Coffee Space


Listen:

Do Not Track

Preview Image

Preview Image

Introduction

This is a short blog about a "Do Not Track" implementation for this site, motivated after ready a Hacker News post about preventing site tracking [1]. One of the reasons I run this site on my own server is that I want full control over the content delivered, privacy being one of the things I value. Whilst NeoCities [2] and GitHub [3] may offer free hosting to some extent, I do remain concerned about their vested interest in offering these services.

One of the comments on the Hacker News comments [1] was the following:

 hellcow
 
 You could also put `if (navigator.doNotTrack === "1") { return }` at the
 top of your script.
 
 https://developer.mozilla.org/en-US/docs/Web/API/Navigator/d...

I checked out this resource [4] and it seemed like a good implementation - and it's nice to use javascript as an anti-tracking feature for once!

Support

So the support seems to be as follows [5]:

Platform Browser Version DNT?
Desktop  Chrome  23      yes
Desktop  Firefox 9.0     yes*
Desktop  IE      9       yes*
Desktop  Opera   12      yes
Desktop  Safari  5.1     yes*
Mobile   Android -       no
Mobile   Firefox 9.0     yes*
Mobile   IE      -       no*
Mobile   Opera   -       no
Mobile   Safari  -       no

Clearly this is a feature that will work on all browsers in the future, but we can do our best to support it for complying browsers now. We can at least try to protect those who keep their browser up to date - it's likely too late for those who don't...

There are of course edge cases:

Additional edge cases specific to Internet Explorer [6]:

There may be more, bit I'm losing the will to live by searching for them.

(Why, Microsoft? Why? Why...? Why do you do it? Why? Why get up?)

Implementation

The dnt.js file being used for this page can be found here. It's a simple implementation for now, that avoids having to make changes to server side content that is currently produced statically. All it does is replace iframes with external srcs and puts in place a hard link to the content.

The thinking is that those who are not running JavaScript will not be affected, those that are using browsers too old will not be affected and those using newer browsers have their privacy respected. In this way, we can consider this client-side code as fail-safe.

We load the script just after all of the elements in the page and simply run the JavaScript straight from there - no callback. This is when all the elements have been parsed, but their contents have not yet been loaded.

References

[1] Hacker News

[2] NeoCities

[3] GitHub

[4] Mozilla

[5] Mozilla

[6] TestDrive Archive