title makes it look like firefox is just removing yet another security feature as part of its enshittification process, but reading the article it looks like it makes sense
It does. It’s yet another data point used in fingerprinting, and not many people enable it. 'tis but a single setting, but combined with everything else they can track about your browser it is effective.
In case you want to run a test to see how fingerprinting affects your browser:
Yes and no. There are still plenty of things that get tracked regardless of JavaScript, and disabling JavaScript is it’s own mark they can track.
Do Not Track is one such request, but screen size, viewport size, language, timezone/region, whether you block ads or not, browser/engine version, and many more are all things that do get tracked without the need for JS.
All have legitimate reasons, but can also be abused by being tracked server-side.
The cover your tracks page on eff.org has some pretty good explanations for most things.
Fun fact, the reason the TOR browser launches in windowed mode is so that this viewport size tracking is less of a marker.
I just have a hard time wrapping my head around why certain things have to be reported back. Like screen size - you can request a desktop site, so why not just let the browser request the page, the browser gets the information and displays how it needs to - why bother reporting that information back to wherever? Why not just have the browser not send back that info, or send back randomized/fake info?
Websites automatically adapting to viewport size is pretty handy, not having to select whether you want the mobile site or not each and every time you load the page is generally considered a good thing.
You may also want the website to adapt to smaller or wider windows, unless you want every website to become one where you manually zoom in and pan around.
Similar things go for language and timezone.
There are various ways to spoof various settings about your browser, through add-ins or otherwise.
Yeah, I’m not too mad about this. It’s a good idea, but without legal weight behind it, it ultimately failed. Ideally GDPR and similar regulations would provide something similar, so I can set my preference once and every site would be required to respect it. That would be much better that the current situation, which is that I am forced to navigate every asshole site’s custom cookie notice. Each one’s a little different, and some of them break certain browser configurations. It’s a UX nightmare. This is probably by design — annoy users into submission. Because nobody in their right mind would ever click “allow” if it were not the easier choice.
title makes it look like firefox is just removing yet another security feature as part of its enshittification process, but reading the article it looks like it makes sense
It does. It’s yet another data point used in fingerprinting, and not many people enable it. 'tis but a single setting, but combined with everything else they can track about your browser it is effective.
In case you want to run a test to see how fingerprinting affects your browser:
The only way to really stop this is to disable JavaScript?
Yes and no. There are still plenty of things that get tracked regardless of JavaScript, and disabling JavaScript is it’s own mark they can track.
Do Not Track is one such request, but screen size, viewport size, language, timezone/region, whether you block ads or not, browser/engine version, and many more are all things that do get tracked without the need for JS.
All have legitimate reasons, but can also be abused by being tracked server-side.
The cover your tracks page on eff.org has some pretty good explanations for most things.
Fun fact, the reason the TOR browser launches in windowed mode is so that this viewport size tracking is less of a marker.
I just have a hard time wrapping my head around why certain things have to be reported back. Like screen size - you can request a desktop site, so why not just let the browser request the page, the browser gets the information and displays how it needs to - why bother reporting that information back to wherever? Why not just have the browser not send back that info, or send back randomized/fake info?
Websites automatically adapting to viewport size is pretty handy, not having to select whether you want the mobile site or not each and every time you load the page is generally considered a good thing.
You may also want the website to adapt to smaller or wider windows, unless you want every website to become one where you manually zoom in and pan around.
Similar things go for language and timezone.
There are various ways to spoof various settings about your browser, through add-ins or otherwise.
removing
yet anothersecurityfeaturetheatre.DNT was always just an honor system, and can be used as another data point for fingerprinting.
Yeah, I’m not too mad about this. It’s a good idea, but without legal weight behind it, it ultimately failed. Ideally GDPR and similar regulations would provide something similar, so I can set my preference once and every site would be required to respect it. That would be much better that the current situation, which is that I am forced to navigate every asshole site’s custom cookie notice. Each one’s a little different, and some of them break certain browser configurations. It’s a UX nightmare. This is probably by design — annoy users into submission. Because nobody in their right mind would ever click “allow” if it were not the easier choice.