undefined | Better HN

0 pointsre-thc2y ago0 comments

> The browser provides the user agent as a header in HTTP requests.

They (Chrome) are taking it away [0].

[0]: https://developer.chrome.com/en/docs/privacy-sandbox/user-ag...

0 comments

19 comments · 2 top-level

infogulch2y ago· 11 in thread

I'm all on board calling Google out for slowly implementing a user data protection racket, where Google owns all the data and everyone else is squeezed out and has to go through Google as The central data broker. At the same time this user agent reduction thing seems like a decent idea at first blush and good for users privacy.

dpkirchner2y ago

TBH I'm surprised the User-Agent header has survived as long as it has. Referer, too.

omoikane2y ago

Referer is not quite the same as how it was. In recent years, the default behavior in most cases is for the browser to either send just the origin, or no referer at all.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...

"Origin" means no path, so the referer might tell me which search engine the user used, but not what search query was done. It's much better than in the old days, where I might even see someone's session ID in the referer.

1 more reply

ravenstine2y ago

That header and Referer were always a mistake. I don't think The Google's motivation is pure, but I agree in principle.

A lot of sites will break for people as a result, though. Maybe that's what The Google wants, though.

1 more reply

elashri2y ago

My web development knowledge is very limited. But isn't this the main method where simple websites (most static generators) used to decide if the user is browsing from a mobile or not and serve a version based on that?

I would appreciate it if someone explain what other things people do to tackle this, or if I'm completely wrong?

7 more replies

jamesfinlayson2y ago

I agree that user agent is not the best idea but it helps endlessly when you need to find out what browser a non techy person is using - just ask them to go to one of the endless sites that tells you what browser you're using based on the user agent string.

xref2y ago

Without Referer how will jwz dot org troll HN users?!

soulofmischief2y ago

If that were really their motive, a better strategy would be making user agent string customization a first-class feature.

fiddlerwoaroof2y ago

No, because approximately nobody would customize it.

1 more reply

hedora2y ago

They could also use the user agent: "", or omit the http header entirely.

eru2y ago

You can already do that with extension, can't you?

1 more reply

ben-schaaf2y ago

Will that finally bring an end to having to use user-agent-switcher to get some sites to work on Firefox?

matheusmoreira2y ago· 6 in thread

Excellent. Sites shouldn't know what user agent we're using anyway. Pretty much the only thing they use this for is to lock us out when we use "unsupported" browsers. The less information they get, the better. Hopefully they'll get rid of referrer too and weaken fingerprinting methods.

I have no doubt Google has self-serving motivations here but the result is still a win for us. I wish Firefox had enough leverage to force decisions like this down people's throats whether they like it or not but it just ain't so. Reality is imperfect so I'll take what I can get.

sanderjd2y ago

Yeah I tend to agree here... It really seems like none of the server's business what agent I'm using.

matheusmoreira2y ago

Yup. It's none of their business. They can't discriminate against us if they don't know anything about us.

1 more reply

technion2y ago

I've always advocated for feature detection. If you test for typeof Object.assign !== 'function' you can be sure you have a reasonably recent browser. If you want fetch, test for window.fetch.

This sort of thing always feels like it's going against the grain, with someone always asking "why wouldn't you do this properly. You know, build an allow list of user agents and match against them". I fully support people being forced into detecting the features they want and doing away with this nonsense,

matheusmoreira2y ago

I don't think web developers should be able to detect stuff like that either. Their ability to detect stuff provides identifying bits for fingerprinting. As far as I'm concerned, all the browsers should normalize the return values of those typeofs and all related functions so that Javascript can figure out exactly zero bits of information about the environment it's running on. Just like browsers will lie to Javascript when it tries to figure out your browsing history by checking the color of links.

The web platform gave web developers way too much freedom and they're abusing it. God giveth and god taketh away.

2 more replies

SoftTalker2y ago

There are plugins for Firefox that can make the user agent string anything you want.

matheusmoreira2y ago

It doesn't matter. Actually those plugins are straight up counterproductive.

The best user agent is the one that offers them the fewest identifying bits. In other words, the user agent of the most popular version of Chrome. The ability to set it to "anything we want" is actually a trap. What we really want is for everyone to use the exact same user agent so they can't tell us apart.

If everyone has the same user agent, it's nothing but a waste of bandwidth and it should be removed. Google is actually achieving our objective here.

2 more replies

j / k navigate · click thread line to collapse

0 comments

19 comments · 2 top-level

infogulch2y ago· 11 in thread

dpkirchner2y ago

TBH I'm surprised the User-Agent header has survived as long as it has. Referer, too.

omoikane2y ago

Referer is not quite the same as how it was. In recent years, the default behavior in most cases is for the browser to either send just the origin, or no referer at all.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...

1 more reply

ravenstine2y ago

That header and Referer were always a mistake. I don't think The Google's motivation is pure, but I agree in principle.

A lot of sites will break for people as a result, though. Maybe that's what The Google wants, though.

1 more reply

elashri2y ago

I would appreciate it if someone explain what other things people do to tackle this, or if I'm completely wrong?

7 more replies

jamesfinlayson2y ago

xref2y ago

Without Referer how will jwz dot org troll HN users?!

soulofmischief2y ago

If that were really their motive, a better strategy would be making user agent string customization a first-class feature.

fiddlerwoaroof2y ago

No, because approximately nobody would customize it.

1 more reply

hedora2y ago

They could also use the user agent: "", or omit the http header entirely.

eru2y ago

You can already do that with extension, can't you?

1 more reply

ben-schaaf2y ago

Will that finally bring an end to having to use user-agent-switcher to get some sites to work on Firefox?

matheusmoreira2y ago· 6 in thread

sanderjd2y ago

Yeah I tend to agree here... It really seems like none of the server's business what agent I'm using.

matheusmoreira2y ago

Yup. It's none of their business. They can't discriminate against us if they don't know anything about us.

1 more reply

technion2y ago

I've always advocated for feature detection. If you test for typeof Object.assign !== 'function' you can be sure you have a reasonably recent browser. If you want fetch, test for window.fetch.

matheusmoreira2y ago

The web platform gave web developers way too much freedom and they're abusing it. God giveth and god taketh away.

2 more replies

SoftTalker2y ago

There are plugins for Firefox that can make the user agent string anything you want.

matheusmoreira2y ago

It doesn't matter. Actually those plugins are straight up counterproductive.

If everyone has the same user agent, it's nothing but a waste of bandwidth and it should be removed. Google is actually achieving our objective here.

2 more replies

j / k navigate · click thread line to collapse