LGTM3. -mike
On Wed, May 4, 2022 at 11:37 AM Daniel Bratell <[email protected]> wrote: > LGTM2 > > /Daniel > On 2022-05-03 16:23, Yoav Weiss wrote: > > LGTM1 > > Thanks for aligning with the spec and tackling this change carefully. > Hoping it sticks. > > On Tue, May 3, 2022 at 4:18 PM Matt Reichhoff <[email protected]> > wrote: > >> Contact emails >> >> [email protected], [email protected] >> >> Explainer >> >> https://github.com/WICG/ua-client-hints#user-agent-client-hints >> >> Specification >> >> https://wicg.github.io/ua-client-hints/#grease >> >> Summary >> >> We seek to align our implementation of GREASE in User Agent Client Hints >> with the current spec, which includes additional GREASE characters beyond >> the current semicolon and space, and which recommends varying the arbitrary >> version. This is to help prevent bad assumptions from being built on top of >> User-Agent strings. >> >> After experimentation over the course of several releases, we propose to >> make the updated algorithm the default behavior starting with M103. See >> below for potential risks and their mitigation. >> >> Blink component >> >> Privacy>Fingerprinting >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Privacy%3EFingerprinting> >> >> TAG review >> >> N/A. This is a small change to a feature that was already reviewed by >> the TAG <https://github.com/w3ctag/design-reviews/issues/640>. >> >> TAG review status >> >> Not applicable >> >> Risks >> Interoperability and Compatibility >> >> A prior implementation including escaped ASCII 0x22 (double quote) and >> 0x5C (backslash) proved to be web incompatible and was rolled back. >> >> We do not anticipate similar issues with the updated algorithm, because >> experimentation was run in M98 and M99 (during February and March, 2022), >> and did not uncover statistically significant shifts in response codes, >> with the worst finding showing a potential effect size of an additional 2-3 >> requests per 100k returning 502 responses; it was marked low-to-medium >> statistical confidence and did not show up consistently across timeframes >> and platforms, leading us to believe it was noisy. We have also not been >> able to find bug reports tied to the changes. >> >> However, because there are hundreds of permutations of the GREASE string, >> we also performed the following set of safety checks: >> >> - >> >> Ran a multi-group experiment where each of the new characters was >> checked in the canary and dev channels; we again did not get statistically >> significant results for response codes. >> - >> >> Ran a fuzzer against the top 10,000 sites (per Tranco >> <https://tranco-list.eu/>) with each of the new characters and did >> not observe breakage. >> - >> >> Per experimental results, special attention was paid to 502 >> responses; none seen with the fuzzer were reproducible in canary with >> the >> updated algorithm, reinforcing our belief that the 502 metric was just >> occasionally noisy. >> - >> >> Implemented and will maintain for at least an additional 1 year an >> enterprise escape hatch to opt out of the new behavior; that timeframe >> will >> ensure sufficient coverage of permutations. >> - >> >> Implemented and will maintain for the same timeframe the ability to >> override the behavior via Finch if problems are uncovered. >> - >> >> Implemented once-per-version rotation of the string, meaning we would >> have the full release cycle to uncover any issues with a given >> permutation, >> much like we do with any other change to chromium. >> >> >> Gecko: Non-harmful ( >> https://mozilla.github.io/standards-positions/#ua-client-hints) >> >> WebKit: No signal on this particular change. But unofficially mildly >> positive >> <https://lists.webkit.org/pipermail/webkit-dev/2020-May/031201.html> on >> UA-CH as a whole. >> >> Web developers: No signals >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> No; Android WebView is not affected. >> >> >> Debuggability >> >> N/A; no change required >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >> ? >> >> Yes >> >> Flag name >> >> --enable-features="GreaseUACH:updated_algorithm/true" >> >> Requires code in //chrome? >> >> False >> >> Tracking bug >> >> https://bugs.chromium.org/p/chromium/issues/detail?id=1164423 >> >> >> >> Anticipated spec changes >> >> None >> >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5630916006248448 >> >> Links to previous Intent discussions >> >> Intent to prototype: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/ueudFsZzT1M >> Intent to Experiment: >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGg35ayyQVGYm%2BE7LreK50L0drNSuBJGHhrcqEK00pqefJ8fPQ%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/cagg35ayyqvgym+e7lrek50l0drnsubjghhrcqek00pqefj8...@mail.gmail.com> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGg35ax2ckar8632L81A4-Yo%3DFumAKr3AP_iwGnpZXvH%3DYePmg%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGg35ax2ckar8632L81A4-Yo%3DFumAKr3AP_iwGnpZXvH%3DYePmg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU8ePzEvS%3DL6jjTZa0sTsqO0TROmF66qLm7onxAXM2uPg%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU8ePzEvS%3DL6jjTZa0sTsqO0TROmF66qLm7onxAXM2uPg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6c00a5ba-a891-2681-9125-ca4a91827083%40gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6c00a5ba-a891-2681-9125-ca4a91827083%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3Df%2BZW1m-Tsk25ad1%3Diy2pYMt4Z568_ESsO1o6pNPQFMbw%40mail.gmail.com.
