Hi Torne,
Yep, I agree we should come up with a plan to understand the WebView
context and how we can make progress on removing passive entropy in the
future.
thanks,
Mike
On 1/18/23 12:05 PM, Torne (Richard Coles) wrote:
I have some concerns that we won't be able to use this format for
Android WebView. I realise we're not currently shipping UA reduction
for WebView, but AFAIK we are still hoping to do so at some point in
the future.
WebView's UA format is mandated by Android's CTS compatibility tests.
I relaxed the test criteria some time ago to allow the device model
and Android build ID to be omitted (though WebView currently still
includes this information), but the test currently requires these
fields to either be entirely absent, or to exactly match the
underlying OS properties. It also does not allow the less-granular OS
version to be omitted or spoofed.
It'd be good to have a long term plan for what we're going to do with
the UA and with UA-CH in WebView that matches Chrome as closely as
possible.
On Tue, 17 Jan 2023 at 11:02, Victor Tan <victor...@chromium.org> wrote:
Contact emails
victor...@chromium.org <mailto:victor...@chromium.org>,
miketa...@chromium.org <mailto:miketa...@chromium.org>
Explainer
https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity
<https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity>
Specification
https://www.chromium.org/updates/ua-reduction
<https://www.chromium.org/updates/ua-reduction>is the closest
thing that specifies Chrome’s UA Reduction plans today. As these
changes land in Chromium and ship to 100% stable, the Compat
Standard <https://compat.spec.whatwg.org/>will be updated in the
UA String section
<https://compat.spec.whatwg.org/#ua-string-pattern-chrome>, like
we did for the Phase 4 and plan to do for Phase 5 changes.
Summary
As previously detailed on the Chromium Blog
<https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html>,
we intend to proceed with Phase 6 of the User-Agent Reduction plan
<https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-6>.
In Phase 6, we change the deviceModeltoken to “K” and change the
androidVersiontoken to a static “10” string in Android User-Agent
string. The navigator.platformwill be a “Linux armv81” constant on
the Android platform.
Blink component
Blink>Network>ClientHints
TAG review
https://github.com/w3ctag/design-reviews/issues/640
<https://github.com/w3ctag/design-reviews/issues/640>
TAG review status
Closed satisfied with concerns.
Risks
Interoperability and Compatibility
Any time you modify the User-Agent string there is a risk of
breaking existing patterns, like some content somewhere depending
on the previous format.
We do not expect interoperability risks, as each browser sends its
own User-Agent string format. However there is a risk that - on
the Android platform - content may rely on User-Agents to parse
deviceModel and androidVersion information. To mitigate the risk
of this change, we intend to slowly roll out the format via Finch
on the Android platform and observe health metrics and bug
reports. See timeline below on our slow roll out plan. This gives
us the option to roll this back for the Android platform if major
issues arise.
Displaying a static androidVersion and a deviceModel token for
Android clients will not create a problem syntactically. But the
web can get pretty weird in ways we don't anticipate. For example,
sites can rely on the deviceModel in the User-Agent string to
determine whether the device is a mobile, laptop or desktop.
Currently, we change the deviceModel to a static string, sites
need to use client hints as the alternative to determine the right
behavior. Hence the slow roll-out and incremental path towards
User-Agent Reduction.
Here is our proposed rollout plan in Chrome Stable channel
(Canary/Dev/Beta has been enabled 50%), with the understanding
that if we discover concerning breakage or regressions via health
metrics or bug reports we will pause the rollout or roll back the
feature entirely (and update this thread if so):
Stage
Duration
Date
Stable 1% (M110+)
M110 stable release is shipping to 100% (a best guess)
Feb 14, 2023
Stable 10% (M110/M111)
~4 weeks after previous stage
Mar 14, 2023
Stable 50%
(M110/M111)
~2 weeks
Mar 28, 2023
TOT Default (M114)
~2 weeks after previous stage
Apr 11, 2023
Stable 100% (M110=>M114)
~ Same business day as previous stage
Apr 11, 2023
Web stakeholders can still test with the user agent reduction
deprecation origin trial
<https://developer.chrome.com/origintrials/#/view_trial/2608710084154359809>until
M113 (late May) if they need more time to adapt to the coming
changes. The UA-RD OT allows web stakeholders to request the
legacy user-agent string values (i.e. non-reduced values).
Gecko: Shipped/Shipping. Firefox has frozen (or capped) much of
their UA string already.
WebKit: Shipped/Shipping. Safari has already frozen everything in
their desktop UA string except for Safari and WebKit versions.
Also, UA reduction phase 6 will only apply to the Android platform.
Web developers: Mixed signals. Various channels have different
reactions. It’s similar for the UA reduction phase 4 and phase 5.
Debuggability
No special DevTools support needed.
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, Chrome OS, Android, and Android
WebView)?
No (Only for Android)
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>?
No, because User-Agents vary across browsers.
Flag name
#reduce-user-agent-android-version-device-model
Notes: The existing flag #reduce-user-agent will provide the same
format User-Agent string on the Android platform since this is the
last phase for User-Agent reduction.
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1394819
<https://bugs.chromium.org/p/chromium/issues/detail?id=1394819>
Launch bug
https://launch.corp.google.com/launch/4225291
<https://launch.corp.google.com/launch/4225291>
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5177681979637760
<https://chromestatus.com/feature/5177681979637760>
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJh4P7F7jKA4985JjpdzTr_XDkP%3DfS2pKaoBMStad9%3DujUzjuw%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJh4P7F7jKA4985JjpdzTr_XDkP%3DfS2pKaoBMStad9%3DujUzjuw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEV-rjcX%3D1sj8bO%2BUdNRjgMwaRHm7ytB24oH4S1GvU0QrYKTzg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEV-rjcX%3D1sj8bO%2BUdNRjgMwaRHm7ytB24oH4S1GvU0QrYKTzg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e0c98393-25d2-a42f-997c-aac0a221d8e0%40chromium.org.
