this post was submitted on 10 Dec 2024
86 points (93.9% liked)

Privacy

32482 readers
235 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 2 weeks ago* (last edited 2 weeks ago)

This article mentions using Global Privacy Control as a replacement for Do Not Track, but doesn't bother to explain what GPC does. Its adjacent article incorrectly claims that GPC uses the DNT: 1 header field, fails to explain further, and links to a Mozilla page that doesn't explain it, either.

Even the GPC web site fails here, offering several pages of vague, abstract fluff about their intentions and a useless document full of marketing industry acronyms, without anything substantial about how it works. The single mention of a spec fails to state where to find it. The closest it comes is a tangential sentence containing a broken github.io link.

Finally, and only because I happen to know github.io's URL format, I was able to guess my way to an organization page, and from there to a project page, which has a README file containing a footnote linking to the proposed spec:

https://w3c.github.io/gpc/

Geez... it's as though the people involved don't want anyone to know how this proposed safeguard is supposed to work.

After reading it, it looks like these are the main differences in Global Privacy Control vs. Do Not Track:

  • Replaces the DNT: 1 header field with Sec-GPC: 1.
  • Adds a javascript property to indicate the same thing.
  • Does not honor preference changes after the first navigation to a site. (Having changes respected apparently requires clearing site data from the browser and reloading. A helpful browser might prompt the user to do this.)
  • Defines a way for sites to indicate that they are aware of GPC (but does not require them to honor it).
  • Expresses a wish that your data not be shared, but says nothing about it being collected.
  • May be considered legally binding in some jurisdictions. It's not clear whether the few that currently recognize it will enforce it in any meaningful way.