Google has announced the addition of an experimental "Follow" feature to Chrome with a built-in RSS client. Users will be able to subscribe to RSS feeds of the sites they are interested in via the Follow button in the menu and track new posts in the Following section of the new tab page. Testing of the new feature will begin in the coming weeks and will be limited to select Chrome for Android users who live in the US and use the Canary experimental branch.
Google has also published a plan to truncate the contents of the HTTP User-Agent header. The reform of User-Agent support was originally planned to take place a year ago, but due to the COVID-19 pandemic, the implementation of User-Agent-related changes was delayed. It is noted that Safari and Firefox have already removed the details of the OS version from the User-Agent.
In Chrome 89, the User-Agent Client Hints mechanism was enabled by default as a replacement for the User-Agent, and now Google intends to move on to experimenting with cutting down functionality related to the User-Agent. User-Agent Client Hints allows you to organize selective return of data about specific browser and system parameters (version, platform, etc.) only after a request by the server. The user, in turn, can determine what information can be provided to site owners.
When using User-Agent Client Hints, the identifier is not passed by default without an explicit request, and only basic parameters are specified by default, which makes passive identification difficult. For sites that need to get detailed information about the browser in the first request, "Client Hints Reliability" extensions have been developed, which include the Critical-CH HTTP header returned by the server, informing that the site needs to pass Client Hint parameters in a separate request, and the ACCEPT_CH extension in HTTP/2 and HTTP/3, at the connection level, passing information about the "Client Hint" parameters that the server needs to receive.
Until the migration to the Client Hints mechanism is complete, Google does not intend to change the behavior of the User-Agent in stable releases. At least in 2021, no changes will be made to the User-Agent. But Chrome's test branches will start experimenting with trimming the information in the User-Agent header and JavaScript parameters navigator.userAgent, navigator.appVersion and navigator.platform. After cleaning, you will still be able to find out from the User-Agent line the name of the browser, the significant version of the browser, the platform and type of device (mobile phone, PC, tablet). You will need to use the User Agent Client Hints API to get additional data.
There are 7 stages of phasing out the User-Agent:
- In Chrome 92, the DevTools Issues tab will start showing deprecation warnings for navigator.userAgent, navigator.appVersion, and navigator.platform.
- In the Origin Trial mode, sites will be given the opportunity to enable the reduced User-Agent transfer mode. Testing in this mode will last at least 6 months. Based on feedback from test participants and the community, a decision will be made as to whether the following steps are appropriate.
- Sites that have not yet migrated to the Client Hints API will be provided with a reverse Origin Trial, giving at least 6 months to return to the previous behavior.
- The Chrome version number in the User-Agent will be shortened to the form MINOR.BUILD.PATCH (for example, 90.0.4430.93 will be 90.0.0 instead).
- Version information will be truncated in the navigator.userAgent, navigator.appVersion, and navigator.platform desktop APIs.
- The transmission of mobile platform information to Chrome for Android will be reduced (now the Android version and device model code name are transmitted).
- Reverse Origin Trial support will be dropped and only a shortened User-Agent will be given for all pages.
In conclusion, we can note the initiative of Google to implement in the built-in password manager in Chrome the function of automating password changes in case of revealing the facts of their compromise. In particular, if during the check it turns out that the account has been compromised as a result of a leak of the site's password database, the user will be offered a button to quickly change the password on the site.
For supported sites, the process of changing the password will be automated - the browser itself will fill out and submit the necessary forms. Each stage of changing the password will be demonstrated to the user, who can intervene at any time and switch to manual mode. To automate interaction with password change forms on different sites, the Duplex machine learning system, which is also used in Google Assistant, is used. The new feature will be rolling out to users gradually, starting with Chrome for Android in the US.
Source: opennet.ru