User Agents

Editor’s Draft,

More details about this document
This version:
https://w3ctag.github.io/user-agents
Issue Tracking:
GitHub
Editor:
(Google)

Copyright © 2024 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.

Abstract

Web user agents include both web browsers and other intermediaries between end-users and the web. Each user agent serves its user, not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

Status of this document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index.

This document was published by the W3C Technical Architecture Group (TAG) as an Editor’s Draft. Publication as an Editor’s Draft does not imply endorsement by W3C and its Members. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

Feedback and comments on this specification are welcome. Please file an issue in this document’s GitHub repository.

This document is governed by the 1 March 2019 W3C Process Document.

1. What is a user agent

A web user agent is any software entity that interacts with websites outside the entity itself, on behalf of its user, including just to display the content of websites. In web specifications, web user agents are usually referred to as just "user agents", but there are other kinds of user agents in other domains, for example "mail user agents" in the context of email. A person can use many different user agents in their day-to-day life.

The most common type of web user agent is the web browser, including in-app browsers that can follow cross-site links. However, search engines, voice-driven assistants, and generative AI systems that can present snippets or summaries of websites to their users, or help their users interact with websites, can also be user agents.

User agent behavior is not completely defined by web standards or even by technical specifications in general. In particular, user agents choose which specifications to implement in order to best serve their users, and they implement proprietary user interfaces and other behavior around the specifications they do implement.

2. How the ecosystem works

The structure of the web browser market helps ensure that browsers act as trustworthy agents, but it can also give them conflicts of interest. There are many browsers available for free, which allows users to switch away from a browser that violates their trust. Security and privacy researchers also actively investigate browser behavior and publicize any unexpected or user-hostile behavior, which helps users pick a browser and be confident that it’s trustworthy. These researchers benefit from the parts of browsers that are open source.

The trustworthiness of the available browsers is further aided by a culture of service to end-users among the people who develop browsers. However, we can’t just assume that culture will sustain itself: it’s important that browsers which lose that culture also lose in the marketplace, fast enough to prevent the culture-loss from spreading.

3. Duties of user agents

Each user agent serves its user (The Internet is for End Users), not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

3.1. Protection

It should be safe to visit a web page. That is, simply visiting a page must not allow the page to make permanent changes to the user’s computer or environment (for example by installing malware), and simply visiting should reveal as little information as practical about the user to the page, to the user’s environment, and to any other interested actor.

Users can opt into sharing more information with a page they visit, for example by entering or auto-filling data into form fields, or granting permissions to the page. Users can also allow the page to make changes to their environment, for example by installing native programs that the page offers. Even in these cases, user agents should strive to prevent pages from tricking their users and should help their users notice when they might be giving the page more power than they intended.

3.2. Honesty

A user agent is responsible to explain to its user what’s going on, in terms that user is likely to be able to understand. These explanations should happen at appropriate times and frequencies, so that they actually help the user understand instead of interrupting and distracting the user.

3.3. Loyalty

A user agent must serve its user’s interests over its implementer’s interests and over the interests of any other party.

A user agent can be loyal while also collecting payment for its services, as long as that payment is fair and was agreed ahead of time.

A user agent can also help its user make a credible commitment to a page in order to get that page’s services, and it’s not disloyal to maintain that commitment after getting the services.

4. Acknowledgements

Thanks to the Infra Standard for an earlier definition of User Agents and to Privacy Principles for the initial version of these duties.

Index

Terms defined by this specification

References

Normative References

[DESIGN-PRINCIPLES]
Lea Verou. Web Platform Design Principles. URL: https://w3ctag.github.io/design-principles/
[RFC8890]
M. Nottingham. The Internet is for End Users. August 2020. Informational. URL: https://www.rfc-editor.org/rfc/rfc8890

Informative References

[Infra]
Anne van Kesteren; Domenic Denicola. Infra Standard. Living Standard. URL: https://infra.spec.whatwg.org/
[PRIVACY-PRINCIPLES]
Robin Berjon; Jeffrey Yasskin. Privacy Principles. URL: https://w3ctag.github.io/privacy-principles/