<!--
- Copyright 2016 Soren Stoutner <soren@stoutner.com>.
+ Copyright © 2016-2022 Soren Stoutner <soren@stoutner.com>.
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+ This file is part of Privacy Browser Android <https://www.stoutner.com/privacy-browser-android>.
- Privacy Browser is free software: you can redistribute it and/or modify
+ Privacy Browser Android is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
- Privacy Browser is distributed in the hope that it will be useful,
+ Privacy Browser Android is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+ along with Privacy Browser Android. If not, see <http://www.gnu.org/licenses/>. -->
<html>
-<head>
-<style>
- h3 {
- color: 0D4781;
- }
+ <head>
+ <meta charset="UTF-8">
- img.center {
- display: block;
- margin-left: auto;
- margin-right: auto;
- }
-</style>
-</head>
+ <link rel="stylesheet" href="../css/theme.css">
-<body>
-<h3>Do Not Track</h3>
+ <!-- Setting the color scheme instructs the WebView to respect `prefers-color-scheme` @media CSS. -->
+ <meta name="color-scheme" content="light dark">
+ </head>
-<p>A few years ago the W3C (World Wide Web Consortium) created a mechanism for browsers to inform web servers that they would not like to be tracked.
- This is accomplished by including a <a href="https://en.wikipedia.org/wiki/Do_Not_Track">DNT (Do Not Track) header</a> with web requests.
- This header is enabled by default in Privacy Browser, although if desired it can be disabled in the settings.</p>
+ <body>
+ <h3><svg class="header"><use href="../shared_images/location_off.svg#icon"/></svg> Do Not Track</h3>
-<p>The DNT header doesn't really provide much privacy because most web servers ignore it. Yahoo programmed their servers to ignore the DNT header
- from Internet Explorer 10 when it was turned on by default because they argued that the user had not made the decision to enable DNT.
- Google and Microsoft ignore DNT even though they include a DNT feature in the browsers they distribute. Facebook also ignores DNT.</p>
+ <p>A few years ago the W3C (World Wide Web Consortium) created a mechanism for browsers to inform web servers that they would not like to be tracked.
+ This is accomplished by including a <a href="https://en.wikipedia.org/wiki/Do_Not_Track">DNT (Do Not Track) header</a> with web requests.</p>
+ <p>The DNT header doesn't really provide any privacy because most web servers ignore it. For example, Yahoo, Google, Microsoft, and Facebook all ignore at least some DNT headers.
+ Beginning with version 3.8, Privacy Browser no longer has the option to send a DNT header.</p>
-<h3>Advertisements</h3>
-<p>Privacy Browser Free includes a banner advertisement across the bottom of the screen that is populated by Google's
- AdMob network. By default, Google provides the <a href="https://support.google.com/googleplay/android-developer/answer/6048248?hl=en">advertising ID</a>
- of the device to the ads displayed through this network. This allows advertising companies to build a profile of
- the device that show which apps are installed (that display ads), how often they are used, and which ads the user is interested in.</p>
+ <h3><svg class="header"><use href="../shared_images/link_off.svg#icon"/></svg> URL Modification</h3>
-<p>Users can choose to disable the advertising ID in <strong>Settings</strong>, <strong>Google</strong>, <strong>Ads</strong>.</p>
+ <p>Privacy Browser removes tracking IDs and AMP (<a href="https://en.wikipedia.org/wiki/Accelerated_Mobile_Pages">Accelerated Mobile Pages</a>) redirects from URL queries.
+ There is a blog post that is updated with the <a href="https://www.stoutner.com/url-modification/">current list</a> of modifications.
+ URL modification can be turned off in the settings if it is causing issues.</p>
-<img class="center" src="images/advertising_id.png" height="640" width="360">
-<p>The purpose of the free version of Privacy Browser is to allow people to test the features of the app. The standard version can be purchased
- on the major app stores or downloaded for free from
- <a href="https://f-droid.org/repository/browse/?fdfilter=privacy+browser&fdid=com.stoutner.privacybrowser.standard">F-Droid</a>.</p>
+ <h3><svg class="header"><use href="../shared_images/disabled_by_default.svg#icon"/></svg> X-Requested-With Header</h3>
-
-<h3>Verizon Tracking Headers</h3>
-
-<p>Verizon, one of the major mobile carriers in the United States, adds a unique tracking header to all HTTP traffic on their network. The Electronic Frontier
- Foundation has written about the <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">privacy implications of this practice</a>. Due to public pressure
- Verizon has created a way to <a href="http://www.clark.com/how-opt-out-verizons-super-cookie-tracking">opt out of this tracking</a>.</p>
-</body>
+ <p>Google programmed Android’s WebView to send an X-Requested-With header with every request.
+ The value of the X-Requested-With header is set to the application ID, which in the case of Privacy Browser is <code>com.stoutner.privacybrowser.standard</code>.
+ Currently, it isn't possible to remove this header, but the value can be changed. By default, Privacy Browser sends a null (empty) value for the X-Requested-With header.
+ Even though the spec allows for null header values, some web servers don't like them, so Privacy Browser has the option to revert to the default behavior of sending the app ID.
+ Because this setting is cached when a URL is first loaded, and isn't changed when reloading a page or navigating history,
+ changes to this setting may not be applied until Privacy Browser is restarted.
+ There is a <a href="https://www.stoutner.com/the-x-requested-with-header/">blog post</a> with additional information.
+ The X-Requested-With header will be <a href="https://redmine.stoutner.com/issues/37">completely removed</a> in the 4.x series with the release of Privacy WebView.</p>
+ </body>
</html>
\ No newline at end of file
projects / PrivacyBrowserAndroid.git / blobdiff