Talk:Client Hints

Latest comment: 16 days ago by Sohom Datta in topic GA Review

Did you know nomination

edit
The following is an archived discussion of the DYK nomination of the article below. Please do not modify this page. Subsequent comments should be made on the appropriate discussion page (such as this nomination's talk page, the article's talk page or Wikipedia talk:Did you know), unless there is consensus to re-open the discussion at this page. No further edits should be made to this page.

The result was: promoted by Hey man im josh talk 15:03, 18 June 2024 (UTC)Reply

  • Source: Senol, Asuman; Acar, Gunes (2023-11-26). "Unveiling the Impact of User-Agent Reduction and Client Hints: A Measurement Study". WPES '23: Proceedings of the 22nd Workshop on Privacy in the Electronic Society. ACM: 96. doi:10.1145/3603216.3624965. ISBN 979-8-4007-0235-8.
5x expanded by Sohom Datta (talk). Number of QPQs required: 1. Nominator has 9 past nominations.

Sohom (talk) 02:37, 3 June 2024 (UTC).Reply

  •   New enough and long enough expansion. QPQ present. First thought is that Mozilla, not Firefox, would have been declaring CHs "harmful", Sohom Datta. The source says as much. Both hooks check out, but ALT0 and the article must be fixed before publication. (I do prefer ALT1 very slightly) Sammi Brie (she/her • tc) 07:37, 14 June 2024 (UTC)Reply
Sounds good, in practise Firefox and Mozilla are used interchangeably in the browser spec world, however, in this instance it does make sense to use what the source says. How about:
ALT 0a: ... that the Client Hints proposal was initially classified as "harmful" by Mozilla?
ALT 0b: ... that Google's Client Hints proposal was initially classified as "harmful" by Mozilla?
Sammi Brie Let me know if you prefer the wording of one over the other :) Sohom (talk) 11:46, 14 June 2024 (UTC)Reply

GA Review

edit
GA toolbox
Reviewing
This review is transcluded from Talk:Client Hints/GA1. The edit link for this section can be used to add comments to the review.

Nominator: Sohom Datta (talk · contribs) 19:54, 2 June 2024 (UTC)Reply

Reviewer: RoySmith (talk · contribs) 01:27, 16 September 2024 (UTC)Reply

Starting review RoySmith (talk) 01:27, 16 September 2024 (UTC)Reply

  • With the proviso that Earwig is running in degraded mode now due to Too Many Requests, no problems found with copyvios.
  • None of the items under WP:GAFAIL apply.
  • Per MOS:LEAD, the lead section should summarize the rest of the article, not introduce new material.
    • "application programming interface (API)" is not mentioned in the article (at least not by that name)
      • We talk about the Javascript API in the Mechanism section
    • The lead is heavy on material from History and almost completely ignores the Background, Mechanism, and Privacy concerns sections, so the most important points from those sections should be added.
  Done, let me know if other additions are required. Sohom (talk) 13:33, 13 October 2024 (UTC)Reply
Hmmm, I know I encouraged you to add to the lead, but what I had in mind was to add just "the most important points", which might be 1-2 sentences for each section. MOS:LEADLENGTH was recently updated, but the old version asked for 1-2 paragraphs for an article of this length. You've got 4. Looking at it another way, your lead is about 1/3 the length of the main text. The updated version of LEADLENGTH notes that The leads in most featured articles contain about 250 to 400 words; you're very close to the upper end of that for what is quite a short article by FA standards. Think of the lead like an Elevator pitch. You've got a busy reader who doesn't have the time for a deep dive, so they're looking for just the highlights, and maybe if they find that interesting, they'll invest the time to read the rest of the article. Give them too much up front, and you'll quickly lose their interest.
To get away from the word-count-itis approach, I'm looking at the 2nd paragraph:

Client Hints was initially proposed in 2013 by engineers at Google. The design of the protocol revolves around a user agent (UA) (typically a web browser) and a server which would use HTTP Headers to communicate with each other. To start a Client Hint negotiation, the server would use the Accept-CH HTTP header to ask for a set of Client Hint headers from the user agent. The user-agent would then return client hint headers with every subsequent request. This would allow the server to make decisions about the kind of content the user-agent was capable of showing to the user. User-agents that allowed JavaScript are given access to a navigator.userAgentData JavaScript API which allowed user-agents to expose the same information that they provided through the Client Hint headers through JavaScript API calls.

