-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not send "Do not track" requests by default #2950
Comments
Hello and thanks for opening an issue! If the privacy cost is justified by the privacy benefit, then we should continue to send the signal. It may be that Global Privacy Control replaces Do Not Track well enough, in which case we should retire1 DNT and continue with GPC alone. Footnotes
|
-- https://stackdiary.com/german-court-bans-linkedin-from-ignoring-do-not-track-signals/ (HN thread) |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
You may wish to reconsider keeping DNT as a feature, or build in separate switches for DNT and GPC. Firefox will remove it in version 135.0. Apple got rid of it in 2019. Most other browsers allow users to disable it. I think the German government's decision is outweighed by what's happening with browsers and users' reality worldwide. My experience is that GPC is a superior mechanism. With all due respect, think your arguments for keeping DNT make less sense than ever. |
Please elaborate as to how a browser vendor dropping support for DNT has any bearing on the German government's decision, which still applies today. GPC is a narrower signal, legally required to be respected in some US states. DNT is a wide signal, not legally required to support in the US, and potentially legally required to support in Germany. They serve different purposes at the moment, and DNT is philosophically more aligned with user agency due to its wider scope per bit of exposed user choice entropy. |
@eligrey I didn't say it had any bearing on the German government's actions, but meant rather that DNT's decline or disappearance in browsers will make German, or any country's, rules irrelevant if there's no signal being sent. Do you actually think users world-wide will suddenly start using Privacy Badger because it has the DNT feature? You are technically correct about the difference in signals between DNT and GPC. I'm expressing a view as a user, but maybe users' views don't matter to the developers. |
I'm a user too. I have come to the unfortunate conclusion that I don't think you can practically avoid fingerprinting capabilities, especially as user agent device capabilities expand. I believe that Apple's current approach to reducing fingerprinting efficacy is best (blocklists combined with minimizing entropy exposure), but that doesn't mean that we should deny every possible feature that exposes non-zero fingerprinting entropy. To protect yourself from commonly recognized fingerprinting trackers, I recommend using a browser with built-in tracker blocking, or to install tracker blocker extension such as uBlock Origin. I expect future legal judgements to get us into a safer point to drop one of these signals eventually, but I don't feel like that is today. I hope that the maintainers of this repository share my views and continue providing Do-Not-Track for now. |
"Do not track" requests can be used to fingerprint your browser, because very few people use that feature. Most sites that don't fingerprint you with it completely ignore it anyways.
The text was updated successfully, but these errors were encountered: