Firefox removes "do not track" feature support
Comments
gkoberger
coldpie
> I would love if the cookie modals on each site became browser-level
They are, in a roundabout way. Hop into your uBlock Origin settings and enable the Cookie Banners and Annoyances filters. The modal gets silently nuked in the background and you can carry on with your browsing. Since you never consented, this ought to be functionally the same as Declining the banner.
The Kill Sticky bookmark works similarly, for crappy browsers that don't support uBlock Origin (eg iOS, Chrome for Android): https://www.smokingonabike.com/2024/01/20/take-back-your-web...
(Remember when web browsers used to treat their users first and implemented things like Popup Blocking, enabled by default? I miss those days.)
darkhorse222
As long as someone who does this is prepared to pay for every site they do it on (or forgo the site in the future), since targeted advertising often pays for the site they're visiting. Personally I would like to see ads improved, not removed, as I am unwilling to have 40 different subscriptions to 40 different websites all because every user disabled targeting.
godshatter
I'm not responsible for making a web site owners business model work for them. I'm just filtering data that I downloaded from a publicly-available because I don't want advertisers tracking me around the web and profiling me.
Advertisers are welcome to treat me like a magazine from days gone by with lots of static images of their products and no code involved. If they don't like that, then I'm okay with going back to the pre-commercial web where people with passion built websites without trying to be the next big thing.
kevin_thibedeau
You're just following the FBI guidance and not allowing untrusted software to run on your computer. If that is a critical part of a business model, the business needs to change it's behavior, not me.
bravetraveler
Plus side, hosting has never been cheaper.
solardev
Does the same thing apply to every TV commercial? Are you robbing the producers if you go the bathroom? Or every ad sponsored newspaper or magazine?
I dunno, the website chose to monetize that way. Arguably we don't need so many low quality adspam sites on the web anyway and if most of them died, the signal to noise ratio would get better. Advertising and SEO is a scourge that doesn't need to be protected, IMO. Let them die...
DennisP
I agree that 40 different subscriptions is unreasonable. I use adblockers because I think user-hostile advertising is also unreasonable.
I would happily pay a subscription that gets divided among whatever sites I visit. In the absence of that option, I pay for a subset of sites and freeload the rest. My solution seems ethical to me since if everybody picked a random subset, most sites would get their revenue.
darkhorse222
I think your approach is reasonably ethical. I'm not all that concerned with ethics; rather the continued funding of the websites we like. One important element of your first hypothetical is that a donation model probably won't suffice, websites will need to be able to set their price based on their costs, so it can't be evenly split between the sites you visit.
So I think the experience would be like you add $5 to your browser, then as you visit sites it asks you either to pay a one time access fee or subscribe for continued access.
But this would be the case for every site, right, because they all cost money. I wonder how many distinct websites the average user visits and if they're willing to pay that many parties that much money.
I guess my conclusion here is that bad ads should be punished by some mechanism. Unfortunately making the most targeted, helpful (and they are helpful, by the way, when done right they show you something you like) ads often incentivizes bad ad production practices like data farming and data marketplaces. I think that has to be attacked legislatively or, in your example, by direct payment.
But I think the reality of an internet gated by payments is a bigger deal than people appreciate.
(PS Not that this is usually my line of argument, but it also has the unfortunate effect of tying someone's economic status to what they can access, leading to greater isolated groups and class hierarchies in content)
DennisP
> websites will need to be able to set their price based on their costs
Most businesses don't really get to do that. They set their price based on what customers are willing to pay. Then they try to keep their variable costs low enough to be profitable, and get enough sales to cover their fixed costs.
> tying someone's economic status to what they can access
An option there is subscriptions for those willing to pay, ads for the rest. Youtube does that, for example (and it's one of the sites I pay).
I don't really want "helpful" ads. I just want to be left alone. I don't want corporations trying to manipulate me, and I don't want distractions from whatever I'm trying to read, because I'm distractible enough as it is. If I want to buy something, I can search for it, and when I do, I don't want to see it everywhere I go for the next month.
nemomarx
the problem with ads targeted to what I might like is they lead to more purchasing and spending, which is not without cost. something you won't buy without seeing an ad for it is probably an impulse purchase, and those are somewhat predatory.
it seems more reasonable to me to only advertise like that when a user signals they're interested in a particular type of product, not passively all the time.
BobaFloutist
Yeah people think of advertising as a "free" way to fund things, but companies wouldn't pay the advertisers if they weren't making a profit off of it, so in theory the customers are still paying for the website, but it's only some of them paying for the vast majority that don't pay a dime, and everyone else is just getting irritated by the ads for no benefit to the website.
ForHackernews
Scroll tried this but they failed: https://www.theverge.com/2020/3/24/21192048/firefox-better-w...
singleshot_
It would be so amazing if this was your ISP bill, but our society seems to hate elegance.
tremon
My browser is happy to load images from a third-party site, i.e. advertising. My browser also blocks javascript from third-party sites, i.e. stalkerware. As long as you keep conflating ads and user profiling, you will never convince me with your arguments.
coldpie
> Personally I would like to see ads improved
Sure, sounds good. When you win that fight, let me know and I'll reconsider the ad blocker.
Sohcahtoa82
Commercial sites brought ad blocks upon themselves with malvertising an insanely obtrusive ads.
It blows my mind how people are so accepting of the status quo, especially on mobile, where many news sites will put a sticky ad banner on the top, throw a video ad on the corner (with a close button that's only 1/8" across, of course), and then every paragraph (which is only like 2-3 sentences) is separated by an ad. At any given moment, well over half my screen is ads, even after managing to close the video ad in the corner.
Browsing the web on a phone, I wonder how many bandwidth and battery is being used just to show ads.
behringer
Get yourself firefox mobile and have ublock origin on your phone :)
Sohcahtoa82
I already do, but that only blocks ads in Firefox. If I open a link in an app, it often uses some browser widget that's effectively Chrome.
cozzyd
though I do 90% of my mobile browsing in firefox, sometimes I end up using the pop-up browswer widget. Looking at my data use... the uBO-less widget has used more data than firefox, despite being used much less often. non-firefox mobile users must blow through their data plans...
wkat4242
You can also block ads through dns like with blokada. That even stops ads within apps! In many cases.
darkhorse222
I doubt it. In my experience those that block ads feel entitled to the content without payment of any kind. They see ads as an intrusion rather than a fair exchange. No, I don't see you turning it back on regardless of how things go.
The average user doesn't even recognize that running a website literally cost electricity that must be paid for. Who pays for it? Who will carry the boats?
coldpie
I pay literally hundreds of dollars a month to various content creators (eg Ars Technica, several local news outlets, many creators on Patreon, YouTube Premium) so kindly bugger off with your moralizing, thanks. I want browsing the web to not suck, so I use the tools I need to do that. If they want me to stop using these tools, they can make browsing the web not suck without them.
spookie
I pay for a couple that I usually do visit, but I wouldn't be able to do the same for others.
Also, ads got ridiculous real fast, and started doing a lot more than just show a picture. This was really the breaking point for me. I happily pay for the couple mentuomed earlier, and donate to OSS projects even but more than that is unfeasible.
There are lists one can use for filtering out only the "bad" ads, mostly community driven. What we really need is a standard way of doing this, one that is enforced. But no ad company wants this, at least from what I gather.
Blaming ad blockers is the same as blaming video game piracy, you aren't tackling the real issue. The issue is that ad blockers provide a better service than not having one (i.e. not filling your screen and preventing you from seeing the content, not being a security nightmare, etc...), even if you need to go through the trouble of getting one. Alas, in this case it generates a perpetual cycle, which further puts people over their breaking point.
I guess what I'm really saying is that ad companies, and websites filling their pages with them, did this to themselves. The public tolerates it to a certain point, but I wouldn't see it it's their fault if normal web usage continues to deteriorate.
boolemancer
> The average user doesn't even recognize that running a website literally cost electricity that must be paid for. Who pays for it? Who will carry the boats?
Running a retail store also has costs associated with it, including, yes, electricity.
Yet if I walk into a store and leave without buying anything, do I feel like I owe the store owner anything?
No. That's not how that works, nor is that how it should work.
maccard
There’s a difference between browsing in a shop and reading content online. It’s much more like going in and sitting in a book shop, reading a book and leaving.
PawgerZ
No, it's not. It's more like an online bookstore mailing you a copy of a book for free. The only catch is that they also sent a book full of ads and directions that say: after every page of the book, look at an ad. Then, when I receive these, I don't even take the ad book out of the package, read the actual book, and send them both back.
You can imagine why Amazon never decided to go with this business model.
jeltz
If nobody wants to pay it is totally fine if they go out of business. A lot of the be things of today's internet are caused by sites being able to live off ads revenue.
ErigmolCt
It feels like we’re still searching for the right middle ground
DrillShopper
> Who pays for it? Who will carry the boats?
Not my problem. The web existed as a medium before advertising and it will continue just fine without it.
Get a better business model and stop crying like a spoiled child.
maccard
The web has been plagued with ads for decades. Pop up blockers were the old thing, and everyone knows the screenshot of the internet explorer loaded with toolbars.
maccard
I run an adblocker. It’s not because I don’t want to pay, it’s because there are more ads than content.
I don’t want to dedicate 4.5 inches of screen space to ads including videos, banners, and often time inappropriate ads. If you want to do 3rd party banner ads, be my guest, but the minute there’s more of them then content I’m going to turn them off.
rstat1
Hi adblock user here, who uses adblockers for 2 reasons: 1) Security, because ad networks can't be bothered to properly vet the stuff they shove down everyone's throats and 2) On mobile at least, its impossible to read most websites due to the sheer number of overlaid videos and other such BS.
That's it. That's not entitlement. I just want to actually read the stuff on a website. If websites could do ads that weren't trying to monopolize attention and/or trick me in to downloading malware, I'd definitely think twice about my use of a blocker on that website.
Sure there are some that feel like because its on the internet that's its free and they are entitled to it. But I'd wager most ad block users fall in to a similar camp as me.
Plus most adblocking extensions these days are also tracker blockers as well, so there's some element of privacy protection in play there as well.
behringer
dont put your product on public display if you don't want it to be seen for free.
HWR_14
Some people will contribute money. Wikipedia doesn't have ads (except occasional banners to donate).
darkhorse222
I'm glad you are willing to pay hundreds for that, at least you're consistent. But I think you are out of touch with how most people who use ad blockers think. People want free stuff. They are entitled. And when they have successfully suppressed the much less painful ad experience (no sign up, no credit card, works across all sites) they will be upset when they encounter sign up blocks and ask "why does every website want a subscription?!" not realizing that they themselves did it.
Now there may be some upsides to this. Shock content, designed to garner page views, may become less common. Perhaps content will get longer.
But I do not relish the annoyance of having to pay for every site. I despise that tech help on medium, for example, is often behind a paywall. I'd rather watch an ad.
coldpie
I think fewer people would block ads if they were less miserable. So if you achieve your goal of making ads suck less, fewer people would block ads. I support you in your endeavor! But in the meantime, I'm not going to put up with a garbage web experience just because you asked me to.
cardanome
I have used adblock since forever and I am absolutely willing to pay for quality content. I do actively support content creators by buying merch or funding their Patreon/Github.
Subscriptions suck because it is another thing to keep track off and many business models rely on you forgetting about them.
I think micropayments would be great but the problem is that you need to consume the content before knowing if it was really worth paying for.
My dream would be some kind of general internet subscription network set up as a non-profit public service where I pay a fixed sum every month and where all kinds of content creators, news sites, basically anyone could be in. The network would pay their members a split of my monthly fee based on the sites I visited by default but offer me up and downvote buttons on every page. Downvotes means the site is excluded from getting payments from me, upvote means double payment. (Of course I can't downvote all of them, the sum I pay is always fixed.)
So I have only one single monthly payment, I don't have to think about it much while still having a way to encourage high-quality content.
maccard
iOS is great for subscriptions - there’s a list in the App Store and I trust apple to allow me to cancel them if I’m no longer using them. It’s clear whether I’m signing up to monthly or weekly.
behringer
If your business can't survive without ads you don't have a viable business worth gifting to humanity.
DrillShopper
Then put it behind a paywall or stop crying that people are viewing the content you put out to be viewed in public.
ksec
Well at least you agree with the position that Ads is not inherently evil.
jeltz
That is almost certainly the opinion of only a tiny loud minority. Most people who run adblockers do so to protect themselves from abusive ad practices, not all ads out of some moral reason.
samatman
Have you considered why it's called an HTTP Request?
That's what it is. A request to get sent some bytes. It's up to the web server whether or not to send the bytes.
Once it decides to do so, what I choose to do with those bytes is, broadly speaking, up to me. Copyright sets some legal restrictions there, but none of those restrictions apply to deleting some of the bytes.
Perhaps the webmaster had some ambition to make some money by sticking some bytes on my computer and using them to track me without my consent. That's for them to decide, me? I'm deleting those bytes. That monetization plan is not in my interest. Perhaps they can come up with something which I'm willing to play along with, perhaps they can't.
Generally I've found that the websites which place onerous limits such as paywalls on byte access, are not worth spending my time on. Yet somehow, the Internet remains full of useful bytes and I spend many an hour productively browsing them. It's a magical place.
bayarearefugee
I'm going to keep blocking ads because its legal and it improves my life. If sites can't work around that with their business model that is not my problem and I don't feel the least bit guilty about it.
And the idea that the alternative to ads is 40 different subscriptions is laughable to me because there are not even 4 sites on the entire internet that I'd pay (even a small) subscription fee to use regularly, let alone 40.
The vast majority of sites I use on the internet are basically distractions of one form or another and I only ever use them because I can do so for free with a limited amount of annoyance. Any cost at all to them whether that's a subscription fee or obtrusive ads means I just stop using that site.
boznz
A Lot of us put our content/blogs up for free. I understand some people do this for a living but not everyone needs to go no the advertisement gravy-train
southernplaces7
Or, how about the people who make websites go right ahead and fold business if they can't stop crying about others not being forced into tracking to fund them. Nobody asked for any given website to get built or to deliver content, and its owners having decided to do so does not at all in any way give me or anyone else the obligation to let ourselves be pervasively, almost parasitically be tracked in all our activity across the web.
Avoiding said tracking is not in the least bit "unethical" and digital media sources can find other ways to make money, or just disappear if they don't like being circumvented in their ad tracking efforts. Only a badly distorted SEO/ad bro mind would consider users avoiding tracking to be somehow immoral by the users. Should then it also be unethical to not view ads on video media too?
rekabis
I was there in the era when hitting a website on the wrong day spawned so many pop-overs and pop-unders that it ground your browser to a halt. And that by trying to close any one of them, another 10 windows were launched with more ads. Eventually bogging down the computer so severely (single core FTW!) that your only option was to conduct a hard restart, your unsaved data be damned.
I feel for those businesses who try to build a revenue stream off of advertising, but that well has been permanently poisoned for me. If I cannot sanitize a website of its maliciously user-hostile behaviour, I will simply refuse to make use of it.
And I encourage everyone to join me. The sooner advertising of all kinds die, the better.
dns_snek
> As long as someone who does this is prepared to pay for every site they do it on
I've got not problem paying 1/10th of a 1 cent as a microtransaction to read the page and I'll happily do so when that sort of system is available.
> I am unwilling to have 40 different subscriptions to 40 different websites all because every user disabled targeting.
And that's a false dichotomy. The natural alternative to a system where publishers are paid per view by advertisers is a system where publishers are paid per view by users (either directly or via some intermediary), in the same amount as before.
_heimdall
I guess we can look forward to a new "unbundling" campaign like they tried with video streaming services, targeting a paid umbrella subscription that covers multiple sites.
DrillShopper
Sounds like the people hosting sites like that have a severe skill issue with their business model. That's a them problem.
WWLink
Most of the websites I visit are selling something or sold me something. For the ones that aren't, I would consider a subscription service. If we're talking about something like an inexpensive web search or a subscription for a family of news websites or something. I'd totally pay for a good set of general/car/entertainment news sites. Definitely entertained that. But they'd have to nuke this nonsense about trying to get metrics and tracking and stuff.
behringer
Nearly all ads on the web are scams. It's ok to block scams.
wlesieutre
> IE did enable it by default, which got them good press but ultimately killed the feature since everyone stopped respecting it.
That's why RFC 35140 "Do-Not-Stab" specifies that the user agent MUST NOT enable it by default.
araes
> most stabbings are not done by malicious actors, they are simply law-abiding companies which will gladly stop stabbing you if you ask.
> The header has only one form, Do-Not-Stab: 1. This is because the lack of a header indicates a clear preference that the user wants to be stabbed.
> Exceptions to the Do-Not-Stab header are accepted when commercial interests outweigh safety concerns. These include: Stabbings requested by a government. Websites SHOULD NOT try to challenge the legality of any stabbings requested, the user probably deserved it.
jmward01
I had been on the fence about turning this on or not since I wasn't sure if turning it on would block legitimate reasons for stabbing me. I mean, I probably have deserved it many times. Good to know those reasons won't be blockers! I'll definitely turn this on if it becomes a ratified standard!
hedora
The government turned it on by default for everyone, so now it’s just universally ignored.
Happily, our local police department is sunsetting it, since it gives people a false impression of whether or not they’re currently being stabbed.
necubi
I worked at one of the big adtech companies at the time. DNT was a carefully negotiated compromise between the ad industry (and by proxy, the sites that depended on it for their income), the browser vendors, and privacy advocates. We implemented DNT it in our edge infrastructure and were ready to deploy it.
But then Microsoft broke the agreement by enabling it by default, as part of their war with Google (and after their own adtech ambitions ended in a 6 billion dollar write down on their acquisition of aQuantive). This killed it for everyone.
The ad industry was never going to go for an opt-out version of DNT. It worked while only a minority that cared about it opted-in, but not when the (then) dominant web browser made that choice for all of its users.
I fully understand why people hate tracking and targeted advertising (which has if anything gotten more invasive in the past decade), but at least at the time it was essential to the commercial web.
cpeterso
In response, Apache added code to ignore the DNT header from Internet Explorer 10 browsers:
https://www.theverge.com/2012/9/11/3314211/ie10-dnt-header-m...
wkat4242
These days an opt out solution is illegal in the EU and probably more jurisdictions will follow. So enabling by default is normal.
What also would be legal is to offer the user a choice at the first startup.
throwaway48476
>at the time it was essential to the commercial web.
The same could be said about slavery.
hedora
The same can and is said about slavery and the financial viability of for-profit prisons:
https://calmatters.org/politics/elections/2024/11/california...
It doesn’t mean either statement is true though.
firefax
>I think it implies that it did way more than it did, so it was just a faux feeling of security.
Flipping that bit increased your browser fingerprint a smidge, ironically :-)
cpeterso
Apple removed Safari's DNT support in 2019 (macOS 10.14 and iOS 12.2) for that very reason:
https://www.macworld.com/article/232426/apple-safari-removin...
mmooss
I thought DNT was a creative solution:
The only way to stop tracking is via laws or regulations. Technical solutions are, arguably, a never-ending arms race - probably a losing one for end users.
DNT was a way to demonstrate consumer interest in not being tracked, and it put businesses in the position of ignoring explicit requests from consumers for privacy.
Unfortunately, nobody effectively capitalized on that.
HWR_14
Technical solutions seem to work very well. Ad-blockers remain effective.
danaris
> but ultimately killed the feature since everyone stopped respecting it
I genuinely doubt that anything could have caused them to respect it. Tracking without consent is the source of their money; they're not going to give that up just because you give a positive signal that you do not consent, rather than simply never asking you in the first place.
bobbruno
How about a hefty fine and the risk of some jail time?
dudus
I fully agree and have said it for years.
Microsoft is the main culprit of DNT failures.
ASalazarMX
DNT is a failure since it relies on advertiser self-regulation. We shouldn't ask them not to track us, we should make it very hard for them to do it.
dathinab
It's a failure because law makers haven't made it clear ignoring it is illegal.
You probably can build a case around DNT clearly communicating that a user doesn't want to be tracked and as such it should be treated like an if the user manually opt out of all tracking.
But as long as lawmakers or court don't pin it down legally to make it a clear cut case instead of some gray area thing with a lot of wiggle room.
There is very little you can do against modern tracking tech without crippling browser functionality, as such solutions have to be law based foremost and supplemented with technology and actually painful penalties if companies try to sneak by this.
DrillShopper
> It's a failure because law makers haven't made it clear ignoring it is illegal.
How can I, as an end user, check if a site is ignoring it and therefore report it to the proper authorities?
mindslight
We should make it both technically hard and illegal for the surveillance industry to track us. Corporations continue to reinvent de facto government from the bottom up, and if most Americans weren't too distracted freebasing the fallacy that corporations and government are opposing forces we might be able to preserve individual liberty.
rkharsan64
Advertisers are the cause of DNT's failure, not Microsoft.
mrmetanoia
It's always both, the people willing to pay someone to make things worse, and the people willing to take the money to do it.
gkoberger
I mean I agree, I'm against advertisers.
But advertisers exist and will continue to exist, and have no incentive to follow this. I don't think either are at fault necessarily; I think it was a weak attempt all around.
The only thing that will get companies to comply are a/ laws (and so far all laws have done is annoy end users) b/ browsers doing more to block tracking (which is almost impossible; this will forever be a game of cat-and-mouse).
recursive
DNT was always doomed to fail. MS just forced the issue.
ganzuul
There are lots of entities out there that assume consent.
nonrandomstring
In the words of Jonah Aragon [0] "Mozilla constantly fails to understand the basic concept of consent" [1].
[0] https://blog.privacyguides.org/2024/07/14/mozilla-disappoint...
[1] https://cybershow.uk/blog/posts/you-are-too-dumb-for-tech
PittleyDunkin
Isn't this the entire point of browsewrapped TOS "agreements"? There's a reason why specifically tracking via cookies had to be singled out by regulation to work at all (putting aside how well or not well this actually works).
ganzuul
I doubt it? Stuff only works because we can't punch each other over the internet.
PittleyDunkin
That's a grim view of humanity, I think. The internet is arguably the most collaborative project in the history of mankind especially outside of extractive and invasive motives. Hopefully not all of us will die before seeing serious legislation protecting that kind of social investment.
ganzuul
It's not a very human medium, so it is not man who is implicated.
eastbound
> why specifically tracking via cookies had to be singled out by regulation
Well, it is not singled out by regulation. The GDPR doesn’t even mention cookies at all. They mention any way to track users. Fingerprinting is also banned, for example.
dathinab
yes, GDPR is technology agnostic
many of it's predecessor sadly are not and are still around
leading to absurdities of there being _both_ a GDPR dialog for tracking and a "cookie dialog" (which depending of the law might also apply to local storage and co) to get permission to "store" something on you computer. Like a hint to not track you :facepalm:
(And yes legally from GDPR storing a same origin cookie only accessible to the browser and you to remember the user doesn't want to be tracked is legal _iff_ you don't use it for tracking users which don't want to be tracked server side. It's one of the many examples where "what legally is good enough" and "what security wise is good enough" can diverge quite a bit.)
bluGill
Since you don't have a realistic alternative should those hold up?
cogman10
I have a friend that works in advertisement programming. Quiet ironically, "do not track" had the opposite of the intended effect. They didn't store any information about a user, except in the case of the do not track signifier in which case they had special tracking logic to make sure they didn't include that user in their datasets and future user models.
secondcoming
All adtech companies (should) do this. The 'special tracking logic' is just a flag that says whether anything considered PII is logged or not.
onli
The legal situation has completely changed since then. By now, we have court cases punishing companies for ignoring the dnt signal. And with the gdpr there is a legal framework that makes this signal powerful anyway.
Removing this feature now is completely the wrong move. Instead Mozilla should have invested money to use the courts to make the signal be respected, where it isn't already.
For me, this signals that finally, Mozilla has completely crossed the line. I will look into forks now that retain the signal.
notatoad
>I would love if the cookie modals on each site became browser-level,
if the EU regulators who wrote the cookie law had any competence, this is how it would have been implemented. browsers should have a cookie prompt in the UI, not websites.
daveoc64
The law is not about cookies - it's about processing data.
A browser feature to control cookies wouldn't cover everything the law does.
xorcist
It should be straight up illegal to share my data with third parties. That's not something I as an end user should be forced to opt in to.
A browser level opt-in would be even more useless than a website prompt. Demonstrably almost no end users understand what they opt in to, and that type of contract should therefore carry close to zero weight.
kuschku
> Overall, I'm happy to see this sunsetted. I don't think it actually did anything – in fact, I think it implies that it did way more than it did, so it was just a faux feeling of security.
I'm sad to see this, as many sites actually used it.
Geizhals.de, a major european price comparison site, uses DNT as cookie opt out.
My personal sites, but also the official websites from a few companies I worked at used umami or plausible metrics, configured to obey the DNT header for opt out handling.
And only recently German courts have ruled that the DNT header is legally considered rejection of tracking (Az.: 16 O 420/19)
It's actively used across the web, and Mozilla just decides to kill it? What the heck?
miki123211
I think a new browser could genuinely gain massive popularity if it was really good at this, and advertised the feature heavily, particularly in the EU.
Google will never touch it with a hundred-foot pole due to antitrust concerns, they're effectively banned from making any significant, user-experience-affecting changes to Chrome at this point.
Many people would immediately switch to a browser with 1) reliable Youtube ad blocking, 2) no cookie modals, and possibly 3) no other "distractors", like subscription pop-ups or "related articles" widgets.
Yes, ad blockers and reader mode can sort-of do all three, mostly, ish, but they're not easy to set up for non-techies, particularly on smartphones, even more particularly on iPhones, so a simple marketing pitch of "get this app, have these features" would probably work.
One would have to default to accepting cookies, though. Most users don't care either way, while website owners do. If you defaulted to refusing, they'd try to fight you and make their popups harder to auto dismiss, while auto-accepting would do the opposite.
gkoberger
I somewhat agree... but browsers aren't a profitable business. In 30 years of browsers being mainstream, nobody has built one that's sustainable –– only works if it's subsidized by a larger company.
There's been a few attempts (Brave wants to monetize via crypto, Arc is pivoting away), but it's really hard. People don't want to pray for a browser – 99% of people are apathetic, and the 1% that cares aren't known for paying for things.
photonthug
After 30 years, isn’t it weird that the conversation is still about whether building a browser is profitable or if users are willing to pay for one? One would think that the technology would be so mature and ubiquitous that this is not a major issue 30 years later. If the core technology is still changing so fast that browsers need to be in constant development for the entire duration of their useful lifespan, maybe that is the problem, and the web is just doomed to be a shit show until corporations are distracted by enshittification of alternative platforms like VR.
It’s just weird that a few hobbyists can generally throw together a database in a weekend, fork kubernetes and probably run with it forever if they really wanted to, create a free operating system that takes over the world, etc. And yet for browsers, we’re shaking our heads and saying the situation is impossible, we kind of always have done this, and it looks like we always will.
gkoberger
Well, it kinda is. Anyone can create a browser over the weekend by using Chromium or Gecko. Brave and Arc and DDG did.
DrillShopper
The DDG one feels like they took an afternoon at most to make it.
throwaway48476
No one has built a sustainable one because it it subsidized.
xorcist
I believe what you describe is something very close to Firefox. Enabling uBlock is down to a few clicks, but that does not seem to have helped Firefox gain massive popularity.
philistine
I use Safari with 1Blocker and I get 100% of what OP describes.
rascul
> Many people would immediately switch to a browser with 1) reliable Youtube ad blocking, 2) no cookie modals, and possibly 3) no other "distractors", like subscription pop-ups or "related articles" widgets.
Based on Chromium
itscrush
I think librewolf gets you most of the way there. Just add a sponsorblock extension and check a few extra lists on its built in ubo.
Does the reliance on Firefox ESL or based on Gecko rule this one out?
binarymax
DDG privacy browser and Brave browser are both trying to make this work.
Personally I use FF with lots of blockers and settings on my laptop/desktop, and DDG browser on my mobile.
salawat
Here's the thing. Do-Not-Track was an active signal of intent from the user to the backend. Violation therefore, could be proven by merely showing the signal was sent, and the provider ultimately ignored it.
Getting rid of it for being "ignored" is ignoring that it is a means for the User to signal to the rest of us they do not wish to take part in tracking. Which in our world, is the important bit. A provider not being challenged with this bit can argue that the user doesn't mind being tracked because they didn't explicitly say so.
Mozilla is being a complete moron.
ErigmolCt
I agree that sunsetting it is the right move, especially if it prevents the illusion of security
mathfailure
[flagged]
gkoberger
I had nothing to do with any of this, but go off I guess.
mathfailure
Oh, I didn't mean you personally, I hoped you acted as a team and you were part of the team making this decision.
elashri
I understand that many people here have a bad taste of Mozilla's recent actions in many aspects. But the reality here is that this is at worst removing something that almost nobody respected. It was based on honor system and even in Switzerland they do have random inspections for honor system. Browsers never had any enforcement of this feature. And ironically it was used as additional data point of tracking privacy aware people who went out of the way to enable it.
jeroenhd
Medium supported it for ages. Tools like Matomo came with support for it by default.
Firefox has implemented the replacement, Global Privacy Control. It has the exact same problems and isn't respected either, except even fewer websites have implementations that respect GPC.
It's not a real solution to the normalised cyberstalking websites practice today, but it's also not entirely useless.
shortsunblack
GPC does not meet GDPR's requirements and cannot be used for gaining consent under GDPR. There already has been a browser signal in design that meets GDPR requirements for consent, but it was ignored. The industry instead rallied behind GPC.
Sephr
GPC is also a narrower signal implying a smaller subset of privacy choices.
jeroenhd
There is only one choice being expressed by either protocol. One against data collection, the other against the sale of collected data.
DNT has legal standing in the EU, GPC has theoretical legal standing in the USA, where laws are more geared towards protecting data brokers. Removing a protocol because it doesn't work in the USA despite it being a legal opt-out in the EU is foolish; just send both headers, let local jurisdiction pick the which one is legally binding and which one can be ignored.
GPC has been standardised to never make it extendable beyond "Sec-GPC: 1" so there is no way for it to imply a set of choices in the future, without breaking backwards compatibility. The choices are limited by design.
Vinnl
Doesn't GPC have at least the force of Californian law behind it?
jeroenhd
Does it? All I've found is that it theoretically complies with California's decisions. I have yet to see that assumption make it through court. Meanwhile, DNT has the force of the GDPR behind it (https://gdprhub.eu/index.php?title=LG_Berlin_-_16_O_420/19).
Vinnl
Huh. So does that mean that LinkedIn respects DNT in the EU nowadays?
ddtaylor
Remove GPC too.
DyslexicAtheist
the conversation / system is rigged. how it should have been done in a fair way:
1. assume the user by default does not want to be tracked and make do-not-track opt-out.
2. have it running for a few years and gradually increase the heat on the discussion that nobody respects it.
But as it stands do-not-track never had a chance to succeed - I believe that was by intention.
zoezoezoezoe
How can we know you didnt want to be stabbed if we dont stab you first?
phoronixrly
Ah, an RFC 35140 reference
1oooqooq
you joke, but firefox features did work.
proof is that musk first and only feature added to shitter post purchase fiasco was to detect firefox anti tracking feature and block the user! the fact the most shrewd person in the world acted on it is perfect proof it worked againt his goals (which now we know was to influence elections)
1oooqooq
lol my keyboard autocorrected xitter.
Dylan16807
I have no idea how you expect to make 2 happen. Your plan doesn't sound like it would work either.
I would say this needs to start with a law, more or less.
orf
Oh no, gradually increasing heat in online privacy-focused tech discussions! An adtech companies worst nightmare! How will they survive :(
eastbound
I’ll laugh with you, but once Google is gone, the first replacement will be ChatGPT and it already is $20pm (and apparently, ChatGPT is so good at organizing the world’s information that I’m paying for it)(Yes it was Google’s mission)(Yes they failed). 2030 will be fun.
int_19h
That's the biggest reason to keep it - the more user agents support this standard, the easier it would be to write and push legislation backing it.
troyvit
I have to second this. It's a voluntary rule used by a browser with the market share that looks more like a rounding error. If this is all somebody was using to depend on their online privacy then they need a class.
In that light removing it might push a few people to apply more protections to their browser and be an overall (if extremely minor) win for privacy.
zamadatix
Even more than being ignored it added yet another way to narrow down a fingerprint.
n144q
About time. It has never achieved anything meaningful for protecting your privacy, if not helping the opposite by providing yet another signal to help uniquely identify a user and improve tracking.
Although, anti-tracking in general is basically fighting a losing battle. Go to https://amiunique.org/ and you'll see why. I use Firefox with all possible protection mechanics -- "strict" tracking protection mode, uBlock origin, yet I cannot escape first-party tracking.
One striking example: These days browsers may expose how many cores your device's CPU has to websites. That alone could eliminate 80%-90% of users. Combined with user agent, IP, language etc you are pretty much uniquely identified.
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/h...
barnabee
What I'd love to see is a default JavaScript environment (ideally across all browsers, but at least in FF) that is sufficiently basic as to be identical for all users with an icon appearing in the address bar when a site wishes to use advanced features that might enable tracking, so that these can be enabled on a case-by-case basis.
Low script rather than no script, if you will.
autoexec
> Although, anti-tracking in general is basically fighting a losing battle. Go to https://amiunique.org/ and you'll see why.
The goal shouldn't be to appear non-unique. There are too many little things that will out you. Even if you somehow account for every single one of them today your next browser update could enable more and you can't trust that amiunique.org is looking at every identifying data point either. It's an arms race you're going to lose.
What you want is to be differently unique for each website you visit. Even better if you have JS disabled by default and sites can't collect 90% of the data points your browser exposes at all. The best protection you could get would be to change up IP addresses via VPN and randomize your user-agent and other tells.
kube-system
> Even better if you have JS disabled by default and sites can't collect 90% of the data points your browser exposes at all.
There's two gigantic issues with that:
1. Most websites won't work
2. Most people like websites to work, and so they have JS turned on. If you don't, you'll stick out like a sore thumb.
autoexec
You'd be surprised at how many websites work just fine with JS disabled, at least in terms of providing the content you want. Menus/navigation might not work, and I wouldn't even attempt online shopping without JS, but enough websites still manage to display basic text and images without JS that it's a surprising annoyance when they fail to.
Sticking out like a sore thumb isn't a problem as long as you look like a different person's sore thumb to the next website.
mywittyname
I get by using no-script universally and it's rare that I need to allow JS for more than 2-3 domains to get a site fully functional. Usually it's limited to site, and site-cdn.
autoexec
It's also nice that with no-script and uBlock origin that it only takes a couple clicks to whitelist something and even then you only need to do it once and it can remember it for the next time. You can also use add-ons like LocalCDN so that a lot of commonly used JS can be used without a remote connection.
kube-system
> Sticking out like a sore thumb isn't a problem as long as you look like a different person's thumb to the next website.
Being consistently unique is okay as long as the tracking party is simply generating programmatic hashes. But if you're always unique, but in a specific way, it doesn't matter. The total amount of entropy matters.
> I wouldn't even attempt online shopping without JS,
So, a nonstarter for basically all normal internet users.
pmontra
All of Amazon.com works with their adsystem domain disabled by uMatrix. Only about half of their almost 100 js files are needed to browse products.
pessimizer
[flagged]
autoexec
I've yet to be banned by cloudflare but they will sometimes harass me with challenges that require JS to run.
Usually that's just an annoyance, but I often have to investigate questionable and outright malicious websites for work and some of them have started to use cloudflare so that you're forced to allow JS for the evil domain just to get past cloudflare's checks before you can even see the harmful website which then wants to use JS against you. Cloudflare is an affront to the philosophy of the internet and a menace.
mywittyname
This happens on my phone (Safari) way more than my laptop browser running NoScript.
3form
There are two orthogonal issues. You're mainly talking about the need of making the tracking (for people who don't want to be tracked) impractical; what also needs to be done is to make it illegal.
I feel like DNT was a "rushed" (i.e. with no legal backing) attempt to achieve the latter.
Sephr
> These days browsers may expose how many cores your device's CPU has to websites.
This information could be determined prior to the introduction of navigator.hardwareConcurrency.
I published a timing attack polyfill that derives this information and initially proposed the navigator.hardwareConcurrency API as a replacement for this timing attack polyfill.
In addition to the fundamental utility of this API, browser vendors also saw implementing this as a way to save battery life by making it no longer necessary for websites to benchmark user devices to determine this value.
Sephr
Removing this feature harms user agency. This will result in Firefox users having to deal with more annoying consent prompts.
Transcend Consent Management's default configuration opts users out of every unessential tracking purpose (and suppresses automatic consent prompts) whenever DNT is enabled, but only opts users out of "Sale/sharing of info" when only GPC is enabled.
Removing this centralized privacy signal means some users cannot express full opt outs to Transcend Consent Management by default without having to interact with annoying banners.
I believe this change was steamrolled without taking in proper consideration and feedback from the web community. Mozilla made this change so fast that barely anyone noticed the issue before it got closed[1]. To add insult to injury, they've configured their Bugzilla to disallow further comments from non-Mozilla employees after issues are closed.
I shared similar feedback with the Chrome team in 2023 when they were proposing to remove DNT[2]. They considered my feedback and currently DNT is still in Chrome, with its removal indefinitely postponed.
dewey
That it should exist because one (and there's probably not many) consent managers actually understands and uses this flag is not a strong point in support of that feature.
There's better ways to protect your privacy that don't rely on a best effort voluntary flag that you send to advertisers and hope they accept it.
Sephr
Agreed that users need more baseline protections.
Separately, privacy signals are being required by law in some regions. If we're going to have browser level privacy signals in the first place, we might as well support and use them as intended.
kuschku
Many consent managers and analytics tools support and use it.
Major sites like Geizhals.de actively use it.
It's been ruled to legally be considered rejection of tracking by German courts (Az.: 16 O 420/19)
Does every feature need 100% market share to be viable?
iLoveOncall
> Removing this feature harms user agency
It doesn't, because nobody respects it.
It is actually harmful to have a feature that misrepresents its efficiency to users, especially when it comes to privacy and security.
Nobody should ever feel that they will not be tracked because they enabled do-not-track, because it's wrong.
Removing it is the right thing to do because of this.
drannex
Counter: It does, because some organizations and webmasters did respect it.
The other option, Mozilla should have done, is shame companies that did not respect it. A continually updated list, a notification when browsing a site that did not, etc, but the problem comes from this being a vendor issue and that it would not be 100% accurate.
Shaming is the only way this would have worked out, but they didn't, but for the ones who did this out of being a decent organization, they now no longer have a standard to base it on.
jessyco
Where is this information about respecting come from? What tools or metrics do we have out there to observe it was being respected or not? Is it your feeling or do you have anything to back up what you're saying?
~ genuinely curious about statics on the subject.
drannex
No idea, which is why I mentioned it's a vendor related issue.
They could have stood up a regulatory-ish body, or group, that organizations could sign onto, and/or an accreditation organization that does audits to ensure they are following DNT.
Could have also done the simplest thing, the most error-prone, but still something tangible, and said "If you support DNT, add it a DNT-HEADER tag, and if it comes out that an org as using it and didn't follow it, then we will name and shame you". Just like we did with forcing HTTPS, the red icon did the heavy lifting there.
The decision to /not/ do so, seems to be a choice they willingly made, because all three of those options are potentially obvious security and methods of 'protecting the \'net' or 're-wilding the \'net' while also adding another revenue stream to ensure they have the financial bandwidth and personel to make This A Thing, as it should be.
shaky-carrousel
That nobody respects is is a false statement. Some do. Also that header permits users to signal sites if they want or not to be tracked, avoiding cookie popups.
Edit: I just saw that Firefox supports GPC, which seems a better alternative to DNT.
bluGill
But others use it as a signal. You are easier to track by the dishonerable with it. Meanwhile the honerable were probably not tracking as much [no way to tell but a reasonable guess]
joveian
You might be easier to track with it, but it is not hard to end up with a unique signature anyway. I can already be uniquely identified, so sending "Do Not Track" only has potential upsides. I have seen websites that claim to honor it so it seems to be doing something and I wish they wouldn't remove it.
mossTechnician
I looked into GPC, and I'm not sure if it's much better. From the implementation notes[0]:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
GPC also appears to use the same tracking signals as DNT, so it has the exact same potential for abuse, as far as I can tell. Maybe I'm missing something, but unless there's legal power behind this, I'm not sure if it's better.
arp242
So GPC is basically the same as DNT, but according to [1], "GPC improves on DNT in several ways:"
- Legal backing: Unlike DNT, GPC is supported by more laws, like the CCPA, which requires businesses to honor these signals.
- Targeted approach: While DNT broadly addressed tracking, GPC focuses specifically on stopping data from being sold or shared, making it more relevant to today’s privacy needs.
- Better adoption potential: GPC was created with input from regulators, privacy advocates, and industry leaders, to align it with existing laws and address previous gaps in functionality.
But essentially, it's more or less the same.
So it seems it's less "Firefox removes DNT" and more "Firefox deprecates earlier ineffective version of GPC".
jeroenhd
> GPC is supported by more laws, like the CCPA, which requires businesses to honor these signals
Because it's off by default? It's the exact same thing, a header with a preset value.
> While DNT broadly addressed tracking, GPC focuses specifically on stopping data from being sold or shared, making it more relevant to today’s privacy needs.
My needs are not being tracked. The tracking is what comes before the selling. I don't want to opt out of selling, I want to opt out of tracking.
> Better adoption potential: GPC was created with input from regulators, privacy advocates, and industry leaders, to align it with existing laws and address previous gaps in functionality.
"Gaps in functionality"? The difference between GPC and DNT is that DNT sends "DNT: 1" and GPC sends "Sec-GPC: 1".
Companies that never respected DNT aren't going to respect GPC. The only difference here is that IE doesn't have GPC enabled by default, but it does have DNT enabled by default.
JohnFen
> Companies that never respected DNT aren't going to respect GPC.
It depends. While I agree that GPC is technically just a more complicated form of DNT, the major difference is that DNT is 100% optional for websites to honor, which is why they don't, but GPC becomes mandatory for nations that have reasonable laws around tracking. Companies operating in those nations will honor it because there are legal penalties if they don't.
lukeschlather
Does this mean that if I set GPC, companies are not allowed to show me cookie banners under GDPR but just assume I hit whatever their "decline all tracking" button says?
dmattia
In California under CCPA, it actually goes beyond just frontend regulation and cookie banners, and into the realm of backend tracking management: https://oag.ca.gov/news/press-releases/attorney-general-bont...
The California Attorney General ruled that if a user presents a GPC signal, the company should update all of their backend systems to opt out of tracking in the same way as if the user clicked a "Do Not Sell My Personal Information" button.
kuschku
And similarly, German courts recently ruled the DNT header to be legally considered rejection of tracking (Az.: 16 O 420/19)
Legal backing obviously isn't reason enough for Mozilla to support a feature.
And GPC isn't even compatible with GDPR.
dpifke
If I understand correctly, DNT is being deprecated in favor of a new proposal, "Global Privacy Control": https://w3c.github.io/gpc/
So instead of sending the header:
DNT: 1
Firefox will now optionally (via a different setting than was used for DNT) send:
Sec-GPC: 1
I'm unclear on why anyone thinks this is a useful change. As a website owner who previously implemented anonymization code activated in the presence of a DNT header, I guess I can add code to also look for Sec-GPC, but this feels like churn for the sake of churn.
It also feels ridiculous that Mozilla can't just send both headers if the same browser preference is checked, rather than requiring websites to look for both. I get that they want stronger promises around "Sec-GPC" than around "DNT", but the latter is a subset of the former, so why not update the client-side checkbox description, and then send both?
ziddoap
The "Do Not Track" signal was more useful as an additional fingerprinting signal than it was at stopping tracking.
Perhaps now we can get something more robust in the works.
shakna
Deprecated in 2018. Removed in 2024. That doesn't seem like a timeline to take anybody by surprise, for a thing that was used to do the exact opposite of its purpose.
atoav
I think they should leave it in and the EU should legally make it an abuse to ignore it. Then we would also not need these good damn cookie banners.
pptr
Ignoring it means you need to get explicit consent, which is what the websites are already doing.
atoav
Legally they are required as of now to gather informed consent that is given freely.
Contrary to popular believe the EU has somewhat defined what that means (just read the law) and surprise: The way many datahogs wish it to be, isn't how the law was written.
E.g. if you trick or extort users into agreeing, consent was neither given informed nor freely. In front of the law it is as if you haven't asked for consent at all and GDPR fines can be up to 4% of the global turnover of the previous fiscal year. But yeah.
ezfe
The feature was being used to track people because of how low usage was
oytis
An obvious solution would be to turn it on by default
AlotOfReading
That's what IE 10 did. It led all the major advertisers to make public statements that they were going to ignore the header as a form of protest.
registeredcorn
Sounds good to me.
When (major advertiser/website detected): Prompt user, "Warning: (Advertiser/website) insists on tracking you, and have made public statements affirming this position. Your privacy is not enforceable on this website."
tehjoker
more like class action or regulatory step in. in theory market transactions are based on mutual consent. if consent isn't respected, then that's a problem.
registeredcorn
I actually ended up expanding on this a bit in a different comment thread, if you're interested. :) [1]
It's a tough position to be in because the thing that really gets heads turning is regulation, licensing, and fines, but...when it comes to website design (assuming we're not talking about illicit material) I get queasy at the idea of (the/any) government saying, "You're not running your website the right way! Pay us money!" Perhaps the few exceptions being something like: PII storage, or payment processing.
I dread the idea of anyone saying you have to, say, use a specific font type or whatever, you know? I don't want to put that burden on website owners, or complicate my own life.
I'd rather inform the end user, point out the biggest offenders, and leave them be. "Detect, inform, and move on." Big scary message[2] then leave it to the user to decide what they want to do. "Oh, they're going to track me? Let me look up that VPN-thingy I keep hearing my nephew talk about."
[1] https://news.ycombinator.com/threads?id=registeredcorn#42380...
tehjoker
I don't think there's much support for specifying a specific font. I do think there is support for making companies do things that don't exploit users.
kjrfghslkdjfl
[dead]
wkat4242
This was used as an excuse by sites and advertisers to not support it actually. Because some browsers did that.
That wouldn't fly in the EU though because tracking is supposed to be opt in so enabling by default is fine.
dbbk
That's exactly what killed it. Everyone started ignoring it once Edge defaulted it to on.
JohnFen
But without it defaulting to "on", it would have died anyway. That's why the entire effort was doomed from the very start.
The only way that anything like this can possibly succeed is through legislation.
ncphil
"Do Not Track" was a good standard, but on the today's global Internet, unenforceable without serious push back against non-compliant sites from either government regulators and/or consumers. In other words, privacy theater that misled users into thinking it made them safer. It has also been suggested that DNT signals are used by some advertisers in profiling users. But removing DNT suspiciously seems like a capitulation, and will short-circuit any existing efforts to use it to protect consumer privacy. Maskawanian is right, this was inevitable once Mozilla decided to become an ad company (as was their adding the deceptively named Privacy-Preserving Ad Attribution feature earlier this year). I think it's time for people concerned about privacy to consider alternatives to Mozilla.
dylan604
I think the browser should behave differently when Do Not Track is enabled. Instead of whatever it does now, it should be updated so that when the user selects it the browser automatically installs uBO, privacy badger, etc. After all, that's what the user really needs to have the browser respect their wishes of not being tracked.
So rather than eliminate it with another thing that is nothing more than a name changes, it should just become useful
bguebert
I always though something like ublock origin should be built in with a standard format for the block list rules so people could just use different rules lists if they wanted to.
It would be nice to have a feature for enable/disable javascript per site also.
mixmastamyk
Believe it does. Also noscript exists.
ReadCarlBarks
NoScript is a relic of the past and redundant with uBlock Origin - https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...
mixmastamyk
Not at all. I find noscript much easier to understand. I only use UBO for "set and forget" installations, as configuring it is a nightmare.
sedatk
That already exists in forms of privacy protection settings on browsers. DNT was a very specific feature. Privacy protections were not removed, DNT was removed.
dylan604
I think you are intentionally missing the gist of the post, but here goes anyways. DNT was a very clear signal by the user that nobody respected. So instead of accepting it being useless and throwing it away, just change how the browser behaves when the user enables the option by updating the browser in a way that will actually prevent tracking.
sedatk
What I’m trying to say is, that’s already the default running mode of a modern browser with the maybe exception of ad blockers on some. They already come with all privacy protections that don’t compromise compatibility. DNT, being a specific feature enabled by a very few people, doesn’t make sense to be reshaped into entirely something else like ad blocking (which is way beyond tracking protection and not necessarily mutually exclusive with it) or disabling of third party cookies (which has auth related consequences).
The conflation of semantics isn’t worth it, and may even be harmful. I totally disagree with the proposal.
lambdadelirium
Well it never worked, nothing of value was lost. Although, a little concerning in the light of many Mozilla's recent recruitment decisions and especially AI shilling focus
Semaphor
IIRC geizhals.eu (price comparison site) respects it. They are probably the only ones, though :D
jmward01
What I want is to have a 'pay me for ads' option that links payment info so that I get $ for viewing the ads if enabled or doesn't show the ads if not enabled or the ad service isn't willing to pay up. At least this way I would get a cut of the money they are making on me. Expanding on this idea you could even set your rates 'cross-site tracking is XX, video is YY, sound is 1$/second, etc etc'
holri
DNT is legally effective. A German court ruled: "According to the General Data Protection Regulation (GDPR), the right to object to the processing of personal data can also be exercised using automated procedures. A DNT signal represents an effective contradiction."
https://cybernews.com/tech/germany-court-bans-linkedin-from-...
kuschku
Typical "only america counts" attitude from Mozilla here tbh.
They support GPC because it has legal backing by the california attorney general, but remove DNT because it's only supported by German courts?
ajsnigrutin
Browsers need a "keep my cookies" button next to the url bar, separate cookie jar per domain, and then by default, delete all the cookies when you close the window. No EU cookie prompts would be needed, no "this feature does not work without third party cookies, no DNT, no nothing... silently accept all the cookies, and then delete them. (and other persistent storage too).
Want to stay logged in? Press the "keep the cookies for this domain" button by the url bar, and a separate cookie jar will be made just for example.org and persist there.
daveoc64
This is a common misconception with the "EU cookie prompts".
The EU does not require the use of "cookie prompts".
User consent is required to process a user's data for certain purposes+.
That may involve the use of a cookie, or it may not.
Whatever technological methods you use to process the user's data, and regardless of whether it happens on the client or server, you must ask for consent.
Having a system where cookies are not remembered between sessions would be no use, as the user's consent would still be needed while those cookies were set.
+Not everything needs consent, but things like tracking for advertising or analytics typically does. Even if you do it via IP address or local storage, you need to ask for consent - nothing to do with cookies.
timbit42
So make the Cookie Autodelete add-on into a browser feature.
mixmastamyk
Already a checkbox in prefs. I use it.
ajsnigrutin
I already have my cookies sorted out... i'm talking about defaults and the EU cookie law, the DNT, etc. Instead of accepting cookies (eu cookie law prompts) on every goddamn site, this should be handled by the browser directly.
jessyco
My feelings initially was frustration but after some time I lean more towards the general comments here, where its better to remove something that miss-represented the "action" of the request.
I have never noticed any kind of acknowledgement from any website I've visited in years with Firefox and this option on.
I want to do something to help signal "No thank you, I don't want this" messaging so the "harms user agency" feels relevant but if its not respected on the other end whats the point.
1vuio0pswjnm7
This is one of those changes that is so small anyone could reverse it when compiling Firefox themselves. At the same time I would rather add the DNT HTTP header via a localhost-bound forward proxy (one line in a configuration file) than edit and recompile the Firefox source code. I believe the term for this is "convenience".
As Mozilla likes to tell everyone, Firefox is open source. Wonderful. But making it easy for more users to edit the source code and compile it is not on their list of important things to do.
Removing or adding an HTTP header is a trivial change anyone can make in the source code of any browser. Perhaps all the Firefox forks will keep the DNT header. They certainly could if they wanted to.
NB. I am not suggesting whether anyone should or should not use DNT. I have no comment about DNT. Rather, I am making a point about the lack of user control over inclusion or exclusion of (open source) browser "features", specifically HTTP headers.
LinuxBender
In my unpopular opinion it was a silly cart before the horse idea to begin with. I do not believe I need to be a lawyer to suggest there would first need to be a set of laws with some serious consequences if a company does not respect the header and can not prove it has respected the header when a court, legal team or the individual request proof. And that is only useful if the company is in a country that must respect such laws. Each country would need their own corresponding laws. And of course the devious companies would move their headquarters to some island nation.
By consequences I mean a percentage of their revenue vs profit which can be waved away by accountants is seized, donated to people affected by shady companies and all the leaders of the company must be marched through cities by shame nuns whilst citizens are permitted to throw rotten food and excrement at them. Anything short of this would just be the cost of doing business.
hkt
I suppose it follows that they'd remove a feature that virtually nobody respects.
aucisson_masque
The web is the equivalent of a far west, for the better and the worst.
You can't expect people to willingly support a feature that diminish their revenue, it was doomed from the start.
I think everyone with a brain cell could predict that, in my opinion mozilla would have better allocated resources on feature that are client side, not server side.
For instance the containerization of cookies, the support of mv2, integrating ublock origin by default, and so on.
pessimizer
[flagged]
mancerayder
I gave up on Firefox as I fought media autoplay some years ago, and have been using Brave.
Any other Brave users? Brave definitely causes issues on sites and shields have to be turned off. And, it's painful if not impossible to whitelist a whole domain, it's by host, which is completely annoying. But Brave does its job well.
Any other Brave users?
How do you compare Firefox+ ublock origin on mobile?
I'm an android user FWIW
hedora
I never understood why the courts didn’t uphold “do not track”.
One of the basic tenants of contract law is “last writer wins”. If I say “here’s a contract”, and then you make amendments to it, sign it, and then I sign it, the amendments are part of the contract.
It is legally obvious that “Do Not Track” should be incorporated into the user agreement for the web site.
mattxxx
Agree with this choice. DNT didn't work, and now it's just a signal that could _help_ organizations track you.
openplatypus
If you think you can/could ignore DNT, think again:
https://wideangle.co/blog/do-not-track-gdpr-opt-out
While highly uncommon, there were legal grounds to treat it as strong opt-out signal.
dathinab
Is Mozilla killing it because German courts ruled that it's a binding GDPR opt out and as such you can't harass people with DNT flat with opaque often not fully legal consent dialogs?
Like it might make all their tries of cookie/tracking alternatives meaningless.
ErigmolCt
Switching to Global Privacy Control (GPC) makes sense... Considering that it backed by legislation in some regions, giving it more teeth than DNT ever had. But it’s also a reminder that technical solutions alone don’t solve privacy issues
Jleagle
As a web developer i don't think i have ever supported this feature, but only because i never remembered to. It's a pretty easy feature to add, but unless browsers can force it, you're better off with uBLock.
fein
No one (corporate) supports it unless it comes enabled by default with whatever compliance service/ plugin used on their sites. The best combo I've found so far is Waterfox + uBO. I'm sure there are others, but this works well if you don't want to use a chromium based browser.
amelius
This is what the EU should have enforced instead of cookie popups.
yencabulator
EU didn't enforce cookie popups; companies choose to implement them as a form of malicious compliance.
sebazzz
DNT was dead the moment some web browsers enabled it by default. No regular user will uncheck this setting, buried in a settings screen.
kube-system
DNT was dead even when web browsers didn't enabled it by default. No regular user did check that setting, buried in a settings screen.
cymon
Probably a stupid question, but why is it not possible for a browser to ignore cookies from a site where the user chose 'Do Not Track' then that's it, they can't have cookies, can't log in e.t.c alternatively a few white labeled cookies can be agreed upon as a standard e.g just to support maintaining logged in sessions
meiraleal
Google won't let Mozilla ever do that
2OEH8eoCRo0
"Do not track" can ironically be used for fingerprinting.
akimbostrawman
everything can
hkt
My recommendations:
https://consentomatic.au.dk/ - automagically denies consent to GDPR banners https://ublockorigin.com/ - the one and only https://decentraleyes.org/ - skip tracking CDNs
karaterobot
Browsers have such a low switching cost. I like Firefox because it has seemed aligned with me against web advertisements. Not even privacy, per se, but web advertisements specifically. If it stopped being that, I might as well go back to Chrome, which works a lot better on a lot of websites. Not saying Firefox is evil now, just saying there is nothing keeping me around if I get the sense that it's changing in ways I don't prefer.
ksec
> which works a lot better on a lot of websites
Since you are said a lot of websites do you have any examples? I have actually encounter more problems with Safari than Firefox.
gkoberger
Sunsetting this feature doesn't indicate Firefox has changed their opinions. DNT was never effective, and provided a false sense of security. No tracking company respected it, so it just became a meaningless setting.
karaterobot
Not saying Firefox is evil now, just saying there is nothing keeping me around if I get the sense that it's changing in ways I don't prefer.
registeredcorn
> However, as we approach 2025, with growing concerns about online privacy and data protection, Mozilla believes that DNT is no longer an effective privacy measure. Many websites ignore the DNT signal. Therefore, Mozilla has removed the DNT signal from Firefox version 135.
This is spurious reasoning. "Many" is neither a percentage, or a basis for justification. Many people ignore speed limits - so what?
>The company recommends using the Global Privacy Control setting as an alternative to prevent websites from tracking user data.
>If you wish to ask websites to respect your privacy, [...] [t]his option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.
Increasing numbers? But then that means that "'Many' websites ignore it", right?
This reeks of early movements towards monetization of their shrinking userbase. It's genuinely disappointing. I used to like Firefox, and continue to use Thunderbird today. Good luck to the stragglers who decide to stick it out.
n144q
Websites don't just "ignore" DNT, they actively use DNT to improve tracking.
From a product perspective, this is an additional option in their settings page that is confusing and marginally useless. I work on creating user facing products as my job, and I 100% support this decision.
I'll be honest: nobody is going to stop Firefox because of this, because it does not affect their life in any way or manner.
registeredcorn
Per oytis: "An obvious solution would be to turn it on by default"
I do agree with your point on people continuing to use Firefox in spite of this. Most people are not invested in the details, or don't care about security/privacy, or can't be bothered to figure out which other browser option is best for their use case.
My annoyance is more so on their behalf - that average people will probably be unaware of what security feature is being taken away from them. Do they care? Probably not. Will it change much for them? No. It irks me, however, that they no longer even have the option.
JohnFen
> It irks me, however, that they no longer even have the option.
I think the major point is that they don't have the option right now. The percentage of websites that honor DNT is a rounding error, so the existence of it -- at best -- gives the illusion of privacy protection. In my opinion, the illusion of security is worse than not having security but knowing it.
registeredcorn
>The percentage of websites that honor DNT is a rounding error
Referring to my previous comment: "This is spurious reasoning. 'Many' is neither a percentage, or a basis for justification. Many people ignore speed limits - so what?" Privacy configurations are not a popularity vote. Instead, they are an implementation of software design. E.g. "No one" bothers with PGP, therefore it should be supported.
A more charitable description of DNT, instead of saying it is "not an option" would be that it is a privacy option that is poorly enforced - exceedingly so!
I will of course agree wholeheartedly that the effectiveness of that privacy option, which is independent of its implementation and design, is ineffective. I also agree that it has a theoretical potential to give a user "false optimism", because of its failure of enforcement, but I don't see that second point as being inherently harmful.
I suppose it comes down to whether you want to take a pill that has "reduced effectiveness" at fighting pancreatic cancer, or if you prefer the several seconds saved in not needing to swallow. In my mind, even if the pill sucks and has a failure rate of 99.7/100, it seems bizarre to snatch it away from someone who would like to take it anyway.
recursive
> poorly enforced
The problem is that there is no, and can be no enforcement mechanism. Unless you live behind a great firewall of [country] or are only accessing the web through your employer's corporate network.
Operating a motor vehicle on public roads requires a license and vehicle registration in most jurisdictions. These rules are not always observed, but there are enforcement mechanisms in place.
There is no website licensing body, and kind of can't be without making everything worse.
registeredcorn
You raise some good points! I was going back and fourth about the speed limit analogy since cops do pull people over for speeding. I was trying to think of some thing that is supposed to be followed, but is commonly ignored without consequence. Perhaps the 6' social distancing recommendations during lockdown would work better? There was an expectation that people follow it, but actually adhering to it differed wildly depending on where you were.
Returning to the point, I suppose the question might be what enforcement would even look like, as you mentioned. Some governmental organization ala DMV? Seems excessive. A professional organization of some sort, similar to IEEE? Probably not. Perhaps just a "watch dog" organization like a sister organization to the EFF, specifically focused on reporting which sites honor, and dishonor DNT.
Personally, I would prefer the last, with some kind of check that could help indicate in the browser visually to the user whether the site honors DNT. Similar to (or tied into) the lock symbol for HTTPS would be nice. Outside of that, it seems like such a niche and fringe thing that, unless enabled by default, would fall on deaf ears. I don't see myself endorsing some kind of financial penalty, simply because I think it would hurt small websites. And also because website stuff is confusing and stressful enough already. I personally think a kind of visual "name and shame" to the end user, along side improved support to support DNT would be optimal.
I.e. Hot dog on a stick in one hand, dog poop on a stick in the other hand.
Reading through the Wikipedia article, it sounds this is largely what was already done with DNT, and failed. https://en.wikipedia.org/wiki/Do_Not_Track#History
...And subsequently, GPC began to act in a way that I'm not thrilled about. https://en.wikipedia.org/wiki/Do_Not_Track#Global_Privacy_Co... It comes off reeking of a pretext to confine the nature of how websites, and the internet at large, are allowed to operate.
recursive
Personally, and this is not backed up by any legal framework or anything, I think it is and should be the user agent's responsibility not to leak any info to any parties that the user doesn't want. And that's why I think having the dominant browser being maintained by the operator of the largest advertising network is kind of a problem.
bluGill
Unless you have a plan to make it useful it needs to go. Right now it is false advertising. If you can find someone and successfuly sue them for not honoring it great - but you still need to do a lot more (sue many others in many countries).
registeredcorn
What need is that? Bad people with malicious intentions exist: therefore, remove something that functions properly.
DNT is not shilled by some privately-owned company that claims it will somehow, "Make users invisible online for the low, low price of (money)!" Instead, it is simply an HTTP header that some (many) websites ignore, or outright maliciously exploit for personal gain.
Computer Operating systems are not "false advertising" simply because certain programmers ignore standard practices outlined by the maintainers. It is not the fault of an Operating System if programmers refuse to adhere to the documentation on how something should be implemented. It's certainly not a sensible justification for Operating Systems "needing to go", just because people write bad or malicious software to abuse an OS's weaknesses.
To be clear, I am hardly saying DNT is a good option, precisely because so many websites have ignored or abused it in the past. I am simply saying DNT should be an option, and that it should be one that is enabled by default.
>If you can find someone and successfuly sue them for not honoring it great - but you still need to do a lot more (sue many others in many countries).
If DNT is removed as being an option, what need would there be for such a law to be created in the first place? You said you support the idea of a law being made - shouldn't you be for DNT remaining, then? I hope that doesn't mischaracterize your point but it's a little confusing, it sounds like you're saying you: support the premise of DNT, want a law to enforce DNT...and you don't want DNT as a configuration option in Firefox.
bluGill
I didn't say a law needs to be created. however if there is no enforcement of this header it is useless. Law is the only way I can come up with to enforce this (courts just implies there is some existing law - would this header field be considered a contract for example?), but if you can come up with something else I'm open to that. However so far is has not been enforced to do what it claims to do and nobody is making progress on changing that.
Dylan16807
> It irks me, however, that they no longer even have the option.
You can use an extension to set the header if you really want it. I think that's an okay level of difficulty for something so misleading and ineffective.
kuschku
> I'll be honest: nobody is going to stop Firefox because of this, because it does not affect their life in any way or manner.
I will stop using Firefox because of this.
Many German sites actually follow DNT, because German courts only recently ruled DNT to be legally binding.
Mozilla removing a feature that has even gotten legal support has to be an absolute clown take.
ddtaylor
Mozilla makes it increasingly difficult to support Firefox. I'm beginning to realize the only solution there is an entirely different governing body than Mozilla like most of the Firefox derivatives are now. Sigh.
recursive
Maybe so, but this particular move seems unambiguously good. DNT is a net negative and is misleading. Its only practical effect is to add another bit of entropy to shady fingerprinting mechanisms.
1oooqooq
now only if firefox enabled real privacy things already available as addons for decades.
start with uBlockOrigin and i-don't-care-about-cookies and you have the world most privacy respecting browser with zero downside.
hoseja
Was it anything but another bit for identification?
shortsunblack
The relevant context is that Mozilla is now an adtech company. Reuter's coverage over noyb complaint over illegal "PET" adtech: https://www.reuters.com/technology/mozilla-hit-with-privacy-...
Mozilla buying out an adtech company: https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-t...
Mozilla has also been lending its credibility and whitewashing Meta's "PET" measuring standards at W3C. More on this, from Mozilla: https://blog.mozilla.org/en/mozilla/privacy-preserving-attri...
zxcvbnm69
[dead]
meiraleal
Sad to see Mozilla rotting like this. When was the last time people cheered for some Firefox change?
throwaway984393
[dead]
josefritzishere
[flagged]
Maskawanian
[flagged]
gruez
>they became an ad company
???
perihelions
- "...But, for right now on the internet of today, a big part of the answer is online advertising. We started engaging in this space because the way the industry works today is fundamentally broken. It doesn’t put people first, it’s not privacy-respecting, and it’s increasingly anti-competitive. There have to be better options. Mozilla can play a key role in creating these better options not just by advocating for them, but also by actually building them..."
https://blog.mozilla.org/en/mozilla/digital-advertising-priv...
- "...We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark..."
https://old.reddit.com/r/firefox/comments/1e43w7v/a_word_abo...
Etc. (You have to read these things *carefully*, because, the way Mozilla corpos write press, they obfuscate words to the point you can barely make out the sense from the noise).
ddtaylor
Mozilla changed their goals over the last 5 years pretty drastically in an effort to chase revenue. It's a failing strategy assuming you want go remain a privacy focused organization.
throw4847285
Ask app not to track! Ask app not to track!
iykyk
throw4847285
This was very obnoxious. What I meant to say was, there's a great Jon Early comedy bit about this.
dev1ycan
Ilost care about Mozilla long time ago, too many issues with them, I'm waiting to see if ladybird will become viable, hopefully it will in a few years
internet_points
Next thing you know Thunderbird will remove the "Do Not Spam" feature
I was at Mozilla when this was implemented.
It was completely optional for websites to support this. A few did at first.
A lot of people internally wanted it to be on-by-default, but the argument was that if it was, nobody would respect it – after all, what tracking platform would willingly only track the 0.1% of people who went into the settings to enable it? (Internet Explorer did eventually enable it by default, which got them good press but ultimately killed the feature since everyone stopped respecting it.)
Overall, I'm happy to see this sunsetted. I don't think it actually did anything – in fact, I think it implies that it did way more than it did, so it was just a faux feeling of security.
(All that being said, I would love if the cookie modals on each site became browser-level, but I'm sure there's many reasons that hasn't happened yet. And I suspect a bit reason starts with a G and ends with an Oogle.)