miketaylr
commented
3 years ago Thanks for filing @martinthomson, this is great feedback. I should be able to address it this week or next.
Closed martinthomson closed 3 years ago
miketaylr
commented
3 years ago Thanks for filing @martinthomson, this is great feedback. I should be able to address it this week or next.
miketaylr
commented
3 years ago I'll also work on https://github.com/WICG/ua-client-hints/issues/266 based on @martinthomson's feedback on the PR.
After talking to @yoavweiss and @miketaylr about this I learned that the intent here is not to increase the amount of information that browsers expose to sites. The breadth of information listed in the specification makes it seem like this would be an increase in information for some browsers (Firefox stopped sharing full browser version information a long time ago). Having information like that listed makes it seem like the intent is to make that information consistently available.
I understand that the intent is to provide the same information as previously, with some information maybe being removed (WOW indicators on Windows, for instance, to start with). The document should state that up front.
The specification should also make it clear, for each field, that the information will not be provided if browsers don't want to provide it, which might be the case if the information was not previously available. This is there in S4.1.6, step 2, but it isn't especially prominent.
There are reasons why variations between browser policies for different fields might cause problems, but as this is limited to UA-specific details, it might be acceptable in this case.
Note: Some of our objections to this API are on the basis that the information being provided is both harmful from a privacy perspective and not useful to include. But we do have to acknowledge that the privacy harms in question already exist and that this is an attempt to find a way to remove the offending information in a managed fashion. The goal is to decouple a bunch of interconnected compatibility hazards to make that removal easier. I personally don't think that this gamble will work: people who have a developed a dependency on certain information aren't necessarily inclined to stop using that information, so removal of information is not made easier by this change. My guess is that the result will only be that more bytes are spent (minimally the three default fields) with the only benefit being a modest improvement clarity and reliability for those who move to using the new syntax.