Because most of it is useful or even needed. There's perhaps one or two things that can be removed, but not that much.
The rest is just measuring the differences between "doing stuff and seeing what happens". For example if I render a box with some text and many different "font-family: [..]" then the size will differ per platform depending on what fonts you have installed, and you can measure that.
From the article, "your screen resolution, time zone, device model and more" are shared. Why? Why does a website need to know these things? I don't get it. My own device of course needs to know, but why does the website that's sending me HTML and CSS and Javascript need to know?
> if I render a box with some text and many different "font-family: [..]" then the size will differ per platform depending on what fonts you have installed, and you can measure that.
Why do you need to measure this? The whole point of HTML and CSS was supposed to be to let the user agent render the site in whatever way is best for the user. The website doesn't know what that is; the user does.
The first point - there are usecases but it probably all ought to be user prompted. The vast majority of sites don't need any of it. For example when testing webgpu on chromium I had to globally enable it with a flag which prompted a security warning. A per-site prompt would have been much more secure - I was only using it on localhost.
The second point - you don't need to measure it (that I'm aware) but you _can_ measure it because disparate features that all have legitimate usecases on their own can be leveraged in tandem to accomplish things that weren't intended by the authors of the specification.
> but why does the website that's sending me HTML and CSS and Javascript need to know?
The website doesn't get told by the browser, but the website is sending you Javascript, and the browser will tell the Javascript when the Javascript politely inquires as to the width and height of the root html element, or some element with text in a funny font in it, and the Javascript is then free to report home.
I think hiding layout information like that from Javascript isn't really within reach without a radically different model that breaks a ton of websites.
And when I block js, most websites are still readable. (some even look better!) The fact that some sites work just fine without js mean that most could. Certainly the sites load much, much quickly without the js. 90% of the time all I want is the text, which loads perfectly without it. JS is a huge waste of resources with no real benefit to consumers. Some web apps need it, yes, but even those could still do fine without it. (until recently there was still an HTML gmail app which worked just fine.)
Required for showing the right resolution images. The alternative is blurry images or wasted bandwidth.
> time zone
Most people expect to see times in their local time.
> device model
This could probably be removed but can be useful for showing the right download button. Also I'm not sure this is explicitly shared? I'm curious what exactly they mean here.
Some mobile devices (especially cheap Androids) often have device model numbers and build version in the User-Agent headers. A few examples from a quick look at my access log:
Mozilla/5.0 (Linux; U; Android 15; zh-CN; V2301A Build/AP3A.240905.015.A2) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/123.0.6312.80 Quark/7.13.1.851 Mobile Safari/537.36
Mozilla/5.0 (Linux; Android 13; STYLO RAIN Build/TP1A.220624.014) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.7151.89 Mobile Safari/537.36
Mozilla/5.0 (Linux; Android 14; moto g04 Build/ULA34.89-193; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/137.0.7151.89 Mobile Safari/537.36
All of these contain both the device/model name and specific software version.
This is only an issue on Android and some other devices really (e.g. "smart" TVs and whatnot); I'm not aware of any desktop browser that does that. Not all Android devices do either.
This is a major reason why I stopped storing User-Agent headers in the database for my analytics app. I originally assumed there would be a relatively limited set of headers, but at some point I had millions of unique ones. Now it just stores the extracted information (e.g. "Chrome 137 on Android 14"). It's a pretty silly situation and completely unnecessary, but it is what it is.
> Required for showing the right resolution images.
How many websites is this actually an issue for? I know web developers get all impressed with themselves about putting fancy images on their web pages, but the vast majority of them are simply useless decoration.
> Most people expect to see times in their local time.
So have a built-in widget in the browser that takes a time in UTC from the server and converts it to local time (if the user has that setting enabled in their browser settings) based on the computer's time zone.
Even client side Javascript could do this without having to tell the server anything about the client's time zone.
> can be useful for showing the right download button
How about just letting the user select the right download button?
The rest is just measuring the differences between "doing stuff and seeing what happens". For example if I render a box with some text and many different "font-family: [..]" then the size will differ per platform depending on what fonts you have installed, and you can measure that.