Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block browser Do Not Track setting from being enabled #1417

Open
Ammako opened this issue Sep 24, 2022 · 5 comments
Open

Block browser Do Not Track setting from being enabled #1417

Ammako opened this issue Sep 24, 2022 · 5 comments

Comments

@Ammako
Copy link

Ammako commented Sep 24, 2022

Summary

Do Not Track is rarely respected (if ever), and only gives websites yet another datapoint they can use to track you. It should be force-disabled to prevent users from enabling something that would only harm their privacy.

As per DuckDuckGo themselves: https://spreadprivacy.com/do-not-track/

Motivation

Global Privacy Control supersedes Do Not Track, and actually has legislation supporting it this time around. Until every major browser removes DNT, users should be encouraged to use GPC via the extension instead of enabling DNT in their browser settings.

Most users aren't aware that DNT is not helpful or that it can even actively harm their privacy. Firefox even enables it by default on Private Browsing windows, which is problematic. You'd expect enhanced privacy when in Private Browsing, not the other way around.

Additional context

Would be nice to have, it's not particularly urgent though. It's possible that the extension already prevents DNT headers from being sent in favor of GPC, but this isn't entirely clear at the moment. I would expect something like this:

image
@jonathanKingston
Copy link
Collaborator

We used to remove the header and APIs but was requested by Mozilla not to; a little bit of the explanation is here: #480 (review)

I don't think there's anything else we can do here sorry.

@jonathanKingston jonathanKingston closed this as not planned Won't fix, can't repro, duplicate, stale Sep 24, 2022
@Ammako
Copy link
Author

Ammako commented Sep 24, 2022
edited

I don't think there's anything else we can do here sorry.

Mozilla is not the only browser. If Mozilla doesn't want it in theirs, that shouldn't prevent it from being done for other browsers?

Why should Mozilla get to dictate what can be done in Chromium?

@Ammako
Copy link
Author

Ammako commented Sep 24, 2022

Note: the suggestion is to prevent DNT from being enabled in the first place. The http header isn't being modified here so this shouldn't break spec either.

@jonathanKingston
Copy link
Collaborator

Right I think that's fair.

I think Mozilla's stance is pretty valid and the correct thing to do would be to disable the setting as you screenshotted... I don't think such an API exists for us to control for Firefox but we could use https://developer.chrome.com/docs/extensions/reference/privacy/ to do this.

I'm going to reopen this but as it stands we don't use this "privacy" permission and it can't be optional, which means all our users would be prompted for the permission; this would account for a very large % drop off in our users which is why we've currently not added it.

@Ammako
Copy link
Author

Ammako commented Sep 26, 2022

Question: for the few sites who do honor DNT, would they benefit from having DNT header in addition to GPC?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonathanKingston @Ammako