-
-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privacy badger sends DNT header even if it is disabled for a site #1260
Comments
Related: #474. |
@ghostwords I was just looking over this issue again, and it seems like all that needs to be done is for this line: |
I think the issue here is that Privacy Badger modifies your browsing on pages you disabled Privacy Badger on (pages belonging to "whitelisted" domains). "Modifies your browsing" specifically means Badger still sets the DNT header. We want Privacy Badger to usually set the DNT header, but perhaps not for requests for resources on "whitelisted" pages. Should we always set the DNT header, or should disabling Privacy Badger on a site mean Privacy Badger stops setting the DNT header for resources on that site? I think, yes, we should try to avoid modifying your browsing in any way if the user disabled Privacy Badger. In that case, we need to check and avoid inserting the DNT header while on whitelisted domains. If we added a test for this, it would be a functional (Selenium-powered) test that checks that Privacy Badger sends DNT on a site; then we disable Badger for that site and confirm that DNT no longer gets sent. To make checking header sending easier, we may set up a little service on an EFF server that responds differently based on whether it got DNT or not. Here is a test we have that uses a similar service to test how many cookies were sent with a request. |
If the user wants to send the DNT signal at all times, even with PB disabled, this can be configured directly in the browser privacy settings. When a user disables Privacy Badger we shouldn't be doing anything (so we shouldn't be sending the DNT signal), that way we avoid other sort of issues. I'll have this added to the FAQ when this change is rolled out. |
White listing a site does not stop Privacy badger in google chrome sending the DNT cookie
So site is disabled.
And packet capture of the headers
And the code sets the DNT anyway
The text was updated successfully, but these errors were encountered: