📝 Correction | privacy.trackingprotection.enabled makes the browser send the DNT header

Question

📝 Correction | privacy.trackingprotection.enabled makes the browser send the DNT header

lorenzo9uerra opened this issue 3 years ago · 6 comments

Description

I have noticed that setting privacy.trackingprotection.enabled to true makes the browser send DNT to every website. While this was theoretically a nice improvement when it was created, now it's not used by almost any website and insted helps tracking a lot, since very few browsers send this header.

Why I am making the suggestion

This feature is counterproductive to users' privacy

My connection with the software

I use firefox daily and I noticed the header sent to every website

I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

Answer 1 · 2021-08-26T11:06:58.000Z

I don't see the issue. Most users will have tracking protection and DNT enabled by now.

Answer 2 · 2021-08-26T11:20:43.000Z

They don't, most browsers don't have it enabled by default, including chrome, ungoogled-chromium, firefox, brave and bromite. Which means that only the few that enabled it manually are actually sending DNT, which makes fingerprinting much easier. And websites simply don't respect the DNT header, which is why it's being deprecated

Answer 3 · 2021-08-27T10:28:31.000Z

Can you please set ETP to Strict (without setting DNT to always) and test if the header is sent? PTIO is moving in the direction of just setting ETP to strict without tweaking from about:config. And it would be interesting to know if then DNT is sent.
It's true, most browsers don't send DNT by default (only librewolf does that AFAIK, which is a really bad idea. But again, who cares)

Answer 4 · 2021-08-27T11:59:16.000Z

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

Answer 5 · 2021-08-27T12:52:03.000Z

Yeah, setting ETP to Strict both firefox desktop and mobile send DNT. Using every other tweak privacytools suggests except privacy.trackingprotection.enabled firefox doesn't send DNT

Yeah so you will be in the pool of all people that have strict mode on. As long as you do not modify anything else I do not see the issue. I think Firefox purposefully does this so that more people with have DNT and therefore you won't stand out.

Answer 6 · 2021-08-27T12:59:16.000Z

Exactly, you'll be in the small pool of people who use firefox, and in that pool you will be in the section of those who set strict ETP on. That's excactly why it makes fingerprinting easier. And since nobody uses it for its purpose, it can be used to target those who care for their privacy, so they can advertise VPNs and tech-related stuff