📝 Correction | privacy.trackingprotection.enabled makes the browser send the DNT header #2414

New Issue

2021-08-26T10:36:32Z

lorenzo9uerra commented

2021-08-26 10:36:32 +00:00

(Migrated from github.com)

Description

I have noticed that setting privacy.trackingprotection.enabled to true makes the browser send DNT to every website. While this was theoretically a nice improvement when it was created, now it's not used by almost any website and insted helps tracking a lot, since very few browsers send this header.

Why I am making the suggestion

This feature is counterproductive to users' privacy

My connection with the software

I use firefox daily and I noticed the header sent to every website

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

## Description I have noticed that setting `privacy.trackingprotection.enabled` to `true` makes the browser send DNT to every website. While this was theoretically a nice improvement when it was created, now it's not used by almost any website and insted helps tracking a lot, since very few browsers send this header. ## Why I am making the suggestion This feature is counterproductive to users' privacy ## My connection with the software I use firefox daily and I noticed the header sent to every website - [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

👍 1

ph00lt0 commented

2021-08-26 11:06:58 +00:00

(Migrated from github.com)

I don't see the issue. Most users will have tracking protection and DNT enabled by now.

lorenzo9uerra commented

2021-08-26 11:20:43 +00:00

(Migrated from github.com)

They don't, most browsers don't have it enabled by default, including chrome, ungoogled-chromium, firefox, brave and bromite. Which means that only the few that enabled it manually are actually sending DNT, which makes fingerprinting much easier. And websites simply don't respect the DNT header, which is why it's being deprecated

youdontneedtoknow22 commented

2021-08-27 10:28:31 +00:00

(Migrated from github.com)

Can you please set ETP to Strict (without setting DNT to always) and test if the header is sent? PTIO is moving in the direction of just setting ETP to strict without tweaking from about:config. And it would be interesting to know if then DNT is sent.
It's true, most browsers don't send DNT by default (only librewolf does that AFAIK, which is a really bad idea. But again, who cares)

Can you please set ETP to Strict (without setting DNT to always) and test if the header is sent? PTIO is moving in the direction of just setting ETP to strict without tweaking from about:config. And it would be interesting to know if then DNT is sent. It's true, most browsers don't send DNT by default (only librewolf does that AFAIK, which is a really bad idea. But again, who cares)

lorenzo9uerra commented

2021-08-27 11:59:16 +00:00

(Migrated from github.com)

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except `privacy.trackingprotection.enabled` firefox doesn't send DNT

ph00lt0 commented

2021-08-27 12:52:03 +00:00

(Migrated from github.com)

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

Yeah so you will be in the pool of all people that have strict mode on. As long as you do not modify anything else I do not see the issue. I think Firefox purposefully does this so that more people with have DNT and therefore you won't stand out.

> Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except `privacy.trackingprotection.enabled` firefox doesn't send DNT Yeah so you will be in the pool of all people that have strict mode on. As long as you do not modify anything else I do not see the issue. I think Firefox purposefully does this so that more people with have DNT and therefore you won't stand out.

lorenzo9uerra commented

2021-08-27 12:59:16 +00:00

(Migrated from github.com)

Exactly, you'll be in the small pool of people who use firefox, and in that pool you will be in the section of those who set strict ETP on. That's excactly why it makes fingerprinting easier. And since nobody uses it for its purpose, it can be used to target those who care for their privacy, so they can advertise VPNs and tech-related stuff

This repo is archived. You cannot comment on issues.