Misplaced Pages

Talk:Client Hints/GA1

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
< Talk:Client Hints

This is an old revision of this page, as edited by RoySmith (talk | contribs) at 17:11, 13 October 2024 (GA Review: Reply). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 17:11, 13 October 2024 by RoySmith (talk | contribs) (GA Review: Reply)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

GA Review

GA toolbox
Reviewing

Article (edit | visual edit | history· Article talk (edit | history· Watch

Nominator: Sohom Datta (talk · contribs) 19:54, 2 June 2024 (UTC)

Reviewer: RoySmith (talk · contribs) 01:27, 16 September 2024 (UTC)

Starting review RoySmith (talk) 01:27, 16 September 2024 (UTC)

  • With the proviso that Earwig is running in degraded mode now due to Too Many Requests, no problems found with copyvios.
  • None of the items under WP:GAFAIL apply.
  • Per MOS:LEAD, the lead section should summarize the rest of the article, not introduce new material.
    • "application programming interface (API)" is not mentioned in the article (at least not by that name)
      • We talk about the Javascript API in the Mechanism section
    • The lead is heavy on material from History and almost completely ignores the Background, Mechanism, and Privacy concerns sections, so the most important points from those sections should be added.
 Done, let me know if other additions are required. Sohom (talk) 13:33, 13 October 2024 (UTC)
Hmmm, I know I encouraged you to add to the lead, but what I had in mind was to add just "the most important points", which might be 1-2 sentences for each section. MOS:LEADLENGTH was recently updated, but the old version asked for 1-2 paragraphs for an article of this length. You've got 4. Looking at it another way, your lead is about 1/3 the length of the main text. The updated version of LEADLENGTH notes that The leads in most featured articles contain about 250 to 400 words; you're very close to the upper end of that for what is quite a short article by FA standards. Think of the lead like an Elevator pitch. You've got a busy reader who doesn't have the time for a deep dive, so they're looking for just the highlights, and maybe if they find that interesting, they'll invest the time to read the rest of the article. Give them too much up front, and you'll quickly lose their interest.
To get away from the word-count-itis approach, I'm looking at the 2nd paragraph:

Client Hints was initially proposed in 2013 by engineers at Google. The design of the protocol revolves around a user agent (UA) (typically a web browser) and a server which would use HTTP Headers to communicate with each other. To start a Client Hint negotiation, the server would use the Accept-CH HTTP header to ask for a set of Client Hint headers from the user agent. The user-agent would then return client hint headers with every subsequent request. This would allow the server to make decisions about the kind of content the user-agent was capable of showing to the user. User-agents that allowed JavaScript are given access to a navigator.userAgentData JavaScript API which allowed user-agents to expose the same information that they provided through the Client Hint headers through JavaScript API calls.

I think this could all be condensed into:

Client Hints was proposed by Google in 2013. It allows a web server to request high-level descriptions of a browser's capabilities in the HTTP headers, allowing the server to send appropriate versions of content. An API allows client-side javascript to access the same information

All the rest is details which the reader can get from the rest of the article. RoySmith (talk) 17:11, 13 October 2024 (UTC)
  • Prose:
    • became an official Internet Engineering Task Force (IETF) draft no need to say "official"
       Done Sohom (talk)
    • The header was meant ... User-Agents became ... this information is used The change of tense here is jarring.
       Done Sohom (talk) 04:12, 23 September 2024 (UTC)
    • In 2020, Google announced their intention to deprecate user-agent (UA) strings ... This is a statement about what happened in 2020 cited to a paper published in 2023. Are you sure that's the right reference?
      Pretty sure it is, the paper goes into detail noting the major events/announcements that occured wrt to Client Hints. Sohom (talk) 04:12, 23 September 2024 (UTC)
      Could you add a page number to the citation to assist finding where this is mentioned? RoySmith (talk) 14:36, 25 September 2024 (UTC)
    • Brave also raised concerns about the initial proposal ... Likewise, this is a source published in 2019 talking ostensibly talking about events that happened in 2020.
      The phrasing here was weird. I've explicitly reworded this to make it explicit that Brave raised these concerns in 2019. Sohom (talk) 04:12, 23 September 2024 (UTC)
    • As of May 2024, over 75% of all traffic on the internet supports client hints It's now September; are there any more recent sources for this?
      Not that I know of (based on a check on Google Scholar). Personally, I don't see the numbers changing anymore until Firefox or Apple implements this protocol. Sohom (talk) 04:12, 23 September 2024 (UTC)
    • Since the adoption of Client Hints by major browsers you should say which browsers support it.
       Done Sohom (talk) 04:12, 23 September 2024 (UTC)
    • overall adoption of Client Hints across the internet was low this seems at odds with earlier statements like over 75% of all traffic on the internet supports client hints
      Clarified. Sohom (talk) 04:12, 23 September 2024 (UTC)

MediaWiki supports use of Client Hints as a counter-abuse tool. It would be disingenuous to not mention this. See https://www.mediawiki.org/Extension:CheckUser/Client_Hints.

