Google plans to improve privacy by deprecating user-agent strings on Chrome
What you need to know
- Google is planning on phasing out user-string agents in the Chrome browser.
- The change would improve individuals' privacy by making it harder for ad peddlers to 'fingerprint' users online.
- It would also help solve a variety of compatibility issues experienced by other browsers.
Privacy is all the rage at the Chrome labs these days. Amidst its efforts to do away with notification spam on Chrome and adding electronic privacy screen support to its Chrome-powered notebooks, Google this week announced its desire to eventually phase out and deprecate user-agent (UA) strings on its browser.
For those not familiar with the term, this is a string of metadata sent out by your browser every time you visit a website. The information includes your browser's name and version, the operating system, and the rendering engine used. The last two, in particular, can be far more revealing than you might assume. Take a look at the following example on Google's documentation for UA strings in Chrome:
As can be seen, the UA String not only shows that the individual is using Android 5.1.1, it also indicates the specific Android build for the device in use, a Nexus 5. The rendering engine information, for example, can tell an ad company if a person is an iPhone user, since most third-party browsers on iOS still use Safari's rendering engine behind the scenes.
The combination of such information can allow ad companies to 'fingerprint' — or indirectly identify — individuals on the web for targeted ads, even if you're trying to ensure you're not being tracked across the web. To circumvent this potential privacy snag, Google has decided it wants to end the era of user-agent strings entirely.
In addition, as the company's Yoav Weiss explains, ending the practice would also help avoid a number of compatibility issues between browsers:
Case in point, Vivaldi recently decided to stop announcing itself across the web, instead opting to present itself as Google Chrome in order to fix a number of rendering issues it was experiencing.
What Google hopes to achieve is to anonymize the information sent out by the browser to only what is absolutely necessary. As such, it will eventually unify UA strings based on desktop and mobile versions by late 2020. This means that while a website may be able to detect which browser a visitor is using and whether they're on the desktop or a mobile device, that's about all they'll be able to initially determine.
However, as many online advertisers do depend on this information, Google is creating a new standard called User Agent Client Hints to replace the deprecated UA Strings. The difference between the two is that the former is far more privacy-conscious, and only provides the necessary bits of information when explicitly requested by the website.
As a result, even though a lot of the same information will still be accessible to websites, the fact that they have to ask for it actively (rather than allowing passive trackers to simply glean the information wholesale) would enable the browser to track precisely what a website knows about you. In the future, Google could then penalize sites for being too nosy about your information with initiatives such as a Privacy Budget — i.e. limits on how much information a particular party can access over time. Think carbon budgets, but for user data.
This approach, Google hopes, will also improve interoperability between browsers and eliminate some of the aforementioned compatibility issues that arise from the incorrect parsing of a UA string by a website. Weiss explains the potential benefits as follows:
The complete deprecation of UA Strings will occur in late 2020, with the release of Chrome 85. In the meantime, Google will start notifying websites that use the current UA strings paradigm of the impending change starting in March and begin anonymizing UA string information by June of 2020.
Best Chrome for Desktop Alternatives in 2020
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
In the mobile world, that kind of thing would also be useful for screen resolution, the types of sensors the phones have, the amount of RAM, etc. Since not all of these metric are in the user agent, the actual model of the phone could be used to determine these things.
Today all someone has to do to take advantage of such info is to put on their website a "bug" hosted by a company that measures and aggregates such things. If this new proposal happens, each website would have to actively ask for the information, which means, depending on how it would be implemented, a simple static website would not collect this information, making collecting it much more expensive (hosting, development, DB, etc) for small time software developers like myself.