Page MenuHomePhabricator
Create Task
Maniphest T242825

Deal with Google Chrome User-Agent deprecation
Closed, ResolvedPublic
Actions

Description

Background

Google Chrome is changing the way it shares user-agents for increased privacy of users. You can read more about it here: https://www.chromestatus.com/feature/5704553745874944

Google Chrome has released Client Hints to provide device information. This first release “is intended to allow for developers to experiment and provide feedback”: https://groups.google.com/a/chromium.org/g/blink-dev/c/-2JIRNMWJ7s/m/u-YzXjZ8BAAJ

Technical practicalities

How it works (simple overview)

  • A user sends a request to our site via their browser (e.g. “show me an article”)
  • Our server sends a response that includes the article and a header that asks the browser to send some user data on the next request
  • If the user makes subsequent requests (e.g. “show me another article” or “show me the editor so I can edit this article”) they will also include this user data

Differences from receiving the user agent string

  • The site asks explicitly for the information, meaning that this can be flagged up to the user
  • The site specifies which information it needs, out of this list
  • Browsers may legitimately decline to send the information (e.g. if considered unnecessary or if the site is asking for too much)
  • If the user only ever sends one request, we will not receive any extra data
Rollout plan

Client hints is an experimental feature on Chrome 84, meaning that the browser will only send client hint data if the user has enabled Experimental Web Platform features (disabled by default).

Google Chrome Stable VersionStable promotionWhat happens then?
Chrome 84July 14, 2020Sec-CH-UA Client Hints
Chrome 92October 6, 2020Audit site to understand where migration may be necessary
Chrome 95October 19, 2020Origin trial to experiment with Client Hints and provide feedback
Chrome 100March 29, 2022Deprecation trial (opt-in)
Chrome 101April 26, 2022Reduced Chrome version number rollout
Chrome 107October 25, 2022Reduced Desktop User-agent string rollout
Chrome 110Feb 7, 2023Reduced Mobile User-agent string rollout
Chrome 115May 2, 2023Deprecation trial ends. Everyone receives reduced user-agents

Chrome versions release schedule

Implications on CheckUser

User-agent strings are important pieces of information for checkusers and stewards in their work of detecting and blocking sock accounts. To continue to get that important data, we should implement support for client-hints on our end.

Even with client hints, the fingerprinting data may become unavailable to CheckUser in ways beyond our control (see Differences from receiving the user agent string). This should be discussed with checkusers.

Implications on privacy awareness

By actively asking for data, we expose Wikimedia to scrutiny over when/why we're asking for it. Anti-vandalism is an important reason. The vast majority of requests to our site don't result in making changes stored in CheckUser.

Fingerprinting for fighting vandalism is considered a legitimate but unfortunate use case, and may not always be supported in the future: https://github.com/WICG/ua-client-hints#fingerprinting

Investigations
Further reading

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
taavi subscribed.Jul 22 2020, 5:03 PM
Tchanders updated the task description. (Show Details)Jul 22 2020, 5:26 PM

Task description has been updated with more context following further discussions with AHT.

Tchanders added subtasks: T258591: Technical investigation into an experiment for using client hints in CheckUser [8H], T258592: Investigate how users perform actions logged in CheckUser, ahead of UA deprecation [8H].Jul 22 2020, 5:30 PM
GeneralNotability subscribed.Jul 22 2020, 6:18 PM
mdaniels5757 subscribed.Jul 22 2020, 6:28 PM
Tchanders updated the task description. (Show Details)Jul 29 2020, 10:24 AM
Niharika added a comment.Aug 12 2020, 4:02 AM

I'm flagging this for Analytics. This deprecation will probably impact how device classification for browsers works in a bunch of our stats tools, like this one.

kzimmerman added a project: Product-Analytics.Oct 1 2020, 9:31 PM
Niharika closed subtask T258591: Technical investigation into an experiment for using client hints in CheckUser [8H] as Resolved.Oct 2 2020, 7:44 PM
nshahquinn-wmf added a project: Analytics.Oct 6 2020, 5:13 PM
LGoto moved this task from Triage to Tracking on the Product-Analytics board.Oct 6 2020, 5:13 PM
fdans edited projects, added Analytics-Radar; removed Analytics.Oct 8 2020, 4:47 PM
DannyS712 subscribed.Oct 8 2020, 9:44 PM
Instance subscribed.Oct 22 2020, 10:01 AM

Well, safari does the same.

