arthuredelstein
commented
8 months ago Hi Martin -- thank you very much for your comment.
My thinking around this has been: browsers are more private if GPC is enabled. Users tend to stick with defaults, so enabling GPC by default maximizes the privacy protection afforded to users. To the extent that PrivacyTests is attempting to measure differences in default privacy protections, it seems accurate to note this difference between browsers.
I understand the concern that GPC requires an affirmative choice by users. Brave and DuckDuckGo have taken the position, as I understand it, that if a user chooses a browser designed for privacy, then they have sufficiently expressed their preference. (This position is supported by the California Office of the Attorney General's comment 75 which touches on the default GPC setting in browsers: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-fsor-appendix-e.pdf.)
A number of other browsers present themselves as "private browsers" as well, including Firefox, Mullvad, Tor and Vivaldi. It seems to me that any of these could enable GPC by default.
The GPC-by-default option might not be available to commonly pre-installed browsers that don't have "private browser" reputations, such as Chrome and Edge. Nonetheless I think it would still be accurate and helpful to users for PrivacyTests to report which browsers have GPC enabled by default.
alfredonodo
martinthomson
I'm sure that this will be slightly controversial, but I think that the inclusion of GPC tests under the default settings of a browser is problematic. GPC is about signaling a choice that has been made. Browsers that enable GPC by default are not inherently better than those that offer a choice to enable GPC.
It's true that browsers that enable GPC always are less fingerprintable than browsers that offer a choice. But then, browsers that don't offer GPC at all are also less fingerprintable.
I suggest that this not feature not be included in the dashboard.