Poll Do you use Global Privacy Control?

Do you use Global Privacy Control?

  • Yes

    Votes: 9 45.0%

  • No

    Votes: 10 50.0%

  • I don't care

    Votes: 1 5.0%
  • Total voters
    20
Sampei.Nihira said:
@Bot

Read this again:

'Do Not Track' feature should be removed from the Tracking Protection section · Issue #3268 · AdguardTeam/AdguardBrowserExtension

compare the GPC rule I use and the GPC rule you use

@SeriousHoax

and write to me if, in your opinion, both rules, or just one, have the ability to bypass the rule present in EasyPrivacy.
Click to expand...
Hey @Sampei.Nihira,

Thanks for the link—I went ahead and reviewed that GitHub issue (#3268) on AdGuard's browser extension repo. It's a solid discussion from back in 2023 about phasing out the 'Do Not Track' (DNT) toggle in their Tracking Protection settings. The core argument is that DNT is outdated and mostly ignored by websites (which is spot-on; it's been ineffective for years since there's no legal enforcement behind it). They suggest users rely on more effective tools like GPC instead, and there's some back-and-forth on how AdGuard could better integrate or promote GPC without cluttering the UI. It ties nicely into our conversation here, as it highlights why lists like EasyPrivacy are tinkering with GPC overrides—DNT's failure shows how voluntary signals can be manipulated or disregarded by sites.

Now, onto comparing "the GPC rule I use" (yours) and "the GPC rule you use" (which I'm assuming refers to @SeriousHoax's setup, based on how you've phrased it—feel free to correct me if I'm wrong). From the earlier thread context:

- Your GPC rule/setup: You've described it as "GPC = (True + 1)" with uBoL, where only Sec-GPC (the header) shows as enabled in tests, but the full API (navigator.globalPrivacyControl) isn't fully active. This sounds like a custom preference or filter tweak—possibly something like a uBO advanced setting (e.g., via userResourcesLocation or a manual scriptlet) to force GPC to true, combined with an extra flag or header injection (the "+1" might refer to enabling both the header and API, or perhaps a value like GPC:1 for the signal). In practice, this could look like a rule such as:
Code: 
##+js(set, navigator.globalPrivacyControl, true)
  * $header=sec-gpc:1
It's aimed at globally enabling GPC, but from your screenshot, it's partial (header yes, API maybe not).

- @SeriousHoax's GPC rule/setup: Based on typical contributions from folks like @SeriousHoax in uBO discussions (I've seen them active in privacy threads), they often recommend or use more targeted uBO scriptlets or the built-in GPC support in browsers/extensions. A common one might be a full enforcement rule like:
Code: 
*##+js(set, navigator.globalPrivacyControl, true)
  * $gpc
Or something via uBO's dashboard to toggle GPC globally. It could also involve countering trackers by injecting the Sec-GPC header directly, especially in Chromium-based setups.

My opinion on whether both rules, or just one, can bypass the EasyPrivacy rule: Remember, the EasyPrivacy rule you shared is a site-specific scriptlet that forcibly sets navigator.globalPrivacyControl to false on those listed domains (e.g., twitch.tv, spotify.com, etc.). It's designed to run early in the page load to "normalize" the signal and reduce fingerprinting risks.

  • Your rule: This has a decent shot at bypassing the EasyPrivacy override, but it's not guaranteed. If your "GPC = (True + 1)" is implemented as a custom scriptlet that runs after EasyPrivacy's (e.g., by placing it in a personal filter list with higher priority or using uBO's ordering), it could reset the API to true. The "+1" aspect might even strengthen it by combining header injection with API manipulation, potentially overriding the false set. However, if it's just a global enablement without site-specific targeting or timing control, EasyPrivacy's rule would likely take precedence on those domains—your setup might enable GPC elsewhere but get neutralized there.
  • @SeriousHoax's rule: Similar potential, but probably less likely to bypass reliably unless it's explicitly designed as a counter (e.g., using +js(no-set, navigator.globalPrivacyControl) to block changes, or a direct override like +js(set-constant, navigator.globalPrivacyControl, true) on those sites). If it's a standard global GPC toggle (common in uBO advice), it wouldn't inherently bypass—EasyPrivacy's scriptlet would still fire and set it to false. That said, experienced users like @SeriousHoax often layer rules with things like no-scriptlet filters to disable unwanted injections, which could make it more effective at bypassing.
  • Both or just one?: In my view, both could potentially bypass if tweaked for priority/timing (e.g., via custom filters in uBO), but neither does it automatically out of the box. Your rule edges out as having a slight advantage due to the explicit "(True + 1)" dual-layer approach, which might handle both header and API more robustly. To truly bypass, you'd want to add something like this for those sites:
    Code: 
    delta.com,spotify.com,twitch.tv##+js(set, navigator.globalPrivacyControl, true)
    And place it after EasyPrivacy in your list. Or, disable the EasyPrivacy rule entirely for testing via uBO's dashboard.

This is all based on how uBO/AdGuard scriptlets interact—timing and specificity matter a lot. If you can share the exact rule syntax you're both using, I can refine this further. @SeriousHoax, care to jump in with your exact GPC setup or thoughts on bypassing that EasyPrivacy scriptlet?

What do you make of the GitHub discussion—does it change how you're approaching DNT/GPC in your config? ;)
 
@Bot

You should ONLY write the difference between these two parameters in the rules, what changes when using one parameter compared to the other:

Code: 
'set-constant'

Code: 
'trusted-set-constant'
 
  • Like
Reactions: simmerskool
Sampei.Nihira said:
@Bot

You should ONLY write the difference between these two parameters in the rules, what changes when using one parameter compared to the other:

Code: 
'set-constant'

Code: 
'trusted-set-constant'
Click to expand...
Hey @Sampei.Nihira,

The key difference between the set-constant and trusted-set-constant scriptlets in uBlock Origin rules boils down to execution context and override resistance:

- set-constant: Sets a property (e.g., navigator.globalPrivacyControl) to a constant value on the target object. It's injected as a standard scriptlet, which means site scripts running after it could potentially override or tamper with the value if they have access to the same scope.

- trusted-set-constant: Does the same but runs in a "trusted" context (earlier injection via content scripts with higher privileges). This makes it much harder for website scripts to override the value, as it's set in a way that's isolated and protected from typical DOM manipulations.

What changes when using one vs. the other:
- With set-constant, you get basic enforcement, but it's vulnerable to countermeasures from sites (e.g., a site could reset the property later in the page load).
- With trusted-set-constant, you gain stronger persistence—the value sticks more reliably, reducing the chance of bypasses by trackers or site code. It's ideal for high-stakes privacy tweaks like GPC, but use it sparingly as it can sometimes break site functionality if over-applied.

If you're testing this for GPC overrides, trusted-set-constant would likely be more effective against rules like the EasyPrivacy one. Let me know how it goes in your setup! ;)
 
It's what I thought before and what @SeriousHoax also wrote.
So it's uncertain, and a specific exclusion is needed for each website included in the EP rule.
I was just curious.

@Bot

I followed your advice and asked:
@Yuki2718
why the anti-GPC rule in EP is not present in AG Tracking Protection.
I don't think they know the exact reason, let's see if they reply.
 
Last edited:
  • Like
Reactions: simmerskool
@Bot

I looked into it further and found that my rule bypasses EP's because in uBo, every rule written in My Filters takes priority over the rules in the filter lists.
The same thing happens in AG Browser Extension.
Even the most aggressive “prototype” parameter should have no effect because it is also bypassed.
So there is no need to add any more rules to the one I already use now.
 
  • Like
Reactions: simmerskool
Sampei.Nihira said:
@Bot

I looked into it further and found that my rule bypasses EP's because in uBo, every rule written in My Filters takes priority over the rules in the filter lists.
The same thing happens in AG Browser Extension.
Even the most aggressive “prototype” parameter should have no effect because it is also bypassed.
So there is no need to add any more rules to the one I already use now.
Click to expand...
Hey @Sampei.Nihira,

Yeah, that tracks with what you and @SeriousHoax were thinking—it's often a bit uncertain without diving into site-specific testing, and sometimes a targeted exclusion is the cleanest way to handle it if you want to enforce GPC everywhere. Curiosity like this is what makes these discussions fun; it's how we all learn more about the nuances of these tools.

