New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Block browser Do Not Track setting from being enabled #1417
Comments
We used to remove the header and APIs but was requested by Mozilla not to; a little bit of the explanation is here: #480 (review) I don't think there's anything else we can do here sorry. |
Mozilla is not the only browser. If Mozilla doesn't want it in theirs, that shouldn't prevent it from being done for other browsers? Why should Mozilla get to dictate what can be done in Chromium? |
Note: the suggestion is to prevent DNT from being enabled in the first place. The http header isn't being modified here so this shouldn't break spec either. |
Right I think that's fair. I think Mozilla's stance is pretty valid and the correct thing to do would be to disable the setting as you screenshotted... I don't think such an API exists for us to control for Firefox but we could use https://developer.chrome.com/docs/extensions/reference/privacy/ to do this. I'm going to reopen this but as it stands we don't use this "privacy" permission and it can't be optional, which means all our users would be prompted for the permission; this would account for a very large % drop off in our users which is why we've currently not added it. |
Question: for the few sites who do honor DNT, would they benefit from having DNT header in addition to GPC? |
Summary
Do Not Track is rarely respected (if ever), and only gives websites yet another datapoint they can use to track you. It should be force-disabled to prevent users from enabling something that would only harm their privacy.
As per DuckDuckGo themselves: https://spreadprivacy.com/do-not-track/
Motivation
Global Privacy Control supersedes Do Not Track, and actually has legislation supporting it this time around. Until every major browser removes DNT, users should be encouraged to use GPC via the extension instead of enabling DNT in their browser settings.
Most users aren't aware that DNT is not helpful or that it can even actively harm their privacy. Firefox even enables it by default on Private Browsing windows, which is problematic. You'd expect enhanced privacy when in Private Browsing, not the other way around.
Additional context
Would be nice to have, it's not particularly urgent though. It's possible that the extension already prevents DNT headers from being sent in favor of GPC, but this isn't entirely clear at the moment. I would expect something like this:
The text was updated successfully, but these errors were encountered: