"Do Not Track" isn't working

Description of the issue:

Turning on “Do Not Track” in Brave doesn’t work when visiting the EFF’s “Cover your Tracks” site.

With this setting turned on, it warns you that the browser is not adhering to “Do Not Track” policies.

Exact URL of the website in question:

Does the site function as expected when Shields are turned off?

Unrelated.

Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no):

“Do Not Track” configuration.

Does the site work as expected when using Chrome?

No, same result.

Brave version (check About Brave):

Version 1.25.68 Chromium: 91.0.4472.77 (Official Build) (64-bit)

We have no way of verifying that a site actually adheres to the Do Not Track policy they claim to follow. Therefore, we don’t treat these sites differently and we enable our anti-tracking defenses regardless.

I agree that the server can ignore this at will (which I assume most do).

But this is a test site specifically to see what features they support.

Wouldn’t they be able to see if Brave sent the “Do Not Track” header? And they are specifically not seeing it even with the setting enabled in Brave?

This would appear Brave is not sending the headers regardless of whether this toggle is set.

Or do you think this is an issue on their side?

Or is this feature just something that does nothing and will likely be removed?

Just tested https://browserleaks.com/donottrack and seem to work fine.

The W3C disbanded its DNT working group back in 2019, and a month later Apple discontinued support for DNT. The successor of DNT is the Global Privacy Control header (GPC), you can read more about it over here: https://brave.com/global-privacy-control/.

The DNT header has never been an effective way to protect your privacy as websites could easily decline your request to not be tracked. Many people claim that enabling the flag only makes you easier to fingerprint (standout) in the crowd of users.

Agreed, DNT has been irrelevant for quite some time. Just responding to the DNT toddle doesn’t work, I would say the eff test is either buggy/not updated. Ideally Chrome should just remove DNT

As a full-stack developer myself for decades, I’m certainly aware of DNT and it’s complete uselessness.

I’m just curious exactly what this EFF test is checking that is warning specifically that DNT is not being blocked by Brave (and Chrome for that matter).

The setting may be irreverent (and should likely be completely removed as a toggle in the browser). But for the time being, while it exists, I was curious about the discrepancy on this test.

I’m curious why they feel Brave is not compliant with this flag.

reconfirm with https://browserleaks.com/donottrack

I believe they’re checking whether or not the browser downloads https://coveryourtracks.eff.org/.well-known/dnt-policy.txt from their server. This is something that Privacy Badger does but that nobody else does as far as I know. Privacy Badger then disables some of its blocking when it detects a “strong” DNT Policy.

There’s no need for us to download that file because we’re not going to trust the site’s dnt-policy.txt in our determination of whether or not to block anything.

1 Like

This all makes technical sense to me.

Can close as “not an issue”.

1 Like