This is sad and yet another step backwards for Firefox. Yes, not many websites honored it, but some did and automatically set cookie preferences accordingly. There should’ve been more lobbying for this to become legally binding within the EU instead.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
It was like wearing a technicolor badge with flashers that said “don’t look at me” while playing the sound from Inception.
It made you more trackable because the entire ad industry ignored it. While there were a true, TRUE handful of sites that respected it, those are never the sites usually it was meant to deal with.
Presumably it’s easier to lobby for something that’s already legally enforced elsewhere. And sometimes lobbying is just unsuccessful.
With a reasonable alternative available, removing the additional fingerprinting vector seems like the best idea to avoid tracking. The few good actors can look at the Global Privacy Control instead, so there’s literally no downside here.
This is sad and yet another step backwards for Firefox. Yes, not many websites honored it, but some did and automatically set cookie preferences accordingly. There should’ve been more lobbying for this to become legally binding within the EU instead.
It was a double-edged sword. While websites could honor it, it could also be abused as another data point for fingerprinting.
Even more reason to make it legally binding.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
So they just set up hosting for the site or service in a locale that doesn’t have those laws.
Now what?
That does not matter. If you operate within the EU then you have to abide to EU law.
It did basically nothing and just made you easier to identify and gave false sense of privacy. Good riddance imo
It was like wearing a technicolor badge with flashers that said “don’t look at me” while playing the sound from Inception.
It made you more trackable because the entire ad industry ignored it. While there were a true, TRUE handful of sites that respected it, those are never the sites usually it was meant to deal with.
Presumably it’s easier to lobby for something that’s already legally enforced elsewhere. And sometimes lobbying is just unsuccessful.
With a reasonable alternative available, removing the additional fingerprinting vector seems like the best idea to avoid tracking. The few good actors can look at the Global Privacy Control instead, so there’s literally no downside here.
How’s that different?
GPC? It’s different because there’s already a jurisdiction that legally enforces it.
Yeah, and I’ve been seeing more lately…
At least the forks will probably keep it…