Global Privacy Control

Site Development Guide Suggestions
1

I think we should recommend enabling Global Privacy Control in certain situations, mainly jurisdiction dependent.

There are similar fingerprinting concerns to Do Not Track (i.e. it adds one extra bit), but unlike DNT, GPC is a legally enforceable request in California (where a company has already faced a fine due to not respecting this request), Colorado and Connecticut. It also may be applicable in the EU, UK, Nevada, Utah and Virginia. Thus, if you want to exercise your legal privacy rights as a resident of these locations, it might be a worthwhile tradeoff.

To me, this seems to make sense to enable if:

  • You reside in one of those areas
  • You don’t, but you want to send a statement (or hope that websites treat you the same as they treat Californians)

It doesn’t make sense to enable if:

  • ???

I don’t really see a practical downside to this recommendation, seeing as you are already fingerprintable and GPC/DNT doesn’t change that. The most likely scenario is that this setting just does nothing, but it could still potentially set up privacy class actions against corporations in the future.

Tor/Mullvad Browser users should not enable it unless it gets enabled by default in Tor/Mullvad, of course.

Current support:

Brave users always have this header enabled, no action necessary. (There is no fingerprinting risk since all Brave users collectively enable it)

Firefox users can enable it optionally: Global Privacy Control | Firefox Help

Chromium users can use an extension like:

2

I very much agree that we should be recommending and educating people about the GPC.

An ideal solution would be for Browsers to enable GPC by default. But of course it is not within our control whether they do or do not do this (we should push for it though).

I don’t see any reason for why TBB and MB for example wouldn’t enable this (since their users can only blend in with one another, anyway, it doesn’t seem like it would pose an additional risk). USERS should not enable GPC manually in TBB or MB, but I think that it makes sense that all privacy-centric browsers enable GPC as the default.

In addition to this, I believe that Firefox has enabled it by default in Private Browsing mode since version 120.

Arkenfox users can add these lines to their user-overrides.js file:

user_pref("privacy.globalprivacycontrol.enabled", true);
user_pref("privacy.globalprivacycontrol.pbmode.enabled", true);

Firefox users can toggle it on from the GUI or search about:config for privacy.globalprivacycontrol.enabled

Edit: Also, its not just California. Colorado and Connecticut also currently have laws with respect to the GPC (src 1, src 2) and many more states have passed privacy laws that are not yet in effect but will come into effect in 2024 and 2025. I’m sure at least some of those states have followed California’s lead with the GPC.

1 Like
3

I’ve already ran into several websites in my daily browsing where GPC has been respected. I agree that it’s worth enabling, and would support its recommendation.

7 Likes
4

i don’t agree that browsers (especially more mainstream ones like firefox) should enable gpc by default. cause it’s not really the user explicitly making the decision and therefore might not be as legally binding. also it would just get to a point like DNT where it’s just ignored because every user has it on anyways

3 Likes
5

I can’t find a specific source, but I want to say I read somewhere that this was Mozilla’s exact reasoning for not enabling it by default.

2 Likes
6

Coincidentally, that is something I was thinking about more last night. I see the logic of that approach, I’m not sure I’d go so far as saying it changed my mind (yet) on enabling GPC by default, but I do see the logic (both practically and philosophically) I believe that in the case of Firefox they place a lot of emphasis on user choice, that is a big part of Mozilla’s philosophy.

When I said “browsers” I didn’t specify but in my mind I was thinking of Privacy-maximizing browsers (TBB, MB, LW, AF, maybe Brave or Firefox), not necessarily mainstream browsers.

One persuasive-to-me counterargument to your perspective is that there is currently no neutral. Browsers have a default. Why is it any more right for a browser to assume you WANT your personal data to be sold/shared by default than it is to assume you don’t want to that? In either case, the browser makes an assumption until you explicitly choose otherwise. And there is precedent for assuming users don’t want to have their data sold/shared until they explicitly consent to it, in the EU this is the default as far as I understand.

edit: also the thought process that leads me to desire enabling it as a default (apart from just a philosophical belief that all people deserve privacy, and our data should not be sold/shared without explicit consent) is concern about it being a more fingerprintable metric if only a few users use it. It is only a binary, so it doesn’t seem than important of a concern, but these things add up.

For more mainstream browsers like Firefox, I can see two middleground approaches, that better reflect true user choice:

  1. Make no default choice, present users with a choice during initial install.
  2. Or, enable GPC when a user enables a more private ‘mode’ (Firefox already does this when you enable Private Browsing mode), but I think it should also be enabled when a user chooses ETP strict mode ("enhanced tracking protection). Manually enabling either mode does clearly indicate a users preference for privacy. And this approach is inline with wht Firefox does with some other preferences

also it would just get to a point like DNT where it’s just ignored because every user has it on anyways

I’m not sure I agree. But it is worth considering.

DNT and GPC are not the same. Not respecting a DNT has zero consequences because it is just a request with no legal teeth or technical enforcement. In contrast GPC (in some legal jurisdictions, like California and Colorado) is legally enforceable, and the California DOJ has already penalized companies for violating it. I suppose that–because the California law is weaker than the GDPR–enabling the pref by default could potentially open the door to companies arguing it is not a true user preference.

1 Like
7

I’ve heard (hearsay) to this effect as well. I don’t know if that is true, but it is believable, its inline with their philosophy, and inline with their approach towards adblocking (fiercely fighting for users’ right to use content blockers, and working hard to protect the effectiveness of content blocking, recommending and promoting content blocking extensions, but not going so far as to enable adblocking by default.

1 Like
8

just saw that there is a faq on this from the official website: Frequently Asked Questions | Global Privacy Control

The GPC preference expression should accurately reflect the users’ privacy preferences. The threshold for obtaining user consent differs between jurisdictions. GPC strives to honor those differences while still providing users with choice about how businesses use their data. In some jurisdictions, the presence of GPC in a user’s browser may constitute an adequate signal to not sell their data, while regulations in another jurisdiction may require the user’s explicit consent in order to send a GPC signal.

What constitutes a deliberate choice may differ between regional regulations. For example, regulations in one jurisdiction may consider the use of a privacy-focused browser to imply a GPC preference, such as under the CCPA Final Statement of Reasons - Appendix E #73 (“The consumer exercises their choice by affirmatively choosing the privacy control […] including when utilizing privacy-by-design products or services”), while regulations in another jurisdiction may require explicit consent from the user to send a GPC signal.

it’s not very conclusive though

1 Like
9

At least in the case of the CCPA/CPRA (California’s law) that sounds mostly unambiguous. The only part that seems ambiguous is what does or does not qualify as a “Privacy-by-design product.”

It may be that this is well defined or it may be that what does and doesn’t qualify as Privacy-by-design will need to be argued over and ironed out in the courts and only become clear and established once that happens.

IANAL but, it seems it wouldn’t be too difficult for a prosecutor to make the case Firefox qualifies. If you look at how Firefox characterizes itself on the main landing page, you’ll see they specifically mention or allude to “privacy by default” or “automatically block trackers” throughout their pitch.

10

Maybe they could enable it by default in California but doesn’t mean they should everywhere. It’s a case by case thing I think. Or they could as you say, just prompt the user on the landing page.

11

How do they know you are in California? IP? VPNs would cause both false negatives and positives.

Also, the CCPA only applies to California residents. Being in California does not make you a resident.

A consent prompt seems like the only way to go.

1 Like
12

FYI, some places the GPC is currently being discussed or has been proposed:

  1. Relevant Firefox Bugzilla topic: 1848951 [Meta] Global Privacy Control
  2. Relevant Mullvad Browser feature request: issue #237 (Consider Enabling GPC by default)
  3. Relevant Arkenfox discussions on the topic #1542 (old) and #1818 (new)
  4. Mozilla Connect Firefox proposal (currently awaiting moderation/approval, but hopefully the link is live soon): When a user enables ETP Strict mode, GPC (“Global Privacy Control”) should be automatically enabled
  5. Brave’s blogpost on their decision to enable GPC.
2 Likes
13

What about DNT ?

14

Is there any harm in having it enabled other than the bit of information for fingerprinting? Would the benefits outweigh the risk? I enabled it on the browser I use to login with and noticed it’s about 50/50 for those who honor it and those who don’t. I also noticed Graphene enables it by default on Vanadium and they’re pretty strict with those enabled/disabled settings.

15

DNT as it stands is a misnomer. AFAIK no sites reduce their data collection/sale based on it. Some sites reduce the personalization of their content based on it. So your youtube/etc feed will be less laser focused on your interests. In practice, DNT amounts to requesting sites kindly pretend not to track you.

GPC, being backed by regulation in certain jurisdictions, requires websites respond to its signal with legally defined action in those jurisdictions. Applicable websites caught failing to do will get sued and perhaps face punishment/penalties.

3 Likes
16

[EDIT: Misunderstanding on my part]

Original Comment

Apart from this ^ I haven’t come across any fact based arguments against GPC. Its valid to consider fingerprintability, but most users use browsers that are easily fingerprinted already, and the more users (or better yet, browsers) that enable GPC, the less useful the metric becomes for fingerprinting (and its not that useful of a metric to begin with, since it is just a binary similar to light/dark mode)

I also noticed Graphene enables it by default on Vanadium and they’re pretty strict with those enabled/disabled settings.

That’s good to hear. Can I ask where you read that or learned that?

1 Like
17

That’s good to hear! Can I ask where you read that or learned that? (or maybe this is just something you observed personally)

I can’t find any mention of GPC in Vanadium’s documentation, and it isn’t present under Vanadium’s patches, so I think they just mean DNT, which Vanadium does enable by default.

1 Like
18

Ahh, I see now that I may have misinterpreted that comment as being about GPC when it may have been intended as a reply to @Encounter5729’s question about DNT.

19

Sorry for the confusion everyone! I did mean DNT when mentioning Vanadium.

20

Fore Librewolf users, I’ve also proposed enabling GPC by default over on Librewolf’s git page (#1840). Consider giving it a thumbs up or commenting if you are supportive.