Privacy/TPWG/TPE Implementation Report

From W3C Wiki
< Privacy‎ | TPWG
Jump to: navigation, search

This page is to collect implementation experience for the Candidate Recommendation Tracking Preference Expression (DNT).

Please add implementation experience below. Ultimately, we'll try to collect this information into a tabular form to confirm interoperable implementations of each TPE feature.

Client-side DNT Implementations (Browsers only)
Browser Implements
General Preference doNotTrack Property Consent API Consent Expiry Non-WebWide Site Specific Cookie style domain Consent Confirm Revoke without Refresh
Microsoft IE Yes not on navigator Yes No No Yes No No
Microsoft Edge Yes not on navigator Yes Was working but now has confirmed bug currently being fixed
Google Chrome Yes Yes No Not Applicable
Chrome on iOS (WKWebView) No No No Not Applicable
Mozilla Firefox Yes Yes No Not Applicable
Safari on Windows Yes No No Not Applicable
Safari on OSX Yes Yes No Not Applicable
Safari on iOS Yes Yes No Not Applicable
Comodo Dragon Yes Yes No Not Applicable
Maxthon’s Cloud Browser Yes Yes No Not Applicable
Opera Yes Yes No Not Applicable
Brave Yes Yes No Not Applicable
Client-side DNT Implementations (Browsers extensions)
Browser extensions Implements
General Preference doNotTrack Property Consent API Consent Expiry Non-WebWide Site Specific Cookie style domain Consent Confirm Revoke without Refresh
Baycloud Bouncer/Chrome extension Yes Yes Yes Yes Yes Yes Yes Yes
Baycloud Bouncer/Firefox(49+) extension Yes Yes Yes Yes Yes Yes Yes Yes
PrivacyBadger/Chrome Yes Yes No Defaults to not blocking of third-parties if EFF DNT policy exists on site
PrivacyBadger/Firefox Yes Yes No Defaults to not blocking of third-parties if EFF DNT policy exists on site


Server-side DNT Implementations (Websites/third-party resources)
Url (1st party/3rd party) Implements
Tracking Response Header Tracking Status Resource Declares valid EFF policy Handles DNT Exceptions Otherwise respects DNT
https://baycloud.com (1p) Yes Yes Yes JS Consent API No UIDs unless logged in (uses DNT API if supported)
https://cookieq.com (3p) Yes Yes Yes JS Consent API No UIDs (enables containing site to use DNT Consent API if supported)
https://medium.com (1p) Yes Yes Yes OOBC (Tk:C) No tracking third-parties, including GA, when DNT set
https://natuurlijkehaarkleuring.nl/ (1p) No Yes No No Static Amazon S3 website, Cloudfront CDN, No Tracking, supports DNT TSR to allow for checking controller/processors and other representations in pre flight.
https://happytowels.nl/ (1p) Yes Yes No No Supports TSV 'TK: N' on Piwik analytics, supports DNT TSR to allow for checking controller/processors and other representations in pre flight.
https://twitter.com (1p/3p) No No No No No UIDs when logged out (other than GA)
https://nice.aeroport.fr (1p) No No No No Blocks GA if DNT:1, DNT:0 indicates consent
https://www.reddit.com (1p) No No No No "If Do Not Track enabled, we will not load any third-party analytics."
https://www.pinterest.com/ (3p) No No No No "we honor DNT as a signal for how you want us to use data we collect outside of Pinterest"
https://demo.piwik.org (3p) Yes (N) No No No UID cookie deleted when DNT:1
http://ad.aloodo.com (3p) Yes (by meta tag) No No No "Aloodo is a system to help a web developer detect if a user are protected from, or vulnerable to, third-party tracking", uses Tk: D to force blocking by extensions
https://www.webcookies.org (1p) No No Yes but invalid hash No When DNT set does not render tracking third-parties & stops analytics
https://www.healthcare.gov/ (1p) No No No No "If you have Do Not Track enabled in your browser, we’ll automatically observe your preferences related to digital advertising from HealthCare.gov."
http://www.nextinpact.com/blog/97497-pourquoi-next-inpact-a-decide-prendre-en-compte-signal-do-not-track.htm (1p) No No No No When DNT set does not render tracking third-parties & stops analytics
https://agencearcange.fr (1p) No No No No alert box on 1st visit with DNT:1 saying "we respect your choice"
https://duckduckgo.com (1p/3p) No No No No No tracking i.e. UIDs at all, search history not shared
https://adzerk.com (1p/3p) No No No No If DNT set prevents writing IP address in logs. Only sets frequency capping cookies.
http://trustx.org (1p/3p) No No No No "We also honor the Do Not Track (DNT) signal which can be turned on or off in your browser. When the DNT signal is on, we will treat your device as if you have opted out via the Ad Choices program. We have required advertisers and our third-party service providers to honor DNT signals in the same manner"
http://dove.com/de (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of several thousand Unilever Plc consumer brand sites also using the API when the user agent supports it.
http://www.domestos.co.uk (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of several thousand Unilever Plc consumer brand sites also using the API when the user agent supports it.
http://rexona.fr (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of several thousand Unilever Plc consumer brand sites also using the API when the user agent supports it.
http://www.marmite.co.uk (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of several thousand Unilever Plc consumer brand sites also using the API when the user agent supports it.
http://www.pronamel.hu/ (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of over a thousand GlaxoSmithKline Plc consumer brand sites using the API when the user agent supports it.
http://www.aquafresh.co.uk/ (1p) Yes No No Yes Uses DNT JS API to communicate user consent to embedded third-party sub-resources. This one of over a thousand GlaxoSmithKline Plc consumer brand sites using the API when the user agent supports it.

}