YFdyh000 subscribed.Feb 12 2021, 11:26 AM
Isaac subscribed.Apr 5 2021, 6:13 PM
Niharika added a project: AHT-Roadmap.Apr 15 2021, 1:51 PM
dbarratt unsubscribed.Apr 15 2021, 2:16 PM
Isaac mentioned this in T280385: Apache Beam go prototype code for DP evaluation.Apr 20 2021, 7:55 PM
Niharika removed a project: AHT-Roadmap.Apr 29 2021, 5:31 PM
Ricordisamoa subscribed.Jun 7 2021, 5:56 PM
R4356th subscribed.Jul 20 2021, 1:51 PM
NMW03 subscribed.Sep 23 2021, 6:29 AM
Isaac mentioned this in T292449: Revisit approach to automated bot detection.Oct 4 2021, 3:32 PM
Samwalton9-WMF subscribed.Oct 5 2021, 2:19 PM
Kormat subscribed.Oct 14 2021, 9:48 PM
ggellerman mentioned this in Unknown Object (Task).Oct 14 2021, 10:31 PM
dr0ptp4kt added subscribers: CBlanton, SCherukuwada, SWakiyama and 9 others.Oct 15 2021, 7:30 PM

@ovasileva @SCherukuwada @Jdlrobson @SWakiyama @CBogen @MarkTraceur @DVrandecic @CBlanton @Jdforrester-WMF probably good to have in at least a watching column. I got a ping to raise awareness. Others such as TProgM (hi @LGoto I saw you were already triaging a related task) or Product Analytics (hi @kzimmerman and others on task !) may broach this as well, but doing my part and raising awareness in case there are UX or feature detection or instrumentation pieces requiring attention.

dr0ptp4kt added a subscriber: jlinehan.Oct 15 2021, 7:31 PM

@jlinehan heads up.

LGoto added a project: Web-Team-Backlog.Oct 15 2021, 7:37 PM
Jdlrobson moved this task from Incoming to Not ready to estimate on the Web-Team-Backlog board.Oct 15 2021, 10:32 PM
TheresNoTime subscribed.Oct 16 2021, 4:03 PM
Niharika updated the task description. (Show Details)Oct 18 2021, 10:09 PM
Niharika updated the task description. (Show Details)Oct 18 2021, 10:58 PM

I have updated the task to reflect the latest timelines as published by the Google Chrome team.

CBogen added a project: Structured-Data-Backlog (Current Work).Oct 22 2021, 2:54 PM
CBogen moved this task from Incoming to Epics on the Structured-Data-Backlog (Current Work) board.
CBogen added a subscriber: SimoneThisDot.
fkaelin subscribed.Oct 25 2021, 4:20 PM
sdkim mentioned this in T295073: <Org-Wide Impact> Google Chrome User-Agent Deprecation Impact.Nov 4 2021, 6:43 PM
ovasileva moved this task from Not ready to estimate to Tracking on the Web-Team-Backlog board.Nov 16 2021, 10:29 AM
Zabe subscribed.Dec 1 2021, 1:12 PM
DAbad added a parent task: T295073: <Org-Wide Impact> Google Chrome User-Agent Deprecation Impact.Dec 16 2021, 4:40 PM
brion changed the status of subtask T296837: Investigate OGV library use of deprecated navigator.userAgent from Open to In Progress.Jan 12 2022, 6:35 PM
TheDJ closed subtask T296837: Investigate OGV library use of deprecated navigator.userAgent as Resolved.Jan 13 2022, 12:00 AM
Izno subscribed.Jan 13 2022, 2:16 AM
MGerlach subscribed.Jan 13 2022, 3:01 PM
KrakatoaKatie subscribed.Jan 17 2022, 10:22 PM
JAllemandou added a subtask: T299397: Measure user-agent client hints already sent in browsers requests.Jan 18 2022, 1:42 PM
JFishback_WMF subscribed.Jan 18 2022, 4:35 PM
Htriedman subscribed.Jan 18 2022, 5:25 PM
Stang subscribed.Jan 20 2022, 4:43 PM
Lectrician1 subscribed.Jan 29 2022, 2:05 AM
Baggaet subscribed.Jan 31 2022, 2:17 PM
JAllemandou mentioned this in T174796: Productionize navigation vectors.Feb 7 2022, 10:11 AM
CBogen closed subtask T296835: Update EmbedPlayer to remove the use of Navigator.userAgent as Declined.Feb 14 2022, 5:24 PM
Nux subscribed.Feb 17 2022, 8:20 PM
Seddon changed the status of subtask T296840: [S] Investigate and update jQuery.lazyload library from UploadWizard from using deprecated navigator.appVersion from Open to In Progress.Feb 18 2022, 1:07 PM
TheresNoTime added a project: Stewards-and-global-tools.Mar 3 2022, 7:35 PM
Dreamy_Jazz mentioned this in T303192: Show the reason(s) for failed logins in checkuser results.Mar 7 2022, 4:04 PM
Etonkovidova closed subtask T296840: [S] Investigate and update jQuery.lazyload library from UploadWizard from using deprecated navigator.appVersion as Resolved.Mar 31 2022, 8:13 PM
CBogen edited projects, added Structured-Data-Backlog; removed Structured-Data-Backlog (Current Work).Jun 27 2022, 4:52 PM
CBogen moved this task from Triage to Tracking on the Structured-Data-Backlog board.
dmehus subscribed.Aug 2 2022, 1:39 AM
AntiCompositeNumber subscribed.Oct 12 2022, 7:37 PM
Guerillero subscribed.Oct 13 2022, 12:14 AM
Blablubbs subscribed.Nov 24 2022, 2:14 PM
Dreamy_Jazz mentioned this in T326379: Normalise the XFF and user agent columns.Jan 6 2023, 1:16 AM
Dreamy_Jazz added a subtask: T274633: Record browser fingerprints instead of pure UA for checkuser .Jan 31 2023, 12:22 AM
Dreamy_Jazz added a subtask: T258105: Implement storage for User-Agent Client Hints header data.
Dreamy_Jazz mentioned this in T26411: List recent User-Agents for a user or IP.Jan 31 2023, 12:58 AM
odimitrijevic subscribed.Feb 2 2023, 3:38 PM
Aklapper added a project: Data-Engineering-Icebox.Feb 10 2023, 5:44 PM
DatGuy subscribed.Feb 10 2023, 7:05 PM
Tgr subscribed.May 1 2023, 9:51 PM
kostajh subscribed.May 3 2023, 12:30 PM
kostajh closed subtask T299397: Measure user-agent client hints already sent in browsers requests as Resolved.Jun 1 2023, 10:25 AM
kostajh changed the status of subtask T257893: [EPIC] Support User-Agent Client Hints header in CheckUser from Open to In Progress.Jun 1 2023, 10:43 AM
kostajh removed a subtask: T258105: Implement storage for User-Agent Client Hints header data.
kostajh added a project: Epic.Jun 1 2023, 12:54 PM
kostajh closed subtask T296839: [S] Update deprecated Navigator.userAgent from MultimediaViewer as Declined.Jun 1 2023, 1:56 PM
kostajh closed subtask T296838: Investigate and update videoJs library from using deprecated navigator.userAgent as Resolved.Jun 1 2023, 2:01 PM
Tchanders closed subtask T258592: Investigate how users perform actions logged in CheckUser, ahead of UA deprecation [8H] as Declined.Jun 8 2023, 11:25 AM
Novem_Linguae subscribed.Jun 28 2023, 9:12 PM
dr0ptp4kt unsubscribed.Jul 28 2023, 4:02 PM
kostajh added a comment.EditedSep 26 2023, 10:40 AM

We are actively working on T257893: [EPIC] Support User-Agent Client Hints header in CheckUser and preparing for rollout to production wikis in the next weeks.

This task is somewhat open-ended; it's hard to know what would mark its completion. I would propose we close it in favor of tracking follow-up work with Google-Chrome-User-Agent-Deprecation.

For that reason, I will remove T257893: [EPIC] Support User-Agent Client Hints header in CheckUser as a subtask of this task. (If someone disagrees about organizing things in this way, please say so / change it back.)

kostajh removed a subtask: T257893: [EPIC] Support User-Agent Client Hints header in CheckUser.Sep 26 2023, 10:40 AM
kostajh mentioned this in Google-Chrome-User-Agent-Deprecation.
kostajh added a project: Google-Chrome-User-Agent-Deprecation.Sep 26 2023, 10:43 AM
drochford unsubscribed.Sep 26 2023, 3:15 PM
Novem_Linguae unsubscribed.Sep 26 2023, 3:26 PM
kostajh closed this task as Resolved.Feb 2 2024, 8:04 AM
kostajh claimed this task.

I'm marking this resolved, as we've dealt with this in subtasks (and in T257893: [EPIC] Support User-Agent Client Hints header in CheckUser).

kostajh mentioned this in T357771: Analyze how many distinct devices edit per day from a given IP address.Feb 16 2024, 1:09 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL