Image: Google // Composition: ZDNet

CNET Decade in Review: 2010-2019 From the iPad to selfies to fake meat, we look back at an action-packed decade Read More

Google has announced plans today to phase out the usage of user-agent strings in its web browser Chrome.

For readers unfamiliar with the term, user-agent (UA) strings are an important part of the modern web and how browsers function.

A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA string contains details about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows 10 looks like this:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/72.0

UA strings were developed as part of the Netscape browser in the '90s, and have been in use ever since. For decades, websites have used UA strings to fine-tune features based on a visitor's technical specifications.

But now, Google says that this once-useful mechanism has become a constant source of problems on different fronts.

For starters, UA strings have been used by online advertisers as a way to track and fingerprint website visitors.

"On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites), and sites (including Google properties) being broken in some browsers for no good reason," said Yoav Weiss, a Google engineer working on the Chrome browser.

To address these issues, Google said it plans to phase out the importance of UA strings in Chrome by freezing the standard as a whole.

The plan



Google's plan is to stop updating Chrome's UA component with new strings (the UA string text that Chrome shares with websites).

The long-term plan is to unify all Chrome UA strings into generic values that don't reveal too much information about a user.

This means that new Chrome browser releases on new platforms such as new smartphone models or new OS releases will use a generic UA string, rather than one that's customised for that specific platform.

For example, in the future, a website won't be able to tell if a visitor using Chrome is running Chrome on Windows 7 or Windows 11, or if a Chrome mobile user is using Samsung Galaxy phone or a Pixel 9 handset.

Websites will be able to tell that a user is running Chrome, and if they're on a desktop or mobile device, but that's about it.

For legacy purpose, existing Chrome UA strings will continue to work, so they won't break existing technologies and scripts running across the web.

Here's Google's current plan on dealing with the UA string deprecation:

Chrome 81 (mid-March 2020) - Google plans to show warnings in the Chrome console for web pages that read the UA string, so developers can adjust their website code.

(mid-March 2020) - Google plans to show warnings in the Chrome console for web pages that read the UA string, so developers can adjust their website code. Chrome 83 (early June 2020) - Google will freeze the Chrome browser version in the UA string and unify OS versions

(early June 2020) - Google will freeze the Chrome browser version in the UA string and unify OS versions Chrome 85 (mid-September 2020) - Google will unify the UA desktop OS string as a common value for desktop browsers. Google will also unify mobile OS/device strings as a similarly common value.

Goodbye, UA strings! Hello, Client Hints!

The deprecation of the UA string mechanism is part of a push at Google to improve privacy on the web, but without killing online advertising, the lifeblood of most free websites today.

UA strings in Chrome will be replaced with a new mechanism called Client Hints. Client Hints is a mechanism through which websites can request information about a user, but without "the historical baggage and passive fingerprinting surface exposed by the venerable `User-Agent` header," as the official standard reads.

I'm excited about this. The UA string is a mess, somewhat fingerprintable, and legitimate use cases can be better and more clearly served by moving the information to an HTTPS-only client hint (a la https://t.co/ExJkky8k5W). https://t.co/cqeawdL4KX — Mike West (@mikewest) January 14, 2020

The Client Hints mechanism has been developed as part of Google's Privacy Sandbox project, announced in August last year.

The Privacy Sandbox technology stack aims to provide a way for websites and advertisers to query browsers for user details in a way in which browsers don't expose too much information about users.

Through the Privacy Sandbox, browsers will share enough information about users so advertisers can organize users into general groups, rather than create detailed individual profiles.

Deprecating UA strings for Client Hints is one of the first steps Google is taking towards implementing the Privacy Sandbox into Chrome, something that Google promised last summer.

Apple (Safari), Microsoft (Edge), and Mozilla (Firefox) have also expressed support for Google's proposal to freeze and phase out the user-agent string, but have not announced detailed plans at the time of writing.