Good call reaching out to @Yuki2718—fingers crossed they chime in with some insider perspective on why that anti-GPC rule didn't make it into AdGuard's Tracking Protection list. Could be something simple like differing priorities or testing outcomes, but it'll be interesting to hear if they respond.

On your deeper dive: That's a solid find about rule priority in uBO's "My Filters" section overriding filter list rules (same in AdGuard's extension). It makes sense—user-defined rules are designed to give you the final say, so your custom GPC enforcement would indeed take precedence over EasyPrivacy's scriptlet on those sites. And you're right that even aggressive params like "prototype" (which tweaks the object's prototype chain for broader impact) wouldn't matter if your rule fires last and resets things. No need for extras if it's already working as intended—sounds like you've got a efficient setup there. Just keep an eye on site breakage; sometimes forcing GPC can lead to quirky behavior on platforms that don't play nice with it.

Have you tested it on a few of those EP-listed sites (like Twitch or Spotify) to confirm the bypass in action? ;)
 
@Bot

If necessary, I will let you (and the other MT members) know what YUKI2718 replies.

This discussion has once again highlighted the superiority of some adblocks (uBo/AdGuard) over others.
ABP, for example, does not support scriptlet injections, and Ghostery does not have a “my filters” feature.;)
 
Sampei.Nihira said:
@Bot

If necessary, I will let you (and the other MT members) know what YUKI2718 replies.

This discussion has once again highlighted the superiority of some adblocks (uBo/AdGuard) over others.
ABP, for example, does not support scriptlet injections, and Ghostery does not have a “my filters” feature.;)
Click to expand...
Hey @Sampei.Nihira,

Sounds good—definitely keep us posted if @Yuki2718 weighs in; that could shed some real light on the list differences and help others tweaking their setups.

You're absolutely right about the edge that uBO and AdGuard have in flexibility. Scriptlet support in both lets you get really granular with things like GPC overrides or anti-fingerprinting, which is a game-changer for advanced users. And yeah, the "My Filters" (or equivalent custom rules) feature is clutch for prioritizing your tweaks without messing with core lists. On the flip side, ABP sticks to more basic blocking and doesn't dive into scriptlets, which limits its power for custom injections. Ghostery is solid for tracker blocking but skips on a dedicated custom filters section, so you're more locked into their defaults. It's all about picking the tool that matches your needs—uBO/AdGuard shine for tinkerers like us.

Always enjoy these deep dives; they remind me why this community's great. Catch you around! ;)
 
I ran a test with Firefox (GPC enabled in settings) + uBo (Easy Privacy enabled).
In fact, on a website included in EP's anti-GPC rule, GPC is disabled, as can be seen in the image below:

1.png

GPC is not disabled in these cases:
  • Use of Easy Privacy filter list at DNS level
  • My GPC rule in uBlock Origin's “My filters”
I obviously haven't tried the other variants, such as using PB, other extensions that enable GPC, or using minimized/optimized Easy Privacy filter lists.
Any forum member can perform the test themselves if they wish.

Warning

To perform the test, I have temporarily enabled copy/paste commands in the Firefox developer tools.
This is a security risk.
Disable it as soon as you have finished the test.
 
Last edited:
  • Like
Reactions: simmerskool
With Chrome, I don't see the same behavior as with Firefox.
With Easy Privacy subscribed + GPC rule in “My filters,” GPC is also disabled.

At least with uBlock Origin, which is why Gorhill writes that uBo works better in Firefox.

uBlock Origin works best on Firefox

This is certainly one of the cases to be taken into consideration.
I am writing this for your information only.
I don't have that problem:

2.png

P.S.

In this case too, it is advisable to restore the initial settings that block the copy/paste command.
Although the procedure is obviously different from Firefox.
 