Open Bug 1495192 Opened 6 years ago Updated 3 months ago

Add a pref to disable Do Not Track in Firefox

Categories

(Core :: Privacy: Anti-Tracking, enhancement, P5)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
62 Branch
Platform:
All
Windows
Type:
enhancement

Tracking

()

People

(Reporter: dasbadyo38, Unassigned)

References

Details

Attachments

(2 files)

donottrack1.png
38.80 KB, image/png
Details
Make Private mode behave like private mode without the DNT header without affecting standard mode in privacy settings
17.59 KB, image/png
Details
Attached image donottrack1.png
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:62.0) Gecko/20100101 Firefox/62.0 Build ID: 20180920131237 Steps to reproduce: I want a option to disable 'Do Not Track' feature in firefox. Currently there are two options - 1. It will be enabled when using Tracking Protection. 2. It will be enabled always. Actual results: There is no option to disable the 'Do Not Track' feature. Expected results: Please add an option to disable Do Not Track feature. So we can get an option to disable Do Not Track fully or not.
Severity: normal → enhancement
Component: Untriaged → Preferences
Johann, can you move this somewhere more appropriate?
Flags: needinfo?(jhofmann)
Where? Actually I am kinda new here.
To the 'Tracking protection'?
OS: Unspecified → Windows
Priority: -- → P1
Hardware: Unspecified → All
Please don't set the priority field. (In reply to Anabadyo from comment #2) > Where? Actually I am kinda new here. The question was not directed at you. Someone else will come along and move this somewhere more appropriate. :-)
Priority: P1 → --
So I think as far as Preferences is concerned this is a WONTFIX (to edge-casey to expose to users in about:preferences), I do think however we could benefit from having an about:config flag for this, because I've also been annoyed when testing Tracking Protection that web properties change their behavior based on this flag and TP sets it by default (this is good behavior on part of the websites but not great for me as a browser developer). Probably not a great priority either, though.
Status: UNCONFIRMED → NEW
Component: Preferences → Tracking Protection
Ever confirmed: true
Flags: needinfo?(jhofmann)
Summary: add an option to disable do not track in firefox → Add a pref to disable Do Not Track in Firefox
Priority: -- → P5
See Also: → 1306855
There is a reason we don't offer an option to turn DNT off and Tracking Protection on. Disconnect will whitelist trackers that honor DNT. So if a tracker is whitelisted since they honor DNT, Tracking Protection will not block them. That tracker will, however, track the user if they don't send the DNT flag. Hence, we tie TP with DNT. I'm not opposed to adding an about:config option for advanced users and developers to get around this and potentially open themselves up to tracking by the whitelisted trackers who honor DNT.
See Also: → 1258033

Only way to make PB mode same as Normal mode without the silly DNT header which acts as a beacon to all sites that you are in Private mode. [Options -> Privacy and security]
Basically this disables tracking protection in private mode, [in standard (default) in Privacy settings, tracking protection is enabled only in private windows, but enabling tracking protection turns on the silly DNT header which broadcasts to the whole world that you are in private mode]

Possibly ublock should do as good a job as tracking protection with or without it being enabled in privacy settings.

Really needs at least an about:config entry. Please consider. Whats the use of a site that probably honors DNT (there is no guarantee that a site honors it), but uses the DNT header to detect that you are in private mode? Example washington post and bloomberg.com. These sites dont let you browse them in Private mode with tracking protection enabled. There's a big overlay proudly proclaiming back to you that you are in private mode, obscuring most of the site.

This is a P5 so we'll take a patch for it :)

Note that this is not the only way websites can tell you're in private mode, most notably in Firefox there's missing IndexedDB support being used right now.

Component: Protections UI → Privacy: Anti-Tracking
Product: Firefox → Core

+1 for this bug. The lack of ability to override the (mostly useless) DNT header also breaks Resist Fingerprinting in that it adds an extra bit of information since Resist Fingerprinting has no way to disable it.

In addition, it breaks Firefox Developer Tools, since "Edit and Resend" is INCAPABLE of overriding the DNT: 1 header. This is misleading and breaks debugging on sites that deliberately use the DNT header to issue misleading responses to Firefox.

Also ran into this as a developer.

I figured I could get around this by simply adding an exception to disable Tracking Protection altogether for my localhost sites, but that still sends the DNT header.

It seems the setting "Only when Firefox is set to block known trackers" applies globally and doesn't take into account TP exceptions, which is pretty confusing. Not sure if that part is deliberate as well, or could be considered a bug.

For now I switched to "Custom" and turned off "Tracking content", but I'd rather use "Strict" so I automatically benefit from future protections.

I also don't want to use a random extension like https://addons.mozilla.org/en-US/firefox/addon/remove-dnt-donottrack-header/ which needs full permission to all website data.

(In reply to Markus Koller from comment #10)

I also don't want to use a random extension like https://addons.mozilla.org/en-US/firefox/addon/remove-dnt-donottrack-header/ which needs full permission to all website data.

People don't usually describe my extensions as "random". ;-)

The extension needs full permission in order to change all requests automatically. If you want a personal version that only targets one host, try this:

(1) Download the source from Github as a ZIP file

(2) Extract the ZIP file somewhere convenient

(3) Edit the host permission

In manifest.json on line 18 change "<all_urls>" to match your host name, for example, "https://localhost/*"

(Note, I have not tested with localhost.)

(4) Edit the filter

In background.js on line 23 change "<all_urls>" to match your host name, for example, "https://localhost/*"

(Note, I have not tested with localhost.)

(5) Test using the about:debugging page and loading the edited code as a temporary extension

See: https://developer.mozilla.org/en-US/docs/Tools/about:debugging#Loading_a_temporary_extension

If it works, you can submit it to the Add-ons site for signature (as a self-distributed extension) and then you could install it permanently. https://extensionworkshop.com/documentation/publish/self-distribution/

(In reply to jscher2000 from comment #11)

People don't usually describe my extensions as "random". ;-)

Oh haha no offense intended, I wasn't familiar with your work and you definitely seem trustworthy enough ;-) I meant "random" as in, it was the first one that came up when searching for "Do Not Track", only seems to have 3 users, and the usual warning about it not being monitored for security by Mozilla.

But thanks for posting the details to customize it! In my case I use various "$APPNAME.localhost:$PORT" URLs, so it's not really a convenient solution either.

I'm mainly curious what the Firefox developers think about this part from my comment, disabling DNT based on site exceptions seems like a good solution from my (limited) perspective:

I figured I could get around this by simply adding an exception to disable Tracking Protection altogether for my localhost sites, but that still sends the DNT header.

It seems the setting "Only when Firefox is set to block known trackers" applies globally and doesn't take into account TP exceptions, which is pretty confusing. Not sure if that part is deliberate as well, or could be considered a bug.

Severity: normal → S3

This bug has idled for a long time, and still has the privacy developer tool breaking issues. Based on Comment #6, it seems like mozilla devs are open to an about:config pref - that would solve all my issues with this. I don't understand why it should whitelist "good" trackers - I'd just as soon a hidden option that allows me to do this and always block all trackers, but at least for the cases of privacy and developer tool debugging, behaving just like the normal browser with DNT disabled would probably be better anyway.

So. +1 for the comment #6 solution from 4 years ago 😝

In Nightly (119.0a1 (2023-08-31) (64-bit)) no matter what I do I send

DNT: 1

header. This is with it unchecked in Prefs, tracking protection off, etc.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: