Intent to Ship: User Agent Client Hints GREASE Update

[Matt Reichhoff]

Contact emails

mreic...@chromium.org, mike...@chromium.org

Explainer

https://github.com/WICG/ua-client-hints#user-agent-client-hints

Specification

https://wicg.github.io/ua-client-hints/#grease

Summary

We seek to align our implementation of GREASE in User Agent Client Hints with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This is to help prevent bad assumptions from being built on top of User-Agent strings. 

After experimentation over the course of several releases, we propose to make the updated algorithm the default behavior starting with M103. See below for potential risks and their mitigation.

Blink component

Privacy>Fingerprinting

TAG review

N/A. This is a small change to a feature that was already reviewed by the TAG.

TAG review status

Not applicable

Risks

Interoperability and Compatibility

A prior implementation including escaped ASCII 0x22 (double quote) and 0x5C (backslash) proved to be web incompatible and was rolled back.

We do not anticipate similar issues with the updated algorithm, because experimentation was run in M98 and M99 (during February and March, 2022), and did not uncover statistically significant shifts in response codes, with the worst finding showing a potential effect size of an additional 2-3 requests per 100k returning 502 responses; it was marked low-to-medium statistical confidence and did not show up consistently across timeframes and platforms, leading us to believe it was noisy. We have also not been able to find bug reports tied to the changes.

However, because there are hundreds of permutations of the GREASE string, we also performed the following set of safety checks:

• Ran a multi-group experiment where each of the new characters was checked in the canary and dev channels; we again did not get statistically significant results for response codes.

• Ran a fuzzer against the top 10,000 sites (per Tranco) with each of the new characters and did not observe breakage.

• Per experimental results, special attention was paid to 502 responses; none seen with the fuzzer were reproducible in canary with the updated algorithm, reinforcing our belief that the 502 metric was just occasionally noisy.

• Implemented and will maintain for at least an additional 1 year an enterprise escape hatch to opt out of the new behavior; that timeframe will ensure sufficient coverage of permutations.

• Implemented and will maintain for the same timeframe the ability to override the behavior via Finch if problems are uncovered.

• Implemented once-per-version rotation of the string, meaning we would have the full release cycle to uncover any issues with a given permutation, much like we do with any other change to chromium.

Gecko: Non-harmful (https://mozilla.github.io/standards-positions/#ua-client-hints)

WebKit: No signal on this particular change. But unofficially mildly positive on UA-CH as a whole.

Web developers: No signals

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No; Android WebView is not affected.

Debuggability

N/A; no change required

Is this feature fully tested by web-platform-tests?

Yes

Flag name

--enable-features="GreaseUACH:updated_algorithm/true"

Requires code in //chrome?

False

Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1164423

Anticipated spec changes

None

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5630916006248448

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/ueudFsZzT1M

Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGg35ayyQVGYm%2BE7LreK50L0drNSuBJGHhrcqEK00pqefJ8fPQ%40mail.gmail.com

[Yoav Weiss]

LGTM1

Thanks for aligning with the spec and tackling this change carefully. Hoping it sticks. 

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGg35ax2ckar8632L81A4-Yo%3DFumAKr3AP_iwGnpZXvH%3DYePmg%40mail.gmail.com.

[Daniel Bratell]

LGTM2

/Daniel

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU8ePzEvS%3DL6jjTZa0sTsqO0TROmF66qLm7onxAXM2uPg%40mail.gmail.com.

[mkwst via Chromestatus]

LGTM3.

[Joe Medley]

In which version are you wanting to ship?

On Wednesday, May 4, 2022 at 6:06:30 AM UTC-7 mkwst via Chromestatus wrote:

LGTM3.

[Matt Reichhoff]

M103. 

I will be sure to let you know if that changes for some reason.

Thanks!

--

You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/3108ff66-551a-4e36-adeb-cdac929cdee5n%40chromium.org.

[Mike West]

LGTM3.

-mike

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6c00a5ba-a891-2681-9125-ca4a91827083%40gmail.com.

[Matt Reichhoff]

As a small update, we recently encountered a few instances of leading special characters causing issues (1,2) with sites. Accordingly, we slightly modified the spec to disallow leading GREASE characters. We don't believe a separate Intent to [Prototype|Experiment|Ship] is needed, because all new strings would be valid under the prior spec as well. Please let us know of any disagreement; otherwise, we will make the corresponding code change in m105.