Closed Bug 1928087 Opened 9 months ago Closed 9 months ago

Remove DNT control from about:preferences#privacy

Categories

(Core :: Privacy: Anti-Tracking, enhancement)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
135 Branch
Tracking Flags:
Tracking Status
relnote-firefox --- 135+
firefox135 --- fixed

People

(Reporter: bvandersloot, Assigned: bvandersloot)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1928087 - Remove DNT control from about:preferences#privacy - r=pbz!
48 bytes, text/x-phabricator-request
Details | Review

This is a good alternative to Bug 1855798, and still allows users to manipulate the pref in about:config. It also doesn't make the UI behave weirdly.

The downside here is that we leave a ghost preference around and are taking away a (mostly useless, maybe more harmful than useful) control.

Assignee: nobody → bvandersloot
Status: NEW → ASSIGNED
Attachment #9436167 - Attachment is obsolete: true
Pushed by bvandersloot@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/77e81e8c36ad Remove DNT control from about:preferences#privacy - r=pbz,fluent-reviewers,settings-reviewers,flod,Gijs

https://hg.mozilla.org/mozilla-central/rev/77e81e8c36ad

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
status-firefox135: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch

Please restore the Do Not Track feature to Firefox's user interface.

In 2011, Mozilla brought us the wonderful Do Not Track feature. It was soon adopted by other major browser makers. In 2014, it became law for any website offering service to Californians to include a Do Not Track disclosure in its privacy policy. Do Not Track became a standard aspect of privacy policies. Today privacy policy generating tools have made it easy for a website to disclose a Do Not Track stance. Today numerous analytics tools make it simple for a website to implement a Do Not Track choice. Multiple websites demonstrate example code for how websites can implement a Do Not Track choice for the remaining analytics tools.

Many websites have disclosed a stance of not obeying Do Not Track.

Hundreds of websites have instead chosen to disclose a stance of obeying Do Not Track. These websites include medical offices, restaurants, websites for children, government websites, and many other subjects. Some of these websites may not ever service Californians but perhaps they like the principle of Do Not Track and have chosen to adopt it.

Statistics over the last 6 years demonstrate more than 22% of Internet users enabling Do Not Track. Statistics from 2024 indicate 32.5% of users use an addon to block JavaScript. Taking an estimate of 75% of users who enable Do Not Track also being users who would use an addon to block JavaScript would mean 16.5% of users doing both. 16.5 is more than half of 32.5. For fingerprinting, all users are recommended to enable Do Not Track, to blend in with the majority for users who block JavaScript or because other forms of JavaScript fingerprinting can already uniquely identify users who do not block JavaScript.

Mozilla statistics for Firefox Do Not Track usage may be lower due to possible forms of bias and any percentage tracked by Mozilla can be considered a minimum value. Bias can come from multiple scenarios. Users who use DNS to block Firefox telemetry are likely the type of people who will enable Do Not Track and Mozilla will not record these users. Public institutions offering computers for public usage and school computer rooms may restore a default profile for each user, meaning Mozilla may collect the default Do Not Track value before a user has a chance to enable the setting, and the Firefox profile may be reset when the user logs out before Mozilla has a chance to record the user's choice.

California law apparently allows users rights regarding sensitive personal information. Four categories are relevant: a) not to sell user data to fourth parties, b) not to share user data with fourth parties, c) not to share user data with third party analytics products, and d) limit the website's use of user data.

According to research by Steve Gibson from visiting a popular technology website, an enabled Global Privacy Control signal limits a) and b) but does not prevent c) and d). Examined implementations of Do Not Track limit c), meaning a), b), and d) are implicitly limited when a website obeys Do Not Track signals since you cannot sell, share, or use what you did not collect.

Steve Gibson also described how Global Privacy Control was developed on that popular website to examine a user's location and only apply the minimum legal requirements. At the time of his research, privacy law in Virginia existed but since it did not explicitly mention Global Privacy Control, the website was not expected to obey a Global Privacy Control signal from a user in Virginia. Examined implementations of Do Not Track apply the setting universally to all Internet users on websites which obey Do Not Track signals.

Steve Gibson further clarifies by saying in contrast to Do Not Track, Global Privacy Control is explicitly not about preventing tracking.

Businesses in Germany are legally required to obey Do Not Track signals.

There are sufficient reasons to maintain both Do Not Track and Global Privacy Control in Firefox's user interface, with them serving different roles and being supported by different legal frameworks.

Additional supporting information is available. https://mander.xyz/post/24524978

Flags: needinfo?(bvandersloot)

Raised Bug 1949550 to track my feedback.

Flags: needinfo?(bvandersloot)
Blocks: 1967420
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: