Introduction
The user agent (UA) string is currently used to fight vandalism via CheckUser. It is stored for 90 days in the cu_changes table, and available to view by checkusers via the CheckUser extension. The UA is only stored in cu_changes for requests that perform a loggable action (e.g. editing, page creation, blocking, logging in, etc).
The UA string is passively received for all requests. Google Chrome intends to deprecate the UA string, and replace it with client hints. Client hint data must be actively asked for, via a header in the response. See T242825 for full details.
Loggable actions
Client hint data are not available on the first request, only subsequent requests. Loggable actions could be performed:
- On the first request (e.g. via an API)
- After a request that indicates it's about to be performed (e.g. posting an edit after requesting an edit page)
- Not on the first request, but also not after any requests that indicate it will be performed
Situation (3) led to a suggestion to ask for client hints in all responses - T257893
However, doing this could pose a risk to Wikimedia's perceived privacy practices because:
- Our actively asking for the data could be flagged to users
- Most of the requests we get are for reading articles and won't be followed up by loggable actions
- Client hints are being introduced to try to persuade sites to ask only for the data they need, when they need it
Investigation
This task is for investigating how to determine how common the 3 situations are relative to each other.
Note that client hints are new and experimental, and their use will be investigated in T258591