W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2011

Value returned by navigator.doNotTrack

From: Justin Lebar <jlebar@mozilla.com>
Date: Wed, 21 Dec 2011 14:00:51 -0500
Message-ID: <CAFWcpZ6hA095EFGWJNn=GkpzmA68QSw=wattvNS15NRgH=ybnA@mail.gmail.com>
To: public-privacy@w3.org, Sid Stamm <sid@mozilla.com>, Jonas Sicking <jonas@sicking.cc>
In Firefox, we implemented navigator.doNotTrack to return either

  "unspecified", if the user has not opted in to DNT, or
  "yes", if the user has opted in to DNT.

The proposed DNT spec has us return "1" if the user has opted in to
DNT and doesn't seem to specify what we should return otherwise.

I propose the spec be modified to explicitly state what UAs should
return if the user has not opted in to DNT, and to use unspecified/yes
instead of ??/1.

DNT is a tri-state, not a boolean.  The DNT http header may be 1, 0,
or not present.  0 indicates that the user has explicitly opted in to
tracking.  Although Firefox doesn't support this option at the moment,
we'd like to spec DNT in such a way as to allow users to explicitly
opt in to tracking.  We propose that navigator.doNotTrack == "no"
correspond to DNT: 0.

It's confusing that navigator.doNotTrack's value doesn't correspond to
the value of the HTTP header, but we did this because we wanted to
protect against buggy JS which assumes navigator.doNotTrack is a
boolean.  If we were to use navigator.doNotTrack == '' for users who
have neither oped in nor out of DNT, then sites could do |if
(navigator.doNotTrack) { // don't track me }|.  This would make it
difficult for us to introduce navigator.doNotTrack = "no" in the
future, because "no" resolves to the boolean |true|.

I've filed a webkit bug on this issue [1].

[1] https://bugs.webkit.org/show_bug.cgi?id=75008
Received on Wednesday, 21 December 2011 19:01:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 21 December 2011 19:01:43 GMT