- From: Mike West <mkwst@google.com>
- Date: Thu, 29 Nov 2018 11:22:27 +0100
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com>
Hey folks, Section 9.7 of RFC7231 <https://tools.ietf.org/html/rfc7231#section-9.7> rightly notes that some of the content negotiation headers user agents deliver in HTTP requests create substantial fingerprinting surface. I think it would be beneficial if we took steps to reduce their prevalence on the wire, and Client Hints looks like a reasonable infrastructure on top of which to build. `User-Agent` and `Accept-Language` seem like particularly tasty and low-hanging fruit, and I've sketched out two proposals as proofs of concept: * `User-Agent` could be represented as ~four distinct hints: `UA`, `Model`, `Platform`, and `Arch`: https://github.com/mikewest/ua-client-hints is a high-level explainer, and https://tools.ietf.org/html/draft-west-ua-client-hints a sketchy ID for the new headers. * `Accept-Language` could be represented as a `Lang` hint: https://github.com/mikewest/lang-client-hint is a high-level explainer, https://tools.ietf.org/html/draft-west-lang-client-hint an equally sketchy ID for the new header. I'd appreciate y'all's feedback. Thanks! -mike
Received on Thursday, 29 November 2018 10:23:01 UTC