My little irritation with Firefox's current handling of 'Do-Not-Track'

October 18, 2019

The Do-Not-Track proposed HTTP feature was either a noble or naive attempt by various people to get websites not to track you if you asked them not to. It worked about as well as you'd expect, which is to say not at all in practice. Allegedly, for a long time having your browser send a DNT header made it easier to fingerprint you because so few people did it that you stood out all the more.

(This may no longer be the case, for reasons we're about to see.)

For a long time, Firefox provided a setting to send or not send a DNT header with requests. Although I already used a variety of Firefox addons and settings to stop being tracked, I turned this setting on basically as a gesture to websites to tell them they had no excuse. I didn't worry about this making me easier to fingerprint, because even without DNT my particular combination of User-Agent and other browser attributes was generally very close to unique (as measured by eg the EFF's Panopticlick).

Recently, two things happened here. The first is that Firefox changed its Do-Not-Track behavior when they added tracking protection as part of their content blocking. After this was added, your two choices with DNT are either sending it all the time or sending it if you have Firefox block tracking; there is no option to have Firefox block tracking but not send a DNT header. At one level this makes perfect sense, but at another level it runs into the the second issue, which is that I found some websites that behave differently in an inconvenient way if DNT is set. Specifically, Medium will block certain embedded content in Medium articles (both on its own site and on sites that just publish with Medium, which is a lot of it), as covered (currently) in Medium's Do Not Track Policy. For me, clicking through often doesn't work very well, so I would like it if Medium didn't do this.

Although it pains me, what I should probably do is turn off Firefox's own tracking protections to whatever degree is required to not trigger this Medium behavior. I'm already relying on uBlock Origin for my anti-tracking protection, so the built in stuff in Firefox is just a backup and may not be doing anything for me in general. Of course, this assumes that I've correctly understood what is going on here with Medium in the first place, because it's always possible that something else about my environment is triggering their 'DNT' stuff (for example, perhaps uBlock Origin is blocking something).

(I was going to be confident about what was going on, but then I started trying to verify that my Firefox was or wasn't sending a DNT header under various circumstances. Now I'm a lot less sure.)

Comments on this page:

By Jukka at 2019-10-19 08:31:33:

One interesting aspect is the sort-of-maybe-in-theory recoming of the DNT due to the GDPR and other regulations. In a sense, setting it for each HTTP request kind of explicitly announces that you are not giving a consent for tracking.

Written on 18 October 2019.
« Remembering that Django template code is not quite your Django Python code
Ubuntu LTS is (probably) still the best Linux for us and many people »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Oct 18 22:43:49 2019
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.