Add a pref to disable Do Not Track in Firefox
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P5)
Tracking
()
People
(Reporter: dasbadyo38, Unassigned)
References
Details
Attachments
(2 files)
Comment 1•6 years ago
|
||
Comment 4•6 years ago
|
||
Comment 5•6 years ago
|
||
Updated•6 years ago
|
Comment 6•6 years ago
|
||
Only way to make PB mode same as Normal mode without the silly DNT header which acts as a beacon to all sites that you are in Private mode. [Options -> Privacy and security]
Basically this disables tracking protection in private mode, [in standard (default) in Privacy settings, tracking protection is enabled only in private windows, but enabling tracking protection turns on the silly DNT header which broadcasts to the whole world that you are in private mode]
Possibly ublock should do as good a job as tracking protection with or without it being enabled in privacy settings.
Really needs at least an about:config entry. Please consider. Whats the use of a site that probably honors DNT (there is no guarantee that a site honors it), but uses the DNT header to detect that you are in private mode? Example washington post and bloomberg.com. These sites dont let you browse them in Private mode with tracking protection enabled. There's a big overlay proudly proclaiming back to you that you are in private mode, obscuring most of the site.
Comment 8•5 years ago
|
||
This is a P5 so we'll take a patch for it :)
Note that this is not the only way websites can tell you're in private mode, most notably in Firefox there's missing IndexedDB support being used right now.
+1 for this bug. The lack of ability to override the (mostly useless) DNT header also breaks Resist Fingerprinting in that it adds an extra bit of information since Resist Fingerprinting has no way to disable it.
In addition, it breaks Firefox Developer Tools, since "Edit and Resend" is INCAPABLE of overriding the DNT: 1 header. This is misleading and breaks debugging on sites that deliberately use the DNT header to issue misleading responses to Firefox.
Comment 10•4 years ago
|
||
Also ran into this as a developer.
I figured I could get around this by simply adding an exception to disable Tracking Protection altogether for my localhost
sites, but that still sends the DNT header.
It seems the setting "Only when Firefox is set to block known trackers" applies globally and doesn't take into account TP exceptions, which is pretty confusing. Not sure if that part is deliberate as well, or could be considered a bug.
For now I switched to "Custom" and turned off "Tracking content", but I'd rather use "Strict" so I automatically benefit from future protections.
I also don't want to use a random extension like https://addons.mozilla.org/en-US/firefox/addon/remove-dnt-donottrack-header/ which needs full permission to all website data.
Comment 11•4 years ago
|
||
(In reply to Markus Koller from comment #10)
I also don't want to use a random extension like https://addons.mozilla.org/en-US/firefox/addon/remove-dnt-donottrack-header/ which needs full permission to all website data.
People don't usually describe my extensions as "random". ;-)
The extension needs full permission in order to change all requests automatically. If you want a personal version that only targets one host, try this:
(1) Download the source from Github as a ZIP file
- Open https://github.com/jscher2000/Remove-DNT-Do-Not-Track-Header
- Click the green Get Code button
- Click Download ZIP
(2) Extract the ZIP file somewhere convenient
(3) Edit the host permission
In manifest.json on line 18 change "<all_urls>"
to match your host name, for example, "https://localhost/*"
(Note, I have not tested with localhost.)
(4) Edit the filter
In background.js on line 23 change "<all_urls>"
to match your host name, for example, "https://localhost/*"
(Note, I have not tested with localhost.)
(5) Test using the about:debugging page and loading the edited code as a temporary extension
See: https://developer.mozilla.org/en-US/docs/Tools/about:debugging#Loading_a_temporary_extension
If it works, you can submit it to the Add-ons site for signature (as a self-distributed extension) and then you could install it permanently. https://extensionworkshop.com/documentation/publish/self-distribution/
Comment 12•4 years ago
|
||
(In reply to jscher2000 from comment #11)
People don't usually describe my extensions as "random". ;-)
Oh haha no offense intended, I wasn't familiar with your work and you definitely seem trustworthy enough ;-) I meant "random" as in, it was the first one that came up when searching for "Do Not Track", only seems to have 3 users, and the usual warning about it not being monitored for security by Mozilla.
But thanks for posting the details to customize it! In my case I use various "$APPNAME.localhost:$PORT" URLs, so it's not really a convenient solution either.
I'm mainly curious what the Firefox developers think about this part from my comment, disabling DNT based on site exceptions seems like a good solution from my (limited) perspective:
I figured I could get around this by simply adding an exception to disable Tracking Protection altogether for my localhost sites, but that still sends the DNT header.
It seems the setting "Only when Firefox is set to block known trackers" applies globally and doesn't take into account TP exceptions, which is pretty confusing. Not sure if that part is deliberate as well, or could be considered a bug.
Updated•2 years ago
|
Comment 13•2 years ago
|
||
This bug has idled for a long time, and still has the privacy developer tool breaking issues. Based on Comment #6, it seems like mozilla devs are open to an about:config pref - that would solve all my issues with this. I don't understand why it should whitelist "good" trackers - I'd just as soon a hidden option that allows me to do this and always block all trackers, but at least for the cases of privacy and developer tool debugging, behaving just like the normal browser with DNT disabled would probably be better anyway.
So. +1 for the comment #6 solution from 4 years ago 😝
Comment 14•1 year ago
|
||
In Nightly (119.0a1 (2023-08-31) (64-bit)) no matter what I do I send
DNT: 1
header. This is with it unchecked in Prefs, tracking protection off, etc.
Description
•