this post was submitted on 10 Dec 2024
64 points (78.1% liked)

Firefox

18050 readers
217 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
all 19 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 6 days ago (1 children)

Not bothered by the loss. Like others have stated, it can be used to track/profile you, but far more importantly, it was a non-legally binding "pretty please, do not track me, okay?" Request. Based on literally how honestly the server was setup or if the site admins felt like respecting it. 0% guarantees.

I have not been bothering to enable this for close to a decade in all my machines and on those I support.

Always found it weird how it was so pushed in tons of privacy guides or in privacy tips. It's as if they were just parroting each other without actually thinking why it would or not work at all.

[–] [email protected] 0 points 6 days ago

Always found it weird how it was so pushed in tons of privacy guides or in privacy tips. It’s as if they were just parroting each other without actually thinking why it would or not work at all.

Welcome to the internet, where blogspam is pushed to make $$ without fact checking.

[–] [email protected] 70 points 1 week ago (2 children)

title makes it look like firefox is just removing yet another security feature as part of its enshittification process, but reading the article it looks like it makes sense

  • not a lot of websites respect dnt
  • it might serve as an identifier, i think
[–] [email protected] 32 points 1 week ago* (last edited 1 week ago) (1 children)

removing ~~yet another~~ security ~~feature~~ theatre.

DNT was always just an honor system, and can be used as another data point for fingerprinting.

[–] [email protected] 15 points 1 week ago

Yeah, I'm not too mad about this. It's a good idea, but without legal weight behind it, it ultimately failed. Ideally GDPR and similar regulations would provide something similar, so I can set my preference once and every site would be required to respect it. That would be much better that the current situation, which is that I am forced to navigate every asshole site's custom cookie notice. Each one's a little different, and some of them break certain browser configurations. It's a UX nightmare. This is probably by design — annoy users into submission. Because nobody in their right mind would ever click "allow" if it were not the easier choice.

[–] [email protected] 6 points 1 week ago (1 children)

it might serve as an identifier, i think

It does. It's yet another data point used in fingerprinting, and not many people enable it. 'tis but a single setting, but combined with everything else they can track about your browser it is effective.

In case you want to run a test to see how fingerprinting affects your browser:

[–] [email protected] 3 points 1 week ago (1 children)

The only way to really stop this is to disable JavaScript?

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Yes and no. There are still plenty of things that get tracked regardless of JavaScript, and disabling JavaScript is it's own mark they can track.
Do Not Track is one such request, but screen size, viewport size, language, timezone/region, whether you block ads or not, browser/engine version, and many more are all things that do get tracked without the need for JS.
All have legitimate reasons, but can also be abused by being tracked server-side.

The cover your tracks page on eff.org has some pretty good explanations for most things.

Fun fact, the reason the TOR browser launches in windowed mode is so that this viewport size tracking is less of a marker.

[–] [email protected] 1 points 1 week ago (1 children)

I just have a hard time wrapping my head around why certain things have to be reported back. Like screen size - you can request a desktop site, so why not just let the browser request the page, the browser gets the information and displays how it needs to - why bother reporting that information back to wherever? Why not just have the browser not send back that info, or send back randomized/fake info?

[–] [email protected] 2 points 1 week ago

Websites automatically adapting to viewport size is pretty handy, not having to select whether you want the mobile site or not each and every time you load the page is generally considered a good thing.

You may also want the website to adapt to smaller or wider windows, unless you want every website to become one where you manually zoom in and pan around.

Similar things go for language and timezone.

There are various ways to spoof various settings about your browser, through add-ins or otherwise.

[–] [email protected] 47 points 1 week ago (1 children)

Propaganda article - they suggest moving to fucking brave browser. This was shared on the subreddit as well.

The do not track isn't followed by any websites and can identify you anyway. Yeah good call OP, let's ditch firefox for fucking brave

[–] [email protected] 1 points 1 week ago

Yes it is by at least one famous german website

[–] [email protected] 23 points 1 week ago (1 children)

"Will Chrome, Edge, and Other Privacy-Focused Browsers follow this move?"

And it's not The Onion.

[–] [email protected] 6 points 1 week ago

My head hurts

[–] [email protected] 12 points 1 week ago

It looks like GPC spec creates the same sort of tracking signal that DNT did, but it requests less protection: there is specifically a carve-out in GPC that says websites can track you, including for advertising purposes.

GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago) (1 children)

Some Websites use Dnt and we know the discussion about cookie banners. We heared arguments that those are necessary to be GDPR conform. There always was the argument to establish, that sites have to respect the state of the art information 'Do not trackt' to illiminate the annoying cookie process. Now this Option is gone.

Not so smart.
And being tracked by this header? Simply activated it be default, Mozilla and there are enough users sharing the same configuration.

[–] dsilverz 0 points 1 week ago

Exactly, and it could surely be done. After all, they already have default opt-ins in place... opt-in "Sponsored shortcuts" by default, for example...