- From: Scott Low <notifications@github.com>
- Date: Thu, 13 Feb 2020 10:26:57 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 13 February 2020 18:27:09 UTC
> Do you think that with engines instead of browser brands, website operators will suddenly all become responsible citizens of the web? Nope. I will readily admit that both the `Sec-CH-UA-Engine` and `Sec-CH-UA` proposals suffer from the fact that there are no technical provisions in place to prevent allow/block lists from being created as they can be from the `User-Agent` today. My main point is that exposing both brand and engine in a single hint doesn't encourage developers to change their behavior in any way for the better of compatibility. We can provide guidance encouraging them to target true equivalence classes by default, however providing both brand and engine in a single hint feels an awful lot like providing per-browser identifiers in the `User-Agent` header today, but recommending that feature detection be used instead. By only exposing `Sec-CH-UA-Engine` by default, we are at least adding a hurdle (in the form of having to opt in to receiving brand information) between sites and per-browser identifiers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/467#issuecomment-585902352
Received on Thursday, 13 February 2020 18:27:09 UTC