- From: Henri Sivonen <notifications@github.com>
- Date: Wed, 11 Aug 2021 00:54:23 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 11 August 2021 07:54:35 UTC
> I also wonder if this pushes developers to get more creative in their fingerprinting techniques to work around engine bugs, or sniffing for platform features where the feature detection story isn't great. Authors assuming a correlation between e.g. engine-specific properties existing on `window` and a particular quirk existing indeed is more problematic to deal with after the quirk is gone than faking `User-Agent` or `Sec-CH-UA`. >> Currently, conditional exposure of low vs. high entropy UA Client Hints is being proposed. Apart from the structuredness concern, what would be worse if the same mechanism controlled low vs. high entropy User-Agent value instead? > > Are you suggesting a default low-entropy UA string (this is Chrome's current thinking for the Reduced UA string), and a client hint to opt into a high-entropy UA string? Do you think a site should get all the entropy, even if it might just need platform version, for example? I'm asking what if the opt-in mechanism was the same (or functionally equivalent) to what you a proposing for high-entropy UA Client Hints. So to the extent what you are proposing is granular, I'm asking about a granular opt-in scenario for now. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/640#issuecomment-896585808
Received on Wednesday, 11 August 2021 07:54:35 UTC