What you need to know
- Google is planning on phasing out user-string agents in the Chrome browser.
- The change would improve individuals' privacy by making it harder for ad peddlers to 'fingerprint' users online.
- It would also help solve a variety of compatibility issues experienced by other browsers.
Privacy is all the rage at the Chrome labs these days. Amidst its efforts to do away with notification spam on Chrome and adding electronic privacy screen support to its Chrome-powered notebooks, Google this week announced its desire to eventually phase out and deprecate user-agent (UA) strings on its browser.
For those not familiar with the term, this is a string of metadata sent out by your browser every time you visit a website. The information includes your browser's name and version, the operating system, and the rendering engine used. The last two, in particular, can be far more revealing than you might assume. Take a look at the following example on Google's documentation for UA strings in Chrome:
Mozilla/5.0 (Linux; Android 5.1.1; Nexus 5 Build/LMY48B; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.65 Mobile Safari/537.36
As can be seen, the UA String not only shows that the individual is using Android 5.1.1, it also indicates the specific Android build for the device in use, a Nexus 5. The rendering engine information, for example, can tell an ad company if a person is an iPhone user, since most third-party browsers on iOS still use Safari's rendering engine behind the scenes.
The combination of such information can allow ad companies to 'fingerprint' — or indirectly identify — individuals on the web for targeted ads, even if you're trying to ensure you're not being tracked across the web. To circumvent this potential privacy snag, Google has decided it wants to end the era of user-agent strings entirely.
In addition, as the company's Yoav Weiss explains, ending the practice would also help avoid a number of compatibility issues between browsers:
On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites), and sites (including Google properties) being broken in some browsers for no good reason.
Case in point, Vivaldi recently decided to stop announcing itself across the web, instead opting to present itself as Google Chrome in order to fix a number of rendering issues it was experiencing.
What Google hopes to achieve is to anonymize the information sent out by the browser to only what is absolutely necessary. As such, it will eventually unify UA strings based on desktop and mobile versions by late 2020. This means that while a website may be able to detect which browser a visitor is using and whether they're on the desktop or a mobile device, that's about all they'll be able to initially determine.
However, as many online advertisers do depend on this information, Google is creating a new standard called User Agent Client Hints to replace the deprecated UA Strings. The difference between the two is that the former is far more privacy-conscious, and only provides the necessary bits of information when explicitly requested by the website.
As a result, even though a lot of the same information will still be accessible to websites, the fact that they have to ask for it actively (rather than allowing passive trackers to simply glean the information wholesale) would enable the browser to track precisely what a website knows about you. In the future, Google could then penalize sites for being too nosy about your information with initiatives such as a Privacy Budget — i.e. limits on how much information a particular party can access over time. Think carbon budgets, but for user data.
This approach, Google hopes, will also improve interoperability between browsers and eliminate some of the aforementioned compatibility issues that arise from the incorrect parsing of a UA string by a website. Weiss explains the potential benefits as follows:
Since it provides the information via dedicated fields, it enables better ergonomics and makes it less likely for servers to get it wrong and cause compatibility issues.
And finally, starting fresh will enable us to drop a lot of the legacy baggage that the UA string carries ("Mozilla/5.0", "like Gecko", "like KHTML", etc) going forward.
The complete deprecation of UA Strings will occur in late 2020, with the release of Chrome 85. In the meantime, Google will start notifying websites that use the current UA strings paradigm of the impending change starting in March and begin anonymizing UA string information by June of 2020.
We may earn a commission for purchases using our links. Learn more.
A few good Kindle books can help you get through these tough times
One of my favorite pastimes in good times or bad is to curl up on the sofa with a good book, preferably on my Amazon Kindle. Here are some of the stories that have been distracting me over the past few weeks of lockdown and social isolation.
Top 6 things Google needs to add to Chrome OS to compete with Windows
Chrome OS has gotten pretty good in recent years — especially for tablets and touchscreens — but there’s always room to improve. Here’s my wishlist for my favorite lightweight laptop ecosystem.
Amazon Echo Frames review: Alexa comes for your eyes and ears
When I reviewed the Amazon Echo Buds in late 2019, I commented that they were a solid first attempt to help get Alexa out of the house and make her more useful on the go. The Echo Frames, which were announced at the same time as the Echo Buds, are the latest of Alexa's steps into the wider world. I'll tell you what I thought of them after my first few days with them.
The best flip phones you can buy in 2020
Smartphones are great, but they aren't for everybody. Whether you're after a simpler experience or just want the cheapest possible phone for calls, texts, and light browsing, these are the flip phones that should be on your radar.