[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5501 [TorBrowserButton]: enable Do-Not-Track DNT by default



#5501: enable Do-Not-Track DNT by default
------------------------------+---------------------------------------------
 Reporter:  cypherpunks       |          Owner:  mikeperry
     Type:  enhancement       |         Status:  new      
 Priority:  normal            |      Milestone:           
Component:  TorBrowserButton  |        Version:           
 Keywords:                    |         Parent:           
   Points:                    |   Actualpoints:           
------------------------------+---------------------------------------------

Comment(by mikeperry):

 Replying to [comment:12 rransom]:
 > Sending â`DNT: 1\r\n`â would waste (at least) 8 extra bytes of exit-
 relay traffic per HTTP request.  I think that outweighs any possible
 benefit from this âfeatureâ.

 After sleeping on this, I think there are in fact some benefits to this
 feature. For example, my favorite stat is that 5% of the Mozilla userbase
 found the feature buried in the privacy settings of the browser and turned
 it on in the first two months after rollout
 (http://www.techworld.com.au/article/400248/). Mozilla probably knows this
 because of addon, safe browsing, and/or browser update pings, and TBB
 shares at least the first two. So we would be sending a message to Mozilla
 to pay even more attention to privacy by sending the header to them for
 all of our users.

 However, the costs are potentially much greater than just the 8 (or 9)
 bytes of request overhead. I seriously really want absolutely no part of
 the policy side of the header. I want so little to do with it that I would
 actually *prefer* that sites *not* treat our users specially based on our
 use of the header, for the reasons I stated above.

 AIUI, the reason the header exists is because it grew out of a desire to
 consistently tell 3rd parties that you want to opt out of 3rd party
 tracking and behavioral advertising (aka Taco, but without hundreds of
 opt-out cookies). But the 3rd party tracking problem is something we
 should be solving with browser engineering. Again, see
 https://www.torproject.org/projects/torbrowser/design/#DesignRequirements

 It's possible that if the header was actually called "Do Not Sell", it
 might make a little more sense to trust it to drive policy successfully,
 because that is a much more direct statement to a top-level site that you
 want the information that you provide to them to stay between you and
 them. But "Do Not Track" is waaay too vague a term for any hope that it
 will transform into something meaningful, consistent, and benevolent in
 all circumstances.

 Hence, if our goal is to be 'heard', I still think "DNT: -1" is the best
 choice for now...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5501#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs