Until today I had not heard of Do Not Track headers, referred to as DNT. I found out about it via news of Yahoo dropping support for it. After searching google I learnt that DNT is a HTTP header that can be turned on by users to tell websites not to track them. Once set it includes a DNT header with each HTTP request. If the user has said they do not want to be tracked it sets the headers value to 1. If they don't mind if they are tracked it sets it to 0 and if no option has been selected it sends it as null and does not send it with the request. Slight problem though because it is not a legal requirement for websites to honour the DNT requests. Much like the Apaches robots file they can simply ignore it and continue to track you if they choose :P
http://en.wikipedia.org/wiki/Do_Not_Track
After learning this I checked chromes settings, found the option and turned it on. In chrome it is located under: Settings, advanced settings, privacy.
After enabling it I configured chrome to go through burp suite so I could trap the request and see it for myself. Sure enough there was the DNT header set to 1.
Because sites can simply ignore the DNT flag an addon for Firefox and Chrome is being created called "Privacy Badger" and has been released in alpha. Privacy badger checks visited websites for any possible tracking cookies and blocks them. It can be found at:
https://www.eff.org/privacybadger
No comments:
Post a Comment