this post was submitted on 10 Dec 2024
64 points (78.1% liked)

Firefox

18050 readers
249 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 70 points 2 weeks ago (2 children)

title makes it look like firefox is just removing yet another security feature as part of its enshittification process, but reading the article it looks like it makes sense

  • not a lot of websites respect dnt
  • it might serve as an identifier, i think
[–] [email protected] 32 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

removing ~~yet another~~ security ~~feature~~ theatre.

DNT was always just an honor system, and can be used as another data point for fingerprinting.

[–] [email protected] 15 points 1 week ago

Yeah, I'm not too mad about this. It's a good idea, but without legal weight behind it, it ultimately failed. Ideally GDPR and similar regulations would provide something similar, so I can set my preference once and every site would be required to respect it. That would be much better that the current situation, which is that I am forced to navigate every asshole site's custom cookie notice. Each one's a little different, and some of them break certain browser configurations. It's a UX nightmare. This is probably by design — annoy users into submission. Because nobody in their right mind would ever click "allow" if it were not the easier choice.

[–] [email protected] 6 points 1 week ago (1 children)

it might serve as an identifier, i think

It does. It's yet another data point used in fingerprinting, and not many people enable it. 'tis but a single setting, but combined with everything else they can track about your browser it is effective.

In case you want to run a test to see how fingerprinting affects your browser:

[–] [email protected] 3 points 1 week ago (1 children)

The only way to really stop this is to disable JavaScript?

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Yes and no. There are still plenty of things that get tracked regardless of JavaScript, and disabling JavaScript is it's own mark they can track.
Do Not Track is one such request, but screen size, viewport size, language, timezone/region, whether you block ads or not, browser/engine version, and many more are all things that do get tracked without the need for JS.
All have legitimate reasons, but can also be abused by being tracked server-side.

The cover your tracks page on eff.org has some pretty good explanations for most things.

Fun fact, the reason the TOR browser launches in windowed mode is so that this viewport size tracking is less of a marker.

[–] [email protected] 1 points 1 week ago (1 children)

I just have a hard time wrapping my head around why certain things have to be reported back. Like screen size - you can request a desktop site, so why not just let the browser request the page, the browser gets the information and displays how it needs to - why bother reporting that information back to wherever? Why not just have the browser not send back that info, or send back randomized/fake info?

[–] [email protected] 2 points 1 week ago

Websites automatically adapting to viewport size is pretty handy, not having to select whether you want the mobile site or not each and every time you load the page is generally considered a good thing.

You may also want the website to adapt to smaller or wider windows, unless you want every website to become one where you manually zoom in and pan around.

Similar things go for language and timezone.

There are various ways to spoof various settings about your browser, through add-ins or otherwise.