DNT HTTP header #11
Comments
|
The DNT and tracking protection are two different subjects. You are absolutely right, that it's up to the website to decide, whether to respect DNT or not. As with all security, these kind of controls can not be implemented client-side. Even though I also think, that this doesn't help at all, I somehow naively would like to believe that somewhere out there is this one site that actually respects this :) Probably there isn't. And I think the "suspicious behaviour" aspect is already lost altogether, by all these tweaks. I'm pretty sure there are a whole bunch of other red flags for those who care to notice. If you have any references to some studies about the effects of DNT, please link them here. I'll leave the DNT enabled for now, but I think I'll leave this issue open also in hopes of more discussion, as this is a good topic and a matter of debate. Thanks for the input! |
|
Ah yes, I understand that, and quoted the wrong thing. I am aware of Mozilla's Polaris project that uses Disconnect's list to block certain scripts, cookies, and whatever else (though, admitedly, I would much rather use uBlock, and Policeman in default-deny mode, or just one of them if I had to pick between Disconnect and a single extension). I do agree that hardening your browser may set off a few red flags, but nothing quite as flamboyant as admitting to not wanting to be tracked across domains. Not being a low hanging fruit is certainly a very good thing, but you're actively indicating you'd rather not be tracked which, in their mind, directly translates to "he's got something to hide." There are no studies on DNT that I know of, though we could in theory try to measure its effects to a degree. I suppose I will look into it and report back with results! Lots of users would benefit from this. I shall draft the methodology tomorrow, or on monday. |
|
Enabling DNT presumably makes browser fingerprinting easier. See https://amiunique.org/. |
I don't think identifiability itself is enough to justify the removal of this setting. There are so many settings in this project that makes us quite unique anyway. There's no way of blending in at this point I'm afraid. Also I think that DNT is slowly starting to be a setting for average users. What I mean is, that it's available in most of the GUIs and not hidden in the depths of |
What is the default setting for most of them? |
Probably off. Not entirely sure though. |
|
I'll still be using it :) But as it's so simple for the users to control it by themselves (even from the GUI), I think we can leave it commented out. |
|
This is interesting. This must be the first service I see, that at least claims to (somewhat) respect DNT: https://support.twitter.com/articles/20169453-twitter-supports-do-not-track |
|
Standard IANAL Sorry for necro, but a german (berlin regional) court semi-recently ruled that the DNT signal is legally relevent, persuitant to GDPR. More cases would be needed, but other european countries are moving towards a simillar stance. It is unclear what legally relavent means, but it likely means its akin to something like cookie consent. I think it may be worth revisiting its default value if things keep going the way they are. EDIT: After a bit of digging, the |
and others
This is actually counterproductive. Websites are not forced to honour the browser's request to not be tracked and thus, you are more likely to be tracked across the web for displaying "suspicious behaviour."
The superior approach is to not include anything in the HTTP header.
The text was updated successfully, but these errors were encountered: