Re: [w3ctag/design-reviews] User-Agent Client Hints & UA Reduction (#640) from Jo (51D) Rabin on 2021-12-13 (public-webapps-github@w3.org from December 2021)

From: Jo (51D) Rabin <notifications@github.com>
Date: Mon, 13 Dec 2021 11:43:04 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/640/992811213@github.com>

We think that what is proposed is a very major change to the way the Web works. On the face of it what is contemplated is "merely" a change to the use of the User-Agent HTTP header field and introduction of other HTTP fields, altering the interaction between client and server.

However the consequences are much wider than this and affect almost all the related systems that go to make the Web work. We are therefore very concerned that the proposals will “break the Web” in various ways, and therefore require very close scrutiny.

• Use of the User-Agent field in its present form is understood to be an accretion of various custom and practice over many years, it is untidy but it works.
• It’s understood to be a potential privacy problem as potentially exploited by unscrupulous Web site operators. It’s said to be a cause of mis-operation. It’s said to be the cause of other problems, however evidence has not been presented as to the extent or severity of any of such effects.
• It’s known to be useful to honest Web site operators in detecting fraud and other unscrupulous behaviour by fraudulent Web client software, robots etc. These anti-fraud applications will cease to operate in their present form.
• It is known to be widely used by benign applications to support the effective operation of the Web in other ways - e.g. CDN has been mentioned in this context. These applications also require the User-Agent in its present form.

We think that proper standardisation scrutiny of changes to established standards and their established use is required:

• The changes proposed in the form in which they have been proposed have not been justified – for example browser vendors are free to change their User-Agent header to reduce passive profiling, no change to HTTP headers is needed.
• We have not seen a measured argument of how the supposed positive effects of any such changes are to be weighed against the undoubtedly negative effects of the changes. The form in which changes have been proposed stand a good chance of “breaking the Web”.
• None of the proposals entailed, either at IETF or at W3C have been proposed for standards track scrutiny. Because of the highly disruptive potential of these changes, standardisation scrutiny is required.

We note that the changes discussed, although still in draft and unstandardised form are finding their way into live implementations.

We will be grateful for TAG consideration of these points.

Many thanks

Jo Rabin
CTO 51Degrees

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/640#issuecomment-992811213

Received on Monday, 13 December 2021 19:43:17 UTC