• LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    18 days ago

    I think the article made a typo that claims GPC is the same as DNT.

    When you enable the feature, the GPC sends a signal… This signal is sent via a special HTTP header called DNT: 1 (Do Not Track)

    But the GPC spec does say it sends a new signal: Another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.

    A user agent MUST generate a Sec-GPC header

    So if it generates a header, it can still be used for fingerprinting, but this header is actually less restrictive for what the receiver must do.

    DNT was “do not track,” and GPC is "do not sell:

    GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).