jpd236
commented
3 years ago Thanks for reaching out!
From what I understand here, the use cases that Volley is designed to handle are a bit orthogonal to those that GPC is tackling. Volley is really built around RPC-type operations, where an application is making API calls with a trusted backend. It isn't designed for or meant to dispatch arbitrary user requests for a user browsing the internet, which feels to me like what this effort is largely meant to handle - a global setting on (for example) a web browser that propagates a header to all outgoing requests.
Beyond that, since it's just a header in requests, it should be easy for app developers to opt into supporting this already, either by overriding Request#getHeaders for each of their requests, or extending one of the existing HTTP stacks to apply this header globally.
Overall, I think we'd have the same stance here that OkHttp had in https://github.com/square/okhttp/issues/6683 - reasonable idea, and Volley should not get in the way of app developers opting to include it as tied to their own "Do Not Track" settings within their own applications as they see fit, but probably not appropriate to be added to the library itself.
Is there interest to include Global Privacy Control (GPC) in Volley?
The idea of GPC is to give users a setting to opt out from tracking by attaching a respective flag to some or all HTTP requests leaving a device. Major publishers, such as The New York Times and Washington Post, are already honoring GPC. Various browsers, such as Brave and the DuckDuckGo browser, and extensions have also implemented GPC settings. For the Google Ad Manager
It would be nice to bring GPC to the mobile ecosystem. As privacy becomes more ingrained in the technical app and web infrastructure an HTTP library like Volley seems to me a natural place for enabling HTTP-based privacy functionality. That does not mean that every developer using Volley needs to make use of GPC, but rather that the option is provided. I am thinking of an API that app or library developers could use, for example, in combination with a setting page in their app or library that would allow users to enable GPC.
Also, as you may be wondering, a major difference to the earlier Do Not Track (DNT) effort is that the California Attorney General will actually enforce GPC.
Here is the draft spec if anyone is interested in the details. Full disclosure: GPC is a community and academic project. I am computer science professor at Wesleyan University and one of the initiators of GPC.
Looking forward to discuss ...