A new addition to your browser?
By Guest Blogger, Chris Bonatti, IECA Cybersecurity Consultant, Casper, Wyoming
Save the date! September 23, “It’s About Identity!” A day of exploring online identity issues from a cybersecurity standpoint in the Blockchain Stampede at the University of Wyoming.
A new privacy enhancing feature may soon be available in your web browser. Known as Global Privacy Control (GPC), the new feature has a lot of similarity to the previous Do Not Track (DNT) header introduced in 2009. Support for the DNT header collapsed in 2018 due to inconsistent implementation, lack of a legal framework, vague specifications, lack of adoption, and even some abuse. Microsoft especially hurt DNT by turning it on by default in Internet Explorer 10 in 2012, causing many advertising companies to ignore DNT on the grounds that it was not an explicit choice of the user. Like DNT, the GPC header conveys a signal through HTTP and the Document Object Model (DOM) that reflects the user’s request to websites and services to not sell or share their personal information with third parties. The creators express the hope that this new header will meet the definition of “user-enabled global privacy controls” defined by the California Consumer Privacy Act (CCPA) and European General Data Protection Regulation (GDPR). If that’s the case, the new header would be automatically strengthened by existing laws, and companies would be required to honor it.
Mozilla has already incorporated GPC support into its Firefox browser. However, the feature is turned off by default. Firefox users can enable GPC by browsing to “about:config”, and then searching on “privacy.global”, which should yield two items. Double-click on each of these to flip them from “false” to “true” (which will also make them bold). There is also a site for testing GPC headers emitted by browsers (see ‘globalprivacycontrol. Org’). Chrome does not yet support GPC, but other Chromium-based browsers like Brave and DuckDuckGo do. Apple has said that Safari will support GPC, but so far does not. Many Chromecompatible add-ons, such as OptMeowt and Privacy Badger, can also incorporate GPC support. It’s too early to tell whether GPC will be more sucessful than DNT in terms of being honored by advertising companies. However, the advent of CCPA and GDPR make it more likely that they will take GPC seriously.
If you would like to know more about privacy threats and their potential ramifications, or would like help with privacy issues, please consider letting IECA help.
For the full IECA newsletter check out: https://www.ieca.com/newsletter/2206-IECA_Cyber_Bulletin.pdf