1936761 - Bring back Do Not Track and merge with GPC

Status: UNCONFIRMED

(Core :: Privacy: Anti-Tracking, enhancement)

Description

[Sugar2622]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0

Steps to reproduce:

Firefox 135 has removed the feature of sending a "do not track" header, as it was not respected by most websites.

Actual results:

However, DNT is legally recognised in Germany.

"The Berlin District Court upheld vzbv’s [consumer organisation] view that the company’s [LinkedIn] statement was misleading, as it suggested that use of the DNT signal was legally irrelevant and that the company was under no obligation to observe it. This is, in fact, not the case. According to the General Data Protection Regulation (GDPR), the right to object to the processing of personal data can also be expressed using an automated procedure. A DNT signal represents a valid objection."

https://www.vzbv.de/en/court-prohibits-linkedins-data-privacy-infringements
https://wideangle.co/blog/do-not-track-gdpr-opt-out

Expected results:

I understand the concern of the DNT signal adding further fingerprinting potential. However, if we just merged DNT into the GPC feature, this should not be a problem. So you would have "GPC & DNT both enabled" or "both disabled".

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 2

[Allen K]

Firefox 135 didn't remove the DNT header. It only removed the checkbox in about:preferences. The DNT header is still sent as 1 if "tracking content" is blocked in "Enhanced Tracking Protection" (either as "Custom" or "Strict") or if browsing in a private window.