Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

📝 Correction | privacy.trackingprotection.enabled makes the browser send the DNT header #2414

Open
1 task done
lorenzo9uerra opened this issue Aug 26, 2021 · 6 comments
Open
1 task done

📝 Correction | privacy.trackingprotection.enabled makes the browser send the DNT header #2414

lorenzo9uerra opened this issue Aug 26, 2021 · 6 comments
Labels
📝 correction Correction of content on the website

Comments

@lorenzo9uerra
Copy link

Description

I have noticed that setting privacy.trackingprotection.enabled to true makes the browser send DNT to every website. While this was theoretically a nice improvement when it was created, now it's not used by almost any website and insted helps tracking a lot, since very few browsers send this header.

Why I am making the suggestion

This feature is counterproductive to users' privacy

My connection with the software

I use firefox daily and I noticed the header sent to every website

  • I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
@lorenzo9uerra lorenzo9uerra added the 📝 correction Correction of content on the website label Aug 26, 2021
@ph00lt0
Copy link

ph00lt0 commented Aug 26, 2021

I don't see the issue. Most users will have tracking protection and DNT enabled by now.

@lorenzo9uerra
Copy link
Author

lorenzo9uerra commented Aug 26, 2021
edited
Loading

They don't, most browsers don't have it enabled by default, including chrome, ungoogled-chromium, firefox, brave and bromite. Which means that only the few that enabled it manually are actually sending DNT, which makes fingerprinting much easier. And websites simply don't respect the DNT header, which is why it's being deprecated

@youdontneedtoknow22
Copy link

Can you please set ETP to Strict (without setting DNT to always) and test if the header is sent? PTIO is moving in the direction of just setting ETP to strict without tweaking from about:config. And it would be interesting to know if then DNT is sent.
It's true, most browsers don't send DNT by default (only librewolf does that AFAIK, which is a really bad idea. But again, who cares)

@lorenzo9uerra
Copy link
Author

lorenzo9uerra commented Aug 27, 2021
edited
Loading

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

@ph00lt0
Copy link

ph00lt0 commented Aug 27, 2021

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

Yeah so you will be in the pool of all people that have strict mode on. As long as you do not modify anything else I do not see the issue. I think Firefox purposefully does this so that more people with have DNT and therefore you won't stand out.

@lorenzo9uerra
Copy link
Author

Exactly, you'll be in the small pool of people who use firefox, and in that pool you will be in the section of those who set strict ETP on. That's excactly why it makes fingerprinting easier. And since nobody uses it for its purpose, it can be used to target those who care for their privacy, so they can advertise VPNs and tech-related stuff

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
📝 correction Correction of content on the website
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ph00lt0 @lorenzo9uerra @youdontneedtoknow22