mobile Safari/537.36
User-Agent: Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4076.0 Mobile Safari/537.36
These low-entropy bits will continue to be updated.
Not changing
Not changing
Not changing
User-Agent: Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4076.0 Mobile Safari/537.36
User-Agent: Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4076.0 Mobile Safari/537.36
User-Agent: Mozilla/5.0 (Linux; Android 10; K ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.0.0 Mobile Safari/537.36
These low-entropy bits will continue to be updated.
Not changing
Not changing
Not changing
Not changing
These high-entropy bits will be frozen.
🥶
🥶
🥶
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.0.0 Safari/537.36
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.0.0 Mobile Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.0.0 Safari/537.36
User-Agent Client Hints API
User-Agent
Mozilla/5.0 (Linux; Android 10; Pixel 3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4076.0 Mobile Safari/537.36
Android
?1
84.0.4076.0
Sec-CH-UA-Platform
Sec-CH-UA-Mobile
Sec-CH-UA-Full-Version
10
Sec-CH-UA-Platform-Version
"Chromium";v="84",
"Google Chrome";v="84"
Sec-CH-UA
ARM
Sec-CH-UA-Arch
Pixel 3
Sec-CH-UA-Model
User-Agent
Provided by default
Not provided by default, needs explicit request
User-Agent Client Hints
64
Sec-CH-UA-Bitness
Sec-CH-UA-Full-Version-List
"Chromium";v="84.0.4076.0",
"Google Chrome";v="84.0.4076.0"
Being replaced with…
“Reduced” JS APIs
\
> navigator.userAgent
> navigator.platform
> navigator.appVersion
navigator.userAgentData API
\
> navigator.userAgentData
▷ NavigatorUAData {brands: Array(3), mobile: false, platform: 'macOS'}
> await navigator.userAgentData.getHighEntropyValues([“bitness”]);
{bitness: “64”}
Timelines
Testing Timeline
Reduced UA Origin Trial from M95 - M100.
Send feedback to Chrome via bugs (GitHub or crbug), or email miketaylr@google.com
M95
Oct 2021
Enable testing reduced UA at scale
six months for testing
M100
Mar ‘22
Gradual Reduction
The proposed rollout will happen in phases.
Phase 1: MINOR.BUILD.PATCH => “0.0.0”
Phase 2: Desktop rollout
Phase 3: Mobile rollout
Minor Version
M101
Apr ‘22
Desktop
M107
Oct‘22
Android
M110
Feb‘23
Apr ‘22 - Feb’23
UA String Reduction
Deprecation Trial
For sites needing a little more time to migrate.
Mar ‘22 - May ‘23
Enable opt-in to legacy UA
M113
May ‘23
M100
Mar ‘22
Minor Version
M101
Apr ‘22
Desktop
M107
Oct‘22
Android
M110
Feb‘23
Apr ‘22 - Feb’23
UA String Reduction
Questions?
Learn more
https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html has more details on the phases and dates.
https://www.chromium.org/updates/ua-reduction has the format of reduced UA strings.
Useful developer docs: https://developer.chrome.com/docs/privacy-sandbox/user-agent/
https://developer.chrome.com/docs/privacy-sandbox/user-agent/snippets/
Watch blink-dev for updates and related intent emails.