My little irritation with Firefox's current handling of 'Do-Not-Track'
proposed HTTP feature was either a noble or naive attempt by various
people to get websites not to track you if you asked them not to.
It worked about as well as you'd expect, which
is to say not at all in practice. Allegedly, for a long time having
your browser send a
DNT header made it easier to fingerprint you
because so few people did it that you stood out all the more.
(This may no longer be the case, for reasons we're about to see.)
For a long time, Firefox provided a setting to send or not send a
DNT header with requests. Although I already used a variety of
Firefox addons and settings to stop being tracked, I turned this
setting on basically as a gesture to websites to tell them they
had no excuse. I didn't worry about this making me easier to
fingerprint, because even without DNT my particular combination
of User-Agent and other browser attributes was generally very
close to unique (as measured by eg the EFF's Panopticlick).
Recently, two things happened here. The first is that Firefox changed its Do-Not-Track behavior when they added tracking protection as part of their content blocking. After this was added, your two choices with DNT are either sending it all the time or sending it if you have Firefox block tracking; there is no option to have Firefox block tracking but not send a DNT header. At one level this makes perfect sense, but at another level it runs into the the second issue, which is that I found some websites that behave differently in an inconvenient way if DNT is set. Specifically, Medium will block certain embedded content in Medium articles (both on its own site and on sites that just publish with Medium, which is a lot of it), as covered (currently) in Medium's Do Not Track Policy. For me, clicking through often doesn't work very well, so I would like it if Medium didn't do this.
Although it pains me, what I should probably do is turn off Firefox's own tracking protections to whatever degree is required to not trigger this Medium behavior. I'm already relying on uBlock Origin for my anti-tracking protection, so the built in stuff in Firefox is just a backup and may not be doing anything for me in general. Of course, this assumes that I've correctly understood what is going on here with Medium in the first place, because it's always possible that something else about my environment is triggering their 'DNT' stuff (for example, perhaps uBlock Origin is blocking something).
(I was going to be confident about what was going on, but then I started trying to verify that my Firefox was or wasn't sending a DNT header under various circumstances. Now I'm a lot less sure.)
Comments on this page: