It means nothing. DNT is being ignored by most websites anyway and is also a fingerprinting metric.
And yet there’s a brand new one! GPC
As long as the brand new one is legally binding, why not. And it is at least in California.
The DNT flag amounted to the equivalent of a digital pinky swear from website operators. Oh they still tracked you? That’s too bad… South Park’s rubbing nipples meme
pinky swear
There’s not even a pinky swear. It’s not transactional in any way. It’s just a header you decide to send with every request. It’s the same as someone posting “I do not consent to Facebook harvesting data from my profile!” on their Facebook profile.
DNT didn’t do shit anyway. If you’re relying upon corporations like Google to not track you just because you asked nicely, then you have a very naive view of how much they actually give a shit about your wishes.
Worse, setting DNT makes your browser more unique for fingerprinting.
This article mentions using Global Privacy Control as a replacement for Do Not Track, but doesn’t bother to explain what GPC does. Its adjacent article incorrectly claims that GPC uses the
DNT: 1
header field, fails to explain further, and links to a Mozilla page that doesn’t explain it, either.Even the GPC web site fails here, offering several pages of vague, abstract fluff about their intentions and a useless document full of marketing industry acronyms, without anything substantial about how it works. The single mention of a spec fails to state where to find it. The closest it comes is a tangential sentence containing a broken github.io link.
Finally, and only because I happen to know github.io’s URL format, I was able to guess my way to an organization page, and from there to a project page, which has a README file containing a footnote linking to the proposed spec:
Geez… it’s as though the people involved don’t want anyone to know how this proposed safeguard is supposed to work.
After reading it, it looks like these are the main differences in Global Privacy Control vs. Do Not Track:
- Replaces the
DNT: 1
header field withSec-GPC: 1
. - Adds a javascript property to indicate the same thing.
- Does not honor preference changes after the first navigation to a site. (Having changes respected apparently requires clearing site data from the browser and reloading. A helpful browser might prompt the user to do this.)
- Defines a way for sites to indicate that they are aware of GPC (but does not require them to honor it).
- Expresses a wish that your data not be shared, but says nothing about it being collected.
- May be considered legally binding in some jurisdictions. It’s not clear whether the few that currently recognize it will enforce it in any meaningful way.
- Replaces the
But they’re getting new branding;)
I would like to know the answer to this:
It’s unclear what will happen to users who have DNT enabled when they upgrade to the affected Firefox version. They may see a message stating that “Firefox no longer supports Do Not Track,” or the signal may still be sent to websites. We have asked Mozilla to clarify this and will provide an update when we receive a response.