Google has announced plans today to phase out the usage of user-agent strings in its web browser Chrome.
For readers unfamiliar with the term, user-agent (UA) strings are an important part of the modern web and how browsers function.
A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA string contains details about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows 10 looks like this:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/72.0
UA strings were developed as part of the Netscape browser in the ’90s, and have been in use ever since. For decades, websites have used UA strings to fine-tune features based on a visitor’s technical specifications.
But now, Google says that this once-useful mechanism has become a constant source of problems on different fronts.
For starters, UA strings have been used by online advertisers as a way to track and fingerprint website visitors.
On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites), and sites (including Google properties) being broken in some browsers for no good reason,” said Yoav Weiss, a Google engineer working on the Chrome browser.
To address these issues, Google said it plans to phase out the importance of UA strings in Chrome by freezing the standard as a whole.
Google’s plan is to stop updating Chrome’s UA component with new strings (the UA string text that Chrome shares with websites).
The long-term plan is to unify all Chrome UA strings into generic values that don’t reveal too much information about a user.
This means that new Chrome browser releases on new platforms such as new smartphone models or new OS releases will use a generic UA string, rather than one that’s customised for that specific platform.
For example, in the future, a website won’t be able to tell if a visitor using Chrome is running Chrome on Windows 7 or Windows 11, or if a Chrome mobile user is using Samsung Galaxy phone or a Pixel 9 handset.
Websites will be able to tell that a user is running Chrome, and if they’re on a desktop or mobile device, but that’s about it.
For legacy purpose, existing Chrome UA strings will continue to work, so they won’t break existing technologies and scripts running across the web.
Here’s Google’s current plan on dealing with the UA string deprecation:
- Chrome 81 (mid-March 2020) – Google plans to show warnings in the Chrome console for web pages that read the UA string, so developers can adjust their website code.
- Chrome 83 (early June 2020) – Google will freeze the Chrome browser version in the UA string and unify OS versions
- Chrome 85 (mid-September 2020) – Google will unify the UA desktop OS string as a common value for desktop browsers. Google will also unify mobile OS/device strings as a similarly common value.
GOODBYE, UA STRINGS! HELLO, CLIENT HINTS!
The deprecation of the UA string mechanism is part of a push at Google to improve privacy on the web, but without killing online advertising, the lifeblood of most free websites today.
UA strings in Chrome will be replaced with a new mechanism called Client Hints. Client Hints is a mechanism through which websites can request information about a user, but without “the historical baggage and passive fingerprinting surface exposed by the venerable `User-Agent` header,” as the official standard reads.