Libravatar (obsolete)

Honor the DNT request header

Bug #1487656 reported by François Marier on 2015-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Fix Released	Wishlist	François Marier

Bug Description

When users send us the DNT header, we should honor it by not logging their IP address anywhere. To disable logging in Apache, see https://we.riseup.net/debian/apache.

We could also expose a tracking policy in /.well-known/dnt and add the "Tk" response header.

See http://www.w3.org/TR/tracking-dnt/ for more info.

Revision history for this message

François Marier (fmarier) wrote on 2017-06-20:

As per bug 1394845, we now limit Apache logs on the main server to 10 days (EFF DNT policy) and have remove all logging of IP addresses on the mirrors (via libapache2-mod-removeip).

In addition, we now show a warning to users who don't have effective tracking protection installed (in Firefox, enable privacy.trackingprotection.enabled in about:config) thanks to https://www.aloodo.org/.

So we honor DNT whether or not users send the signal :)

The only third-party we use is also compliant with the EFF's DNT policy: https://ad.aloodo.com/

Changed in libravatar:
assignee:	nobody → François Marier (fmarier)
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.