Open Ammako opened 1 year ago
jonathanKingston
commented
1 year ago We used to remove the header and APIs but was requested by Mozilla not to; a little bit of the explanation is here: https://github.com/duckduckgo/duckduckgo-privacy-extension/pull/480#pullrequestreview-465371980
I don't think there's anything else we can do here sorry.
Ammako
commented
1 year ago I don't think there's anything else we can do here sorry.
Mozilla is not the only browser. If Mozilla doesn't want it in theirs, that shouldn't prevent it from being done for other browsers?
Why should Mozilla get to dictate what can be done in Chromium?
Ammako
commented
1 year ago Note: the suggestion is to prevent DNT from being enabled in the first place. The http header isn't being modified here so this shouldn't break spec either.
jonathanKingston
commented
1 year ago Right I think that's fair.
I think Mozilla's stance is pretty valid and the correct thing to do would be to disable the setting as you screenshotted... I don't think such an API exists for us to control for Firefox but we could use https://developer.chrome.com/docs/extensions/reference/privacy/ to do this.
I'm going to reopen this but as it stands we don't use this "privacy" permission and it can't be optional, which means all our users would be prompted for the permission; this would account for a very large % drop off in our users which is why we've currently not added it.
Ammako
commented
1 year ago Question: for the few sites who do honor DNT, would they benefit from having DNT header in addition to GPC?
eligrey
commented
2 months ago This change would hurt the privacy of users of sites with consent management systems that do respect this flag.
GPC indicates an opt-out of of sale/sharing of personal info.
DNT indicates an opt-out of all unessential tracking.
Transcend Consent Management's default config affords more privacy protections to DNT than GPC.
Summary
Do Not Track is rarely respected (if ever), and only gives websites yet another datapoint they can use to track you. It should be force-disabled to prevent users from enabling something that would only harm their privacy.
As per DuckDuckGo themselves: https://spreadprivacy.com/do-not-track/
Motivation
Global Privacy Control supersedes Do Not Track, and actually has legislation supporting it this time around. Until every major browser removes DNT, users should be encouraged to use GPC via the extension instead of enabling DNT in their browser settings.
Most users aren't aware that DNT is not helpful or that it can even actively harm their privacy. Firefox even enables it by default on Private Browsing windows, which is problematic. You'd expect enhanced privacy when in Private Browsing, not the other way around.
Additional context
Would be nice to have, it's not particularly urgent though. It's possible that the extension already prevents DNT headers from being sent in favor of GPC, but this isn't entirely clear at the moment. I would expect something like this: