Client Hints and a sense of déjà vu – Vivaldi Browser snapshot 2950.3

Ruarí

Today’s snapshot brings you up to date with our latest fixes and improvements and adds a setting and for Client Hints branding to prevent Vivaldi users from being locked out of websites.

Click here to see the full blog post

Ruarí

Who wants to bet I am going to have to dress up as Santa again?

https://youtu.be/QkayN3xiRDc

killchain

First?

Edit: dammit

Ruarí

@killchain: Sorry… or am I?

Ruarí

You know when the client hints thing started I did think to myself, "Surely this will just be abused again, like with user agents…" but then I decided I should not be so negative.

So what is my takeaway now? The glass is always half empty!

edwardp

Just retrieved it. Thank you.

I found the Client Hints setting and switched it to Vivaldi.

Up to now, without it, I have not encountered any web sites that locked me out specifically as a result of using Vivaldi.

@Ruarí Unfortunately, the local casinos are not allowed to take Santa-related bets!

Ruarí

@edwardp: No so far there are not been many but we have had a couple of reports where we think this is the issue. The setting was added so those that hit potential problems having something to try.

LonM

@Ruarí When this was last discussed here I said exactly this.

@LonM said in User Agent Changes:

That won't fix the main problem. It will make user agent a bit cleaner and remove the need for all the fluff.
But it won't stop people blocking browsers arbitrarily.
And any old servers that did bad UA sniffing will just stop serving pages altogether if the UA was removed entirely.

Now I'm looking at the proposed spec (I think this is it here 1) and the announcement (2). Given Google's propensity to do stuff apparently just for the sake of doing stuff, and given how the whole thing seems to have been pushed primarily by googlers, it wouldn't surprise me if we found out that the whole thing was pushed by someone who just wanted to create a feature to get a promotion and in a few years it'll be deprecated and removed.

Regardless of all that, I'm curious as to what the point is of the new feature. Vivaldi never offered a UA switcher, because the devtools were enough. Given you can configure Client hints the same way with the devtools, and assuming Vivaldi isn't adding its own brand (3) why add this feature?

ingolftopf

Many thanks

Ruarí

@LonM said in Client Hints and a sense of déjà vu – Vivaldi Browser snapshot 2950.3:

Vivaldi never offered a UA switcher, because the devtools were enough. Given you can configure Client hints the same way with the devtools, and assuming Vivaldi isn't adding its own brand (3) why add this feature?

There were multiple ways to set the UA even without a setting or dev tools. For example there is also a command line switch and a whole bunch of extensions. We already had client hints (just with a lack of branding). The setting is just there to provide an easy way for people to attempt to work around potential issues, since it is less straightforward than with the more established user agent.

LonM

@Ruarí What kinds of issues are people experiencing? If Vivaldi has the same branding as chrome, does that mean chrome users are also seeing these issues?

edwardp

@LonM The setting doesn't change the main User Agent, it changes Sec-CH-UA:

Sec-CH-UA	"Chromium";v="5.8", "Not A(Brand";v="24", "Vivaldi";v="5.8"

The main User Agent remains the same:

User-Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36

Can be verified here (BrowserLeaks IP Address test).

Ruarí

@LonM Things like not being able to log into their bank. And our branding has been the same as Chrome, though you can now set it to be the same and check if you think you have hit such a problem.

LonM

@edwardp I know it just changes the client hint - I was confused as to why the devs think that it's necessary to expend effort building a UI for this, if simply pretending to be chrome was enough to solve the problem.

Ruarí

For anyone struggling to find where to configure this client hints section, it is in the Network section but this is missing on Linux. However a search for Sec-Ch-Ua will also work. I updated the known issues.

Pathduck

@Ruarí From a quick test, looks like a restart is not really required to change the branding? Which is good, but still WIP I guess

Also, it would be great with a setting to not send any sec-ch-ua headers at all. Setting "No Brand" still sends the header.

I.e. not just Brand and Version, but also:
sec-ch-ua-mobile
sec-ch-ua-platform
sec-ch-ua-arch
sec-ch-ua-bitness
sec-ch-ua-full-version-list
sec-ch-ua-model
sec-ch-ua-platform-version
sec-ch-ua-wow64

These things are invented by Google and forced into a de-facto standard, so by definition evil.

I guess it can be done with adding and letting us edit the rest of the sec-ch-ua headers, and if empty, the header will not be sent. Something like ModHeader allows.

Other than that, some really great fixes here

LonM

@Pathduck I don't think allowing "No Brand" at all is a good idea. That might give privacy-conscious users the impression that this is an accepted setting, and they'll end up getting locked out of sites and frustrated (like happened when Vivaldi added the ability to disable google "components"). The default setting should be "chrome", maybe with a small footnote explanation as to why this is, and if they really want an empty brand, they can set it to "custom" and leave it blank.

stardepp

Is this what is meant by “client hints” here?

Bild Text

LonM

@stardepp "Client hints" are found under the "Network" settings category.

The protocol setting in your screenshot is for things like mailto: links

Ruarí

@stardepp If you are on Linux and cannot find it, see the known issue or just search for the following in settings: Sec-Ch-Ua