Open LPardue opened 1 year ago
This might be an interesting use case / case study to try and distil, although it touches quite close to the fingerprinting angle we have stated was out of scope for this document.
What I'm thinking of is some of the browser folks' efforts to reduce variability of the user agent string (an infinitely variable protocol element). Lots more background on docs like https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity and https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html. From a cursory glance, Chrome, Firefox, and Safari have been going some work in this area.
What's also amusing is Chrome's choice to try and GREASE the new substitute sec-ch-ua field, for example . More about that in https://github.com/chromium/chromium/commit/19ad8d3cab21013ce2d40cf2ec84267bb04b08ec.
sec-ch-ua
Ad-hoc example I grabbed today
sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-platform: "Linux" sec-ch-ua-mobile: ?0 user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
This might be an interesting use case / case study to try and distil, although it touches quite close to the fingerprinting angle we have stated was out of scope for this document.
What I'm thinking of is some of the browser folks' efforts to reduce variability of the user agent string (an infinitely variable protocol element). Lots more background on docs like https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity and https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html. From a cursory glance, Chrome, Firefox, and Safari have been going some work in this area.
What's also amusing is Chrome's choice to try and GREASE the new substitute
sec-ch-uafield, for example . More about that in https://github.com/chromium/chromium/commit/19ad8d3cab21013ce2d40cf2ec84267bb04b08ec.Ad-hoc example I grabbed today