Wikipedia

Talk:Client Hints/GA1

< Talk:Client Hints
Latest comment: 1 day ago by RoySmith in topic GA Review

GA Review

edit
Latest comment: 1 day ago17 comments3 people in discussion
GA toolbox
Reviewing

Article (edit | visual edit | history) · Article talk (edit | history) · Watch

Nominator: Sohom Datta (talk · contribs) 19:54, 2 June 2024 (UTC)Reply

Reviewer: RoySmith (talk · contribs) 01:27, 16 September 2024 (UTC)Reply

Starting review RoySmith (talk) 01:27, 16 September 2024 (UTC)Reply

  • With the proviso that Earwig is running in degraded mode now due to Too Many Requests, no problems found with copyvios.
  • None of the items under WP:GAFAIL apply.
  • Per MOS:LEAD, the lead section should summarize the rest of the article, not introduce new material.
    • "application programming interface (API)" is not mentioned in the article (at least not by that name)
      • We talk about the Javascript API in the Mechanism section
    • The lead is heavy on material from History and almost completely ignores the Background, "Mechanism, and Privacy concerns sections, so the most important points from those sections should be added.
  • Prose:
    • became an official Internet Engineering Task Force (IETF) draft no need to say "official"
        Done Sohom (talk)
    • The header was meant ... User-Agents became ... this information is used The change of tense here is jarring.
        Done Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • In 2020, Google announced their intention to deprecate user-agent (UA) strings ... [1] This is a statement about what happened in 2020 cited to a paper published in 2023. Are you sure that's the right reference?
      Pretty sure it is, the paper goes into detail noting the major events/announcements that occured wrt to Client Hints. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
      Could you add a page number to the citation to assist finding where this is mentioned? RoySmith (talk) 14:36, 25 September 2024 (UTC)Reply
    • Brave also raised concerns about the initial proposal ... [3] Likewise, this is a source published in 2019 talking ostensibly talking about events that happened in 2020.
      The phrasing here was weird. I've explicitly reworded this to make it explicit that Brave raised these concerns in 2019. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • As of May 2024, over 75% of all traffic on the internet supports client hints It's now September; are there any more recent sources for this?
      Not that I know of (based on a check on Google Scholar). Personally, I don't see the numbers changing anymore until Firefox or Apple implements this protocol. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • Since the adoption of Client Hints by major browsers you should say which browsers support it.
        Done Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • overall adoption of Client Hints across the internet was low this seems at odds with earlier statements like over 75% of all traffic on the internet supports client hints
      Clarified. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply

MediaWiki supports use of Client Hints as a counter-abuse tool. It would be disingenuous to not mention this. See https://www.mediawiki.org/wiki/Extension:CheckUser/Client_Hints.

I'm aware of this, but I wasn't able to find any sources that would be not considered user-generated content by Wikipedia standards, if you can find any sources for this, I'll add it in. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
That's an interesting point! Still, I think it's reasonable to consider the official documentation on https://www.mediawiki.org/ to be good enough to at least support a statement that it exists. Or, perhaps just add it under External links? RoySmith (talk) 14:43, 25 September 2024 (UTC)Reply
  • You might want to include an infobox, as HTTP and many of the HTTP-related articles do.
  • Spot-check per WP:GAN/I#R3:
    • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. In 1992, an extension to the HTTP protocol was introduced adding a User-Agent HTTP Header which was sent from the client to the server and contained a simple string identifying the name of the client and its version. The header was meant purely for statistical purposes and for tracking down clients that violated the protocol. Since then, with the evolution of the internet, User-Agents became increasingly more complex, and started containing significant granular information about the user. Often, this information is used in browser fingerprinting , allowing sites to track users across sites passively without having to load any JavaScript for the user. [ [1]
      • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. The source doesn't say this.
      • with the evolution of the internet, User-Agents became increasingly more complex The first part (with the evolution of the internet) isn't stated in the source. It also doesn't add anything useful, so I'd just drop it.
      • Other than those two nits, this claim is verified.
    • Brave also raised concerns about the initial proposal, citing ways in which it could be used to track users on the internet. [ [3]
      • Verified.
    • Since their initial opposition, Mozilla and Apple have updated their stance to neutral, and Brave has synchronized its implementation of client hints with that of Chrome. As of May 2024, over 75% of all traffic on the internet supports client hints. [ [2]
      • I don't see where the source says these things. The only mention I see of "over 75%" is "Nevertheless, popular web browsers like Chrome and Edge already support HTTP CHs, which affects more than 75% of web users worldwide [12]." 75% of web users is not quite the same as 75% of the traffic. And I don't see anything that talks about Mozilla and Apple updating their stance to neutral.
Reworded the first part, the paper mentions that Mozilla has updated their stance to "neutral" in page 6. They imply that Apple might have softened their stance (since all issues raised by them were resolved), but don't explicitly mention it. I've removed Apple from that sentence.
    • ]This ensures that caching mechanisms understand that responses can vary based on different client hint values. [ [5]
      • Verified.
    • the server can then use the information in the Viewport-Width header to make a decision about the kind of content to serve the user-agent. For example, if the server has a particular image that is extremely large, the server can be configured to return smaller image if the image does not fit the viewport . [ [7]
      • Verified.
    • ] Additionally, concerns were also raised that the Client-Hint proposal was too permissive and explicitly allowed for new privacy compromising information that could not be obtained by simply parsing HTTP Headers to be leaked to servers. [ [8]
      • Some of this verifies, but I don't see where the source talks about "information that could not be obtained by simply parsing HTTP Headers".
        The brave position mentions Client-Hints would expose identifying values to parties that currently cannot access them without actively injecting scripts. which effectively implies that the information cannot be obtained from HTTP headers.

Just as a note, Dreamy Jazz knows more about Client Hints than I do, so he may be willing to leave some comments. RoySmith (talk) 15:43, 17 September 2024 (UTC)Reply

The JS API provides two different categories, being low and high entropy. Perhaps that is worth mentioning somewhere in the article?
High entropy is: https://developer.mozilla.org/en-US/docs/Web/API/NavigatorUAData/getHighEntropyValues Dreamy Jazz talk to me | my contributions 20:21, 17 September 2024 (UTC)Reply
Added some more text talking about low and high entropy data. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
Add topic
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Client_Hints/GA1&oldid=1247705381"