Enhanced Tracking Protection and the DNT and GPC signals
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P3)
Tracking
()
People
(Reporter: EpicTux123, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0
Steps to reproduce:
"Enhanced Tracking Protection" on "Strict" mode sends the "Do Not Track" (DNT) signal. I believe the "Global Privacy Control" (GPC) signal should be sent as well.
As far as I can tell, both signals are sent when using Private Browsing mode, regardless of ETP settings.
Or, on the contrary, the DNT signal should not be sent to avoid fingerprinting. Tor Browser does not send either of the signals even on its "Safest" security level.
|
||
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
Reporter | |
Comment 2•1 year ago
|
||
Update: Tor Browser sents the GPC signal but not the DNT signal due to the fact that it uses "Always private browsing" mode.
I believe that Firefox could change in a way that you either send both DNT+GPC, or you send none of them. (This would also reflect in about:config.)
So "Website Privacy Preferences" would only have one checkbox, and ETP on Strict would still be a user choice (ETP Standard = sends no signals, ETP Strict = sends both).
|
|
Reporter | |
Comment 3•1 year ago
|
||
Enforcing either DNT+GPC or none would also reduce fingerprint. ETP on Strict, as of right now, generates a fingerprint due to the DNT header.
If we can individually choose between using DNT and/or GPC, we have more cases of fingerprinting. If we can only choose between both and none, we only have 2 states of fingerprinting.
Description
•