Chromium Developers unify and freeze from changes the contents of the User-Agent HTTP header, which transmits the name and version of the browser, as well as restrict access to the navigator.userAgent property in JavaScript. Remove User-Agent header for now . The initiative is already supported by the developers ΠΈ , and is also already implemented in Safari.
As per current plan, Chrome 81 scheduled for March 17th will deprecate property access
navigator.userAgent, Chrome 81 will stop updating the browser version and unify operating system versions, and in
Chrome 85 will unify the string with the operating system identifier (it will only be possible to determine the desktop and mobile OS, and for mobile versions, information about the typical dimensions of the device may be provided.
Among the main reasons for unifying the User-Agent header is its use for passive user identification (passive fingerprinting), as well as the practice of forging the header by less popular browsers to ensure the performance of individual sites (for example, Vivaldi is forced to present itself to sites as Chrome). At the same time, the forgery of the User-Agent in second-tier browsers is also stimulated by Google itself, since according to the User-Agent login to your services. The unification will also get rid of obsolete and meaningless attributes in the User-Agent string, such as "Mozilla / 5.0", "like Gecko" and "like KHTML".
As a replacement for the User-Agent, a mechanism is proposed , implying selective return of data about specific browser and system parameters (version, platform, etc.) only after a request by the server and giving users the opportunity to selectively provide such information to site owners. When using User-Agent Client Hints, the identifier is not passed by default without an explicit request, which makes passive identification impossible (only the browser name is specified by default).
As for active identification, the additional information returned in response to the request depends on the browser settings (for example, the user may refuse to transfer data at all), and the transmitted attributes themselves cover the same amount of information as the User-Agent string currently. The amount of data transferred is subject to a limit , which defines a limit on the amount of data given back that can potentially be used for identification - if the issuance of further information can lead to a violation of anonymity, then further access to certain APIs is blocked. The technology is being developed as part of a previously presented initiative aimed at achieving a compromise between the need for users to maintain privacy and the desire of advertising networks and sites to track the preferences of visitors.
Source: opennet.ru