Source: Windows Central
What you need to know
- Google is planning on phasing out user-string agents in the Chrome browser.
- The change would improve individuals’ privacy by making it harder for ad peddlers to ‘fingerprint’ users online.
- It would also help solve a variety of compatibility issues experienced by other browsers.
Privacy is all the rage at the Chrome labs these days. Amidst its efforts to do away with notification spam on Chrome and adding electronic privacy screen support to its Chrome-powered notebooks, Google this week announced its desire to eventually phase out and deprecate user-agent (UA) strings on its browser.
For those not familiar with the term, this is a string of metadata sent out by your browser every time you visit a website. The information includes your browser’s name and version, the operating system, and the rendering engine used. The last two, in particular, can be far more revealing than you might assume. Take a look at the following example on Google’s documentation for UA strings in Chrome:
Mozilla/5.0 (Linux; Android 5.1.1; Nexus 5 Build/LMY48B; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.65 Mobile Safari/537.36
The combination of such information can allow ad companies to ‘fingerprint’ — or indirectly identify — individuals on the web for targeted ads, even if you’re trying to ensure you’re not being tracked across the web. To circumvent this potential privacy snag, Google has decided it wants to end the era of user-agent strings entirely.
In addition, as the company’s Yoav Weiss explains, ending the practice would also help avoid a number of compatibility issues between browsers:
On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites), and sites (including Google properties) being broken in some browsers for no good reason.
What Google hopes to achieve is to anonymize the information sent out by the browser to only what is absolutely necessary. As such, it will eventually unify UA strings based on desktop and mobile versions by late 2020. This means that while a website may be able to detect which browser a visitor is using and whether they’re on the desktop or a mobile device, that’s about all they’ll be able to initially determine.
As a result, even though a lot of the same information will still be accessible to websites, the fact that they have to ask for it actively (rather than allowing passive trackers to simply glean the information wholesale) would enable the browser to track precisely what a website knows about you. In the future, Google could then penalize sites for being too nosy about your information with initiatives such as a Privacy Budget — i.e. limits on how much information a particular party can access over time. Think carbon budgets, but for user data.
This approach, Google hopes, will also improve interoperability between browsers and eliminate some of the aforementioned compatibility issues that arise from the incorrect parsing of a UA string by a website. Weiss explains the potential benefits as follows:
Since it provides the information via dedicated fields, it enables better ergonomics and makes it less likely for servers to get it wrong and cause compatibility issues.
And finally, starting fresh will enable us to drop a lot of the legacy baggage that the UA string carries (“Mozilla/5.0”, “like Gecko”, “like KHTML”, etc) going forward.
We may earn a commission for purchases using our links. Learn more.