Extension:CheckUser/Client Hints

Client Hints are information about your device and browser which is sent on request to websites you visit by browsers such as Google Chrome and Edge. The extension, which is used on sites such as Wikipedia, requests and collects this data by default to support the community in reducing vandalism and abuse. This data is deleted after 90 days and can only be viewed by trusted users.

Why is this data collected?
Trusted users were previously able to use the user agent string to identify information about the users device and browser. This, along with IP addresses, were used to compare two user accounts who are performing vandalism or abuse to see if they were being used by the same device type.

However, the user agent string is being deprecated across many major browsers which makes it harder for these trusted users to compare abusive users. Client Hints data contains the information that was previously held by the user agent string, and as such can complement the user agent string by providing the information it used to give.

What data is collected?
Client Hints data contains similar information to what was provided in the user agent string. This information includes the brand and version information of your browser, the brand and version information of your operating system and whether the device is a mobile device. A more in-depth explanation of the technical side of Client Hints can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints.

When is the data collected?
The Client Hints data is collected every time you make an edit or logged action using a browser that supports Client Hints. These browsers include Google Chrome and Edge. On some wikis, including Wikimedia wikis, Client Hints data is also collected when logging in and out of an account.

The data is not collected when viewing pages or opening the edit form without then saving your changes.

When does the data get deleted?
The data is deleted after 90 days on Wikimedia wikis, including Wikipedia. This is consistent with the privacy policy for Wikimedia wikis. This data may be held for longer than 90 days under limited exceptions, but this only occurs when a trusted user specifically retains this information.

For non-Wikimedia wikis this may be different, as they may choose to keep this data for a longer or shorter time. The privacy policy should contain information on when this data is deleted.

Who has access to this data?
The data can be accessed by those with the rights. These users are referred to as "trusted users" in this document, as the assignment of these rights is strictly controlled and given only to trusted users. Additionally, this information can only be accessed by these trusted users through a logged check.

On Wikimedia wikis, the users granted the rights must sign a non-disclosure agreement in relation to this data.