Re: [w3ctag/design-reviews] User-Agent Client Hints & UA Reduction (#640)

> Can you re-phrase, perhaps with an example? I don't fully grok your request. As I understand it, client hints is granular and allows for granular opt-in.

Currently, UA Client Hints doesn't send `Sec-CH-UA-Platform` by default has an opt-in mechanism where the server sends e.g. `Accept-CH: Sec-CH-UA-Platform` and then the browser starts sending the platform in `Sec-CH-UA-Platform`.

The corresponding alternative that I'd like to understand the evaluation of would be:
1. By default send a `User-Agent` header that claims Windows even on non-Windows platforms.
2. If the server sends `Accept-UA: platform` (making up syntax for illustration), subsequently the browser sends a `User-Agent` header with the real platform (which may still be Windows). (And don't send any `Sec-CH-UA-*` headers.)

Currently, UA Client Hints proposes `getHighEntropyValues` for obtaining the platform via JS.

The corresponding alternative that I'd like to understand the evaluation of would be:
1. By default, make `navigator.platform` return a value corresponding to Windows regardless of actual platform.
2. If the page calls `navigator.getHighEntropyValues(["platform"])` and the resulting promise has successfully resolved, thereafter make `navigator.platform` return a value corresponding to the actual platform (which could actually be Windows). (And adjust the value returned by `navigator.userAgent` accordingly as well.)

(The point here being that this kind of arrangement would leave less detritus around if the initiative fails whereas there is currently a real risk that if the initiative fails, the headers that Chrome now sends by default, `Sec-CH-UA` and `Sec-CH-UA-Mobile`, will stick around approximately forever.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/640#issuecomment-901648775