I think this could all be condensed into:

Client Hints was proposed by Google in 2013. It allows a web server to request high-level descriptions of a browser's capabilities in the HTTP headers, allowing the server to send appropriate versions of content. An API allows client-side javascript to access the same information

All the rest is details which the reader can get from the rest of the article. RoySmith (talk) 17:11, 13 October 2024 (UTC)Reply
Yeah, I think that's fair, I've shortened the middle paragraph per what you said above. I've struggled with ledes a fair bit since I eithier end up cutting too much or adding too much. I'll keep your thoughts in mind when writing my next article. Sohom (talk) 02:20, 14 October 2024 (UTC)Reply
  • Prose:
    • became an official Internet Engineering Task Force (IETF) draft no need to say "official"
        Done Sohom (talk)
    • The header was meant ... User-Agents became ... this information is used The change of tense here is jarring.
        Done Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • In 2020, Google announced their intention to deprecate user-agent (UA) strings ... [1] This is a statement about what happened in 2020 cited to a paper published in 2023. Are you sure that's the right reference?
      Pretty sure it is, the paper goes into detail noting the major events/announcements that occured wrt to Client Hints. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
      Could you add a page number to the citation to assist finding where this is mentioned? RoySmith (talk) 14:36, 25 September 2024 (UTC)Reply
    • Brave also raised concerns about the initial proposal ... [3] Likewise, this is a source published in 2019 talking ostensibly talking about events that happened in 2020.
      The phrasing here was weird. I've explicitly reworded this to make it explicit that Brave raised these concerns in 2019. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • As of May 2024, over 75% of all traffic on the internet supports client hints It's now September; are there any more recent sources for this?
      Not that I know of (based on a check on Google Scholar). Personally, I don't see the numbers changing anymore until Firefox or Apple implements this protocol. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • Since the adoption of Client Hints by major browsers you should say which browsers support it.
        Done Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
    • overall adoption of Client Hints across the internet was low this seems at odds with earlier statements like over 75% of all traffic on the internet supports client hints
      Clarified. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply

MediaWiki supports use of Client Hints as a counter-abuse tool. It would be disingenuous to not mention this. See https://www.mediawiki.org/wiki/Extension:CheckUser/Client_Hints.

I'm aware of this, but I wasn't able to find any sources that would be not considered user-generated content by Wikipedia standards, if you can find any sources for this, I'll add it in. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply
That's an interesting point! Still, I think it's reasonable to consider the official documentation on https://www.mediawiki.org/ to be good enough to at least support a statement that it exists. Or, perhaps just add it under External links? RoySmith (talk) 14:43, 25 September 2024 (UTC)Reply
  Added external link. Sohom (talk) 21:52, 9 October 2024 (UTC)Reply
  • You might want to include an infobox, as HTTP and many of the HTTP-related articles do.
  Done Sohom (talk) 13:57, 10 October 2024 (UTC)Reply
  • Spot-check per WP:GAN/I#R3:
    • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. In 1992, an extension to the HTTP protocol was introduced adding a User-Agent HTTP Header which was sent from the client to the server and contained a simple string identifying the name of the client and its version. The header was meant purely for statistical purposes and for tracking down clients that violated the protocol. Since then, with the evolution of the internet, User-Agents became increasingly more complex, and started containing significant granular information about the user. Often, this information is used in browser fingerprinting , allowing sites to track users across sites passively without having to load any JavaScript for the user. [ [1]
      • Since the early days of the internet, there has been a desire to identify what kind of client a user was using to connect to a server. The source doesn't say this.
      • with the evolution of the internet, User-Agents became increasingly more complex The first part (with the evolution of the internet) isn't stated in the source. It also doesn't add anything useful, so I'd just drop it.
      • Other than those two nits, this claim is verified.
    • Brave also raised concerns about the initial proposal, citing ways in which it could be used to track users on the internet. [ [3]
      • Verified.
    • Since their initial opposition, Mozilla and Apple have updated their stance to neutral, and Brave has synchronized its implementation of client hints with that of Chrome. As of May 2024, over 75% of all traffic on the internet supports client hints. [ [2]
      • I don't see where the source says these things. The only mention I see of "over 75%" is "Nevertheless, popular web browsers like Chrome and Edge already support HTTP CHs, which affects more than 75% of web users worldwide [12]." 75% of web users is not quite the same as 75% of the traffic. And I don't see anything that talks about Mozilla and Apple updating their stance to neutral.
Reworded the first part, the paper mentions that Mozilla has updated their stance to "neutral" in page 6. They imply that Apple might have softened their stance (since all issues raised by them were resolved), but don't explicitly mention it. I've removed Apple from that sentence.
    • ]This ensures that caching mechanisms understand that responses can vary based on different client hint values. [ [5]
      • Verified.
    • the server can then use the information in the Viewport-Width header to make a decision about the kind of content to serve the user-agent. For example, if the server has a particular image that is extremely large, the server can be configured to return smaller image if the image does not fit the viewport . [ [7]
      • Verified.
    • ] Additionally, concerns were also raised that the Client-Hint proposal was too permissive and explicitly allowed for new privacy compromising information that could not be obtained by simply parsing HTTP Headers to be leaked to servers. [ [8]
      • Some of this verifies, but I don't see where the source talks about "information that could not be obtained by simply parsing HTTP Headers".
        The brave position mentions Client-Hints would expose identifying values to parties that currently cannot access them without actively injecting scripts. which effectively implies that the information cannot be obtained from HTTP headers.

