Option to check/honor EFF DNT postings

[dhowe]

as eff.org/pb does...

something like:

• check each domain encountered (only once within a specified time-frame), for a valid DNT posting
• if exists, and is valid, add domain to whitelist (mark as DNT)
• if not exists, or is not valid, and exists on whitelist, marked as DNT, remove from whitelist
• once whitelisted, ads will not be hidden, or visited

[mushon]

Ideally this could be implemented as a subscribable whitelist?

[dhowe]

A list of (exception) rules in the abp/ublock/pb/adn format would be pretty nice for any other tools wanting to adopt EFF's DNT mechanism. An issue is the maintenance... though a script (run by EFF) could automatically updated this list.

This might also eliminate a fair number of requests being made by PrivacyBadger (and soon, AdNauseam) as each extension is checking and re-checking for the same DNT files over and over. See PB ticket.

I guess the question for EFF is whether this goes against PB's philosophy, that each client figures out how to act on its own, based on real-time data (though it already uses a centralized cookie-block list)... any thoughts on this @cooperq or other PB devs?

[cooperq]

I am currently working on an ABP format white list for DNT compatible domains, privacy badger won't be using this for various reasons, but I am hoping to convince abp and others to use it.
Tracking this issue in EFForg/privacybadger#894

[dhowe]

Note: we should consider what to do when a user selects the respect-DNT option while, at the same time, NOT enabling the send-DNT-header in the browser itself.

The options are:

1. show a warning (and possibly do one of the below)
2. ignore the browser setting and send DNT anyway
3. toggle the browser setting to correspond to user choice
4. don't send the header, but still whitelist DNT-posted sites
5. disallow enabling DNT-respect unless its already set in the browser

See EFForg/privacybadger#474 and EFForg/privacybadgerfirefox-legacy#767

For me, the viable options are 3 and 5, both in conjunction with 1 (a warning)...

[mushon]

I vote for 1+3

Mushon Zer-Aviv
Mushon.com | Shual.com | @mushon

On Aug 13, 2016, at 06:46, dhowe [email protected] wrote:

Note: we need to consider what to do when a user selects this option while, at the same time, having sending of the DNT header disabled in the browser itself.

The options are:

1. show a warning (and possibly do one of the below)
2. ignore the browser setting and send DNT anyway
3. toggle the browser setting to correspond to user choice
4. don't send the header, but still whitelist DNT-posted sites
5. disallow enabling DNT-respect unless its already set in the browser

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

[dhowe]

@mushon Need to think about how/whether we show the DNT list under 3rd-party settings; we may want people to be able to see when its out of date and trigger an update-check (like other lists), yet we don't want them to be able to toggle it on/off (instead, this should be automatically done when they select either of the honorDNT options)

Options:

1. list is invisible with state (and updating) managed only by the addon
2. list is visible, but the toggle checkbox is disabled (grayed-out) and a mouse-over states that the
   toggle is controlled by the DNT settings...
3. checkbox for the list is active (like other lists) and honorDNT options are toggled based on its state (this not straightforward so I would argue against this choice)

Related question: do we want to offer the option of enabling this list (and sending the DNT header) when both 'hiding' and 'clicking' are disabled?

[cooperq]

FWIW in privacy badger we just automatically send the DNT:1 header. I agree that 3 is the best option, you should probably make clear to the user that this means the DNT header will be sent (AFAIK you can not programatically set the DNT header in chrome.)

[cooperq]

Permallink to EFF DNT whitelist: https://www.eff.org/files/effdntlist.txt

[dhowe]

Per our discussion, I think we will go with the following:

• include a non-user-interactive DNT list entry on our 'whitelists' page in settings
• send the DNT header, and enable the DNT list entry whenever either DNT setting is enabled

[dhowe]

done in 3.0.5