I'm aware of this, but I wasn't able to find any sources that would be not considered user-generated content by Misplaced Pages standards, if you can find any sources for this, I'll add it in. Sohom (talk) 04:12, 23 September 2024 (UTC)
That's an interesting point! Still, I think it's reasonable to consider the official documentation on https://www.mediawiki.org/ to be good enough to at least support a statement that it exists. Or, perhaps just add it under External links? RoySmith (talk) 14:43, 25 September 2024 (UTC)
plus Added external link. Sohom (talk) 21:52, 9 October 2024 (UTC)
  • You might want to include an infobox, as HTTP and many of the HTTP-related articles do.
 Done Sohom (talk) 13:57, 10 October 2024 (UTC)
  • Spot-check per WP:GAN/I#R3:
    • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. In 1992, an extension to the HTTP protocol was introduced adding a User-Agent HTTP Header which was sent from the client to the server and contained a simple string identifying the name of the client and its version. The header was meant purely for statistical purposes and for tracking down clients that violated the protocol. Since then, with the evolution of the internet, User-Agents became increasingly more complex, and started containing significant granular information about the user. Often, this information is used in browser fingerprinting , allowing sites to track users across sites passively without having to load any JavaScript for the user.
      • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. The source doesn't say this.
      • with the evolution of the internet, User-Agents became increasingly more complex The first part (with the evolution of the internet) isn't stated in the source. It also doesn't add anything useful, so I'd just drop it.
      • Other than those two nits, this claim is verified.
    • Brave also raised concerns about the initial proposal, citing ways in which it could be used to track users on the internet.
      • Verified.
    • Since their initial opposition, Mozilla and Apple have updated their stance to neutral, and Brave has synchronized its implementation of client hints with that of Chrome. As of May 2024, over 75% of all traffic on the internet supports client hints.
      • I don't see where the source says these things. The only mention I see of "over 75%" is "Nevertheless, popular web browsers like Chrome and Edge already support HTTP CHs, which affects more than 75% of web users worldwide ." 75% of web users is not quite the same as 75% of the traffic. And I don't see anything that talks about Mozilla and Apple updating their stance to neutral.
Reworded the first part, the paper mentions that Mozilla has updated their stance to "neutral" in page 6. They imply that Apple might have softened their stance (since all issues raised by them were resolved), but don't explicitly mention it. I've removed Apple from that sentence.
    • ]This ensures that caching mechanisms understand that responses can vary based on different client hint values.
      • Verified.
    • the server can then use the information in the Viewport-Width header to make a decision about the kind of content to serve the user-agent. For example, if the server has a particular image that is extremely large, the server can be configured to return smaller image if the image does not fit the viewport .
      • Verified.
    • ] Additionally, concerns were also raised that the Client-Hint proposal was too permissive and explicitly allowed for new privacy compromising information that could not be obtained by simply parsing HTTP Headers to be leaked to servers.
      • Some of this verifies, but I don't see where the source talks about "information that could not be obtained by simply parsing HTTP Headers".
        The brave position mentions Client-Hints would expose identifying values to parties that currently cannot access them without actively injecting scripts. which effectively implies that the information cannot be obtained from HTTP headers.

Just as a note, Dreamy Jazz knows more about Client Hints than I do, so he may be willing to leave some comments. RoySmith (talk) 15:43, 17 September 2024 (UTC)

The JS API provides two different categories, being low and high entropy. Perhaps that is worth mentioning somewhere in the article?
High entropy is: https://developer.mozilla.org/en-US/docs/Web/API/NavigatorUAData/getHighEntropyValues Dreamy Jazz 20:21, 17 September 2024 (UTC)
Added some more text talking about low and high entropy data. Sohom (talk) 04:12, 23 September 2024 (UTC)

Sohom Datta there's still a few items above to which you haven't responded; I'm waiting on those to take any further action. RoySmith (talk) 17:44, 28 September 2024 (UTC)

It might take me a bit to come back to this, but I'll try to take a look at the end of week (Sorry for the delay, IRL stuff has come up) Sohom (talk) 23:20, 29 September 2024 (UTC)
OK, that's fine. I've put this on hold for another 14 days. Please ping me when you're ready. RoySmith (talk) 23:27, 29 September 2024 (UTC)
@Sohom Datta Have you made any progress on this? I don't mean to be a pain, but if we're not able to wrap this up in the next few days, I'm afraid I'm going to have to close this review as unsuccessful. RoySmith (talk) 18:59, 8 October 2024 (UTC)
Ack, I'm on it, I'll have a lot more time going forward (hopefully) so I should be able to address the rest over the coming days. Sohom (talk) 21:52, 9 October 2024 (UTC)
@RoySmith, (and Dreamy Jazz) I think I've addressed all of the points both of y'all brought up, let me know if there are any other things that could be improved. Sohom (talk) 13:33, 13 October 2024 (UTC)
Fix ping Dreamy Jazz Sohom (talk) 13:34, 13 October 2024 (UTC)