google-chromeuser-agentprivacyclient-hints

Why does Chrome use sec-ch-ua: "\"Not\\A;Brand";v="99"?


I understand that making user-agent hints more ambiguous is intended, in part, to make browser fingerprinting harder.

My own (Windows desktop) Chrome sends the headers:

user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
sec-ch-ua: "Chromium";v="86", "\"Not\\A;Brand";v="99", "Google Chrome";v="86"
sec-ch-ua-mobile: ?0

What I don't get is:

  1. Why the string "Not A Brand" specifically? Does anyone else use this pseudo-UA? Is this a joke of some sort?
  2. Why the \" and \\A; inside the string? My only guess is that this is supposed to mess with parsers somehow (like the anti-IE hacks in CSS), but that seems like a rather odd purpose — and IIRC, \A is the bell character.
  3. How is this supposed to accomplish user-agent hint ambiguity, given that it also sends the full user-agent header, which has the specific version numbers?
  4. While at it: why does Chrome's user-agent also claim to be Mozilla, AppleWebKit, and Safari? It isn't, and this user-agent string is distinctively Chrome's. Does it have some sort of embedded components from those other browsers?

Solution

  • It seems that it's part of Chromium's GREASEing strategy:

    User agents' brands containing more than a single entry could encourage standardized processing of the UA string. By randomly including additional, intentionally incorrect, comma-separated entries with arbitrary ordering, they would reduce the chance that we ossify on a few required strings.


    Looking at the Chromium repository, it seems that it was introduced in this commit

    The commit description given is:

    [client-hints] GREASEing the Sec-CH-UA list
    
    Randomizing order and string with escaped characters to ensure proper
    parsing and prevent ossification.
    

    It also links to this ticket in the bug tracker.