User-Agent Client Hints

From Bitnami MediaWiki
Jump to navigation Jump to search

Overview

The goal of Google's User-Agent Client Hints is to reduce organizations' ability to access accurate information about what type of device, screen size, language preference and supported fonts and technology a user's web-enabled client supports.[1]

A User-Agent is sent with every HTTP request to inform the web server, site, and service about the capabilities of the user's agent. Here's an example from a Pixel 2 XL:

Mozilla/5.0 (Linux; Android 8.0.0; Pixel 2 XL Build/OPD1.170816.0a04) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Mobile Safari/537.36

Google plans to systematically remove, reduce or replace the user-agent information commonly sent in default header that enables publishers and their partners to improve user experiences.[2] Google refers to its replacement actions as "GREASE", when its software replaces true information with masqueraded information.[3]

Google's software will provide limited subsets of this information, moving what was a default standard into a request for information controlled by Google's software. Google intends to limit how frequently this information can be accessed via its Privacy Budget. Under the Privacy Budget proposal, Chrome will assign an information budget to each website and monitor the information provided to each website. When a website has used up its budget, Chrome will stop sending correct information, substituting it with imprecise or noisy results or a generic result that does not vary between users.

UA-CH is now shipping by default in Chrome (since M89).[4] However, given the impact to the ecosystem that would occur if this were the only method of obtaining this information, "no User-Agent string changes will be coming to the stable channel of Chrome in 2021."[5]

Impact

A key concern about removing access to both accurate and complete user agent data is its likely impact on a degraded end user experience. For example, many mobile devices have limited battery, bandwidth and screen sizes that web publishers wish to specifically code mobile-specific user experiences relative to the standard desktop version of their property.

Google acknowledges that understanding market share of different browsers and versions on different devices is important for web developers to code compatible user experiences. "Having visibility into a browser's usage can encourage developers to test in that particular browser, ensuring fewer compatibility issues for its users....By design, looking at individual entries in the brands list makes it hard to distinguish between a less-popular browser's truthful brand name and a more-popular browser's arbitrary GREASE. Since the less-popular browser may include several popular brand names for compatibility purposes, its users will likely be bucketed as using the more-popular one if this approach is taken, leading to distorted views of usage share that favour already-popular browsers and with less-popular browsers possibly never gaining any visibility."[6]

Another key impact is how user agent data, combine with other information, can protect publishers and marketers from fraud. Without access to this information, a competitive marketplace of fraud detection vendors will not be able to differentiate their services.

Regulator Perspectives

The UK CMA noted (5.46) that should Google impair the accuracy of information used to optimize user experiences, this would likely impair the "attractiveness of the open display market." Google's proposal would:

  1. "lead to Google’s rival publishers offering a worse service to both users and advertisers when competing with Google to attract advertiser spend to their ad inventory,"
  2. " hamper Google’s rivals’ abilities to detect fraud and limit their ability to optimize their online content to, for example, a user’s device."[7]

Note: Google has made no commitment that it will rely only on User-Agent Client Hints to detect fraud or optimize user experiences its own web properties.

Open Questions

  • What is the value impairment associated with reducing publishers and marketers' ability to rely on a competitive market of fraud detection services?
  • What is the value impairment associated with reducing publishers and marketers' ability to optimize experiences with accurate and complete user agent information?
  • Will Google give people choice over whether their browser will provide user agent data to the publishers they frequent?

References