Just as a note, Dreamy Jazz knows more about Client Hints than I do, so he may be willing to leave some comments. RoySmith (talk) 15:43, 17 September 2024 (UTC)Reply

The JS API provides two different categories, being low and high entropy. Perhaps that is worth mentioning somewhere in the article?
High entropy is: https://developer.mozilla.org/en-US/docs/Web/API/NavigatorUAData/getHighEntropyValues Dreamy Jazz talk to me | my contributions 20:21, 17 September 2024 (UTC)Reply
Added some more text talking about low and high entropy data. Sohom (talk) 04:12, 23 September 2024 (UTC)Reply

Sohom Datta there's still a few items above to which you haven't responded; I'm waiting on those to take any further action. RoySmith (talk) 17:44, 28 September 2024 (UTC)Reply

It might take me a bit to come back to this, but I'll try to take a look at the end of week (Sorry for the delay, IRL stuff has come up) Sohom (talk) 23:20, 29 September 2024 (UTC)Reply
OK, that's fine. I've put this on hold for another 14 days. Please ping me when you're ready. RoySmith (talk) 23:27, 29 September 2024 (UTC)Reply
@Sohom Datta Have you made any progress on this? I don't mean to be a pain, but if we're not able to wrap this up in the next few days, I'm afraid I'm going to have to close this review as unsuccessful. RoySmith (talk) 18:59, 8 October 2024 (UTC)Reply
Ack, I'm on it, I'll have a lot more time going forward (hopefully) so I should be able to address the rest over the coming days. Sohom (talk) 21:52, 9 October 2024 (UTC)Reply
@RoySmith, (and Dreamy Jazz) I think I've addressed all of the points both of y'all brought up, let me know if there are any other things that could be improved. Sohom (talk) 13:33, 13 October 2024 (UTC)Reply
Fix ping Dreamy Jazz Sohom (talk) 13:34, 13 October 2024 (UTC)Reply

Second opinion

edit

I've been mulling over your last comment for a couple of days. The rewrite of the one paragraph I provided was intended to be an example to guide further copyediting that you would do to improve the rest of the lead. I'm fine with you using my text verbatim, but in my opinion, there's more work to be done on the rest of the lead, and saying "I'll keep your thoughts in mind when writing my next article" kind of misses the point that we're still working on this article. To be honest I'm not sure you're fully engaged with this review. I'm going to ask for a second opinion and request that the new reviewer concentrate specifically on whether WP:GACR6 item 1, i.e. compliance with MOS:LEAD has been satisfied. RoySmith (talk) 14:51, 17 October 2024 (UTC)Reply

I think I misunderstood what you meant in your comment above, I'll take another stab at this and try and do a bit more copyediting and wordsmithing. Sohom (talk) 17:22, 17 October 2024 (UTC)Reply
Thank you. RoySmith (talk) 17:45, 17 October 2024 (UTC)Reply
A month on from the exchange above, so I assume the nominator has sorted out whatever needed sorting. (Has this really been underway for 24 weeks?) I have only read this section of the review, in an attempt to come to the issue "fresh". Re the lead, it seems to me to fail criterion 1a quite badly. I consider myself moderately IT literate, but have no clue what the lead is referring to. WP:TECHNICAL is not met to the extent that I am unable to offer any thoughts as to whether the lead sections part of criterion 1b has been met. I am not sure if this addresses the question you were asking. Gog the Mild (talk) 19:27, 15 November 2024 (UTC)Reply
I also note in passing that the range section of the infobox used (see Template:Infobox protocol/doc) is asking for a distance, not a date nor a time period. Gog the Mild (talk) 19:45, 15 November 2024 (UTC)Reply
I forgot about this for a bit, lemme try and work on it this weekend ? Sohom (talk) 21:49, 15 November 2024 (UTC)Reply
On second thoughts, I really should not block you guys from making a decision at this point, feel free to give more feedback. I'll try to do a bit of simplification over today and tmrw. Sohom (talk) 22:10, 15 November 2024 (UTC)Reply
@Gog the Mild Thoughts on the latest version ? Sohom (talk) 22:24, 15 November 2024 (UTC)Reply
It starts nicely now, but I don't believe that "a list of strings set of HTTP Header fields or a JavaScript web application programming interface (API) so that the server can then determine which resources should be included in its responses" is " understandable to an appropriately broad audience". Similarly, IMO, " a privacy-focused alternative to user-agent headers, as part of Google's Privacy Sandbox initiative." Criterion 1a is linked to WP:TECHNICAL, the lead of which ends "should not take prerequisite knowledge for granted or gratuitously use unexplained jargon or advanced technical notation: shortcuts which save time and effort for experts can be barriers to the uninitiated."
Plus Client Hints is treated as singular in the first paragraph (is) and plural in the second (were).
This is just from a skim of the first paragraph and a half. Gog the Mild (talk) 22:49, 15 November 2024 (UTC)Reply
@Gog the Mild I've done a fair bit of copyediting, let me know if the current version is any better ? (I think the page should mostly be fine except maybe the "Mechanism" section which is a treatment of the nitty gritty in the protocol). Sohom (talk) 18:37, 16 November 2024 (UTC)Reply