Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not send "Do not track" requests by default #2950

Open
Lenni-builder opened this issue Feb 3, 2024 · 8 comments
Open

Do not send "Do not track" requests by default #2950

Lenni-builder opened this issue Feb 3, 2024 · 8 comments
Labels
DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy

Comments

@Lenni-builder
Copy link

"Do not track" requests can be used to fingerprint your browser, because very few people use that feature. Most sites that don't fingerprint you with it completely ignore it anyways.

@ghostwords ghostwords added the DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy label Feb 4, 2024
@ghostwords
Copy link
Member

ghostwords commented Feb 4, 2024

Hello and thanks for opening an issue!

If the privacy cost is justified by the privacy benefit, then we should continue to send the signal.

It may be that Global Privacy Control replaces Do Not Track well enough, in which case we should retire1 DNT and continue with GPC alone.

Footnotes

  1. If it no longer makes sense to have something on by default, we should then remove that feature from Privacy Badger.

@ghostwords
Copy link
Member

German court bans LinkedIn from ignoring "Do Not Track" signals

-- https://stackdiary.com/german-court-bans-linkedin-from-ignoring-do-not-track-signals/ (HN thread)

@sillyjaybird

This comment was marked as off-topic.

@ghostwords
Copy link
Member

ghostwords commented Jun 19, 2024

Transcend Consent Management's default config affords more privacy protections to DNT than GPC.

-- duckduckgo/duckduckgo-privacy-extension#1417 (comment)

@sillyjaybird
Copy link

sillyjaybird commented Dec 11, 2024

You may wish to reconsider keeping DNT as a feature, or build in separate switches for DNT and GPC. Firefox will remove it in version 135.0. Apple got rid of it in 2019. Most other browsers allow users to disable it. I think the German government's decision is outweighed by what's happening with browsers and users' reality worldwide. My experience is that GPC is a superior mechanism. With all due respect, think your arguments for keeping DNT make less sense than ever.
https://www.techspot.com/news/105924-do-not-track-mozilla-dropping-privacy-feature-due.html

@eligrey
Copy link
Contributor

eligrey commented Dec 11, 2024

I think the German government's decision is outweighed by what's happening with browsers and users' reality worldwide

Please elaborate as to how a browser vendor dropping support for DNT has any bearing on the German government's decision, which still applies today.

GPC is a narrower signal, legally required to be respected in some US states. DNT is a wide signal, not legally required to support in the US, and potentially legally required to support in Germany.

They serve different purposes at the moment, and DNT is philosophically more aligned with user agency due to its wider scope per bit of exposed user choice entropy.

@sillyjaybird
Copy link

sillyjaybird commented Dec 11, 2024

@eligrey I didn't say it had any bearing on the German government's actions, but meant rather that DNT's decline or disappearance in browsers will make German, or any country's, rules irrelevant if there's no signal being sent. Do you actually think users world-wide will suddenly start using Privacy Badger because it has the DNT feature?

You are technically correct about the difference in signals between DNT and GPC. I'm expressing a view as a user, but maybe users' views don't matter to the developers.

@eligrey
Copy link
Contributor

eligrey commented Dec 11, 2024

I'm a user too. I have come to the unfortunate conclusion that I don't think you can practically avoid fingerprinting capabilities, especially as user agent device capabilities expand.

I believe that Apple's current approach to reducing fingerprinting efficacy is best (blocklists combined with minimizing entropy exposure), but that doesn't mean that we should deny every possible feature that exposes non-zero fingerprinting entropy.

To protect yourself from commonly recognized fingerprinting trackers, I recommend using a browser with built-in tracker blocking, or to install tracker blocker extension such as uBlock Origin.

I expect future legal judgements to get us into a safer point to drop one of these signals eventually, but I don't feel like that is today. I hope that the maintainers of this repository share my views and continue providing Do-Not-Track for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
DNT policy EFF's Do Not Track policy: www.eff.org/dnt-policy
Projects
None yet
Development

No branches or pull requests

4 participants