Google is preparing to shut down a go-to tool for Edge developers and users as it announces plans to phase out usage of user-agent strings for the Chrome browser.
The tiny piece of text used to help mask some of Microsoft’s browser deficiencies by tricking a website upon initial connection is coming to an end as early as March 2020.
Perhaps, due to the past between Microsoft and Google, the move to deprecate user-agent strings by Google could understandably be perceived as a personal attack by some, but Google’s justification seems devoid of any previous tit-for-tat motives.
Coupled with a report from ZDNet and an enlightening Twitter thread from a member of the Chrome security team, we get some insight into Google’s bottom line intent.
I'm excited about this. The UA string is a mess, somewhat fingerprintable, and legitimate use cases can be better and more clearly served by moving the information to an HTTPS-only client hint (a la https://t.co/ExJkky8k5W). https://t.co/cqeawdL4KX
— Mike West (@mikewest) January 14, 2020
Over time, Google plans to phase out UA strings by first freezing any new development of the standard, then consolidating UA strings that will result in the randomization of data into generic values.
The last steps of this phase-out include Google implementing a tool developed in its Privacy Sandbox project dubbed Client Hints. Client Hints allows for limited website and advertiser browser queries that help to protect a greater amount of user data than what is currently happening with the use of user-agent strings.
In the near future, subsequent Chrome releases will shift accordingly:
- Chrome 81 (mid-March 2020) – Google plans to show warnings in the Chrome console for web pages that read the UA string, so developers can adjust their website code.
- Chrome 83 (early June 2020) – Google will freeze the Chrome browser version in the UA string and unify OS versions
- Chrome 85 (mid-September 2020) – Google will unify the UA desktop OS string as a common value for desktop browsers. Google will also unify mobile OS/device strings as a similarly common value.
Ultimately, Google is looking to improve personal privacy online by minimizing the level of specificity of user data given to websites, advertisers and even hackers and less about walling off Chrome-first browser experiences.
Furthermore, would-be browser rivals Microsoft, Apple, and even Mozilla seem to be in favor of Google’s move. However, at the time of the announcement, no of the browser makers have made any public statements about their own solutions or time frames for workarounds.