This is sad and yet another step backwards for Firefox. Yes, not many websites honored it, but some did and automatically set cookie preferences accordingly. There should’ve been more lobbying for this to become legally binding within the EU instead.
Presumably it’s easier to lobby for something that’s already legally enforced elsewhere. And sometimes lobbying is just unsuccessful.
With a reasonable alternative available, removing the additional fingerprinting vector seems like the best idea to avoid tracking. The few good actors can look at the Global Privacy Control instead, so there’s literally no downside here.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
This is sad and yet another step backwards for Firefox. Yes, not many websites honored it, but some did and automatically set cookie preferences accordingly. There should’ve been more lobbying for this to become legally binding within the EU instead.
Presumably it’s easier to lobby for something that’s already legally enforced elsewhere. And sometimes lobbying is just unsuccessful.
With a reasonable alternative available, removing the additional fingerprinting vector seems like the best idea to avoid tracking. The few good actors can look at the Global Privacy Control instead, so there’s literally no downside here.
How’s that different?
Yeah, and I’ve been seeing more lately…
At least the forks will probably keep it…
It was a double-edged sword. While websites could honor it, it could also be abused as another data point for fingerprinting.
Even more reason to make it legally binding.
How are you going to prove that this particular metric was used to fingerprint? That’s the issue I have - you can identify cookies, pixel trackers etc but there’s no way to prove whether a site uses a flag you send anyways. And enforcing something that can’t be proven is really hard - currently, not only the easy rules are enforced.
If it was law to abide to the Do Not Track setting, then a leak about a company dishonoring this would simply face massive fines, which is usually enough encouragement for them to abide.
So they just set up hosting for the site or service in a locale that doesn’t have those laws.
Now what?
That does not matter. If you operate within the EU then you have to abide to EU law.