Global Privacy Control Debuts

A new addition to your browser?

By Guest Blogger, Chris Bonatti, IECA Cybersecurity Consultant, Casper, Wyoming


Save the date! September 23, “It’s About Identity!” A day of exploring online identity issues from a cybersecurity standpoint in the Blockchain Stampede at the University of Wyoming.


A new privacy enhancing feature may soon be available in your web browser. Known as Global Privacy Control (GPC), the new feature has a lot of similarity to the previous Do Not Track (DNT) header introduced in 2009. Support for the DNT header collapsed in 2018 due to inconsistent implementation, lack of a legal framework, vague specifications, lack of adoption, and even some abuse. Microsoft especially hurt DNT by turning it on by default in Internet Explorer 10 in 2012, causing many advertising companies to ignore DNT on the grounds that it was not an explicit choice of the user. Like DNT, the GPC header conveys a signal through HTTP and the Document Object Model (DOM) that reflects the user’s request to websites and services to not sell or share their personal information with third parties. The creators express the hope that this new header will meet the definition of “user-enabled global privacy controls” defined by the California Consumer Privacy Act (CCPA) and European General Data Protection Regulation (GDPR). If that’s the case, the new header would be automatically strengthened by existing laws, and companies would be required to honor it.

The GPC specification also addressed some of the shortcomings of the DNT specification. GPC explicitly describes the conditions under which a GPC header must be honored, may be ignored, or even modified by an intermediary such as a domain web proxy. It is also crystal clear that the GPC header must not be enabled by default. Lack of specificity on these points definitely held back implementation of DNT. Application developers can access the GPC signal via the top-level JavaScript global value “globalPrivacy Control” (navigator.globalPrivacyControl in the DOM).

Mozilla has already incorporated GPC support into its Firefox browser. However, the feature is turned off by default. Firefox users can enable GPC by browsing to “about:config”, and then searching on “privacy.global”, which should yield two items. Double-click on each of these to flip them from “false” to “true” (which will also make them bold). There is also a site for testing GPC headers emitted by browsers (see ‘globalprivacycontrol. Org’). Chrome does not yet support GPC, but other Chromium-based browsers like Brave and DuckDuckGo do. Apple has said that Safari will support GPC, but so far does not. Many Chromecompatible add-ons, such as OptMeowt and Privacy Badger, can also incorporate GPC support. It’s too early to tell whether GPC will be more sucessful than DNT in terms of being honored by advertising companies. However, the advent of CCPA and GDPR make it more likely that they will take GPC seriously.

If you would like to know more about privacy threats and their potential ramifications, or would like help with privacy issues, please consider letting IECA help.

For the full IECA newsletter check out: https://www.ieca.com/newsletter/2206-IECA_Cyber_Bulletin.pdf

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: