[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5501 [TorBrowserButton]: enable Do-Not-Track DNT by default
#5501: enable Do-Not-Track DNT by default
------------------------------+---------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by mikeperry):
Replying to [comment:12 rransom]:
> Sending â`DNT: 1\r\n`â would waste (at least) 8 extra bytes of exit-
relay traffic per HTTP request. I think that outweighs any possible
benefit from this âfeatureâ.
After sleeping on this, I think there are in fact some benefits to this
feature. For example, my favorite stat is that 5% of the Mozilla userbase
found the feature buried in the privacy settings of the browser and turned
it on in the first two months after rollout
(http://www.techworld.com.au/article/400248/). Mozilla probably knows this
because of addon, safe browsing, and/or browser update pings, and TBB
shares at least the first two. So we would be sending a message to Mozilla
to pay even more attention to privacy by sending the header to them for
all of our users.
However, the costs are potentially much greater than just the 8 (or 9)
bytes of request overhead. I seriously really want absolutely no part of
the policy side of the header. I want so little to do with it that I would
actually *prefer* that sites *not* treat our users specially based on our
use of the header, for the reasons I stated above.
AIUI, the reason the header exists is because it grew out of a desire to
consistently tell 3rd parties that you want to opt out of 3rd party
tracking and behavioral advertising (aka Taco, but without hundreds of
opt-out cookies). But the 3rd party tracking problem is something we
should be solving with browser engineering. Again, see
https://www.torproject.org/projects/torbrowser/design/#DesignRequirements
It's possible that if the header was actually called "Do Not Sell", it
might make a little more sense to trust it to drive policy successfully,
because that is a much more direct statement to a top-level site that you
want the information that you provide to them to stay between you and
them. But "Do Not Track" is waaay too vague a term for any hope that it
will transform into something meaningful, consistent, and benevolent in
all circumstances.
Hence, if our goal is to be 'heard', I still think "DNT: -1" is the best
choice for now...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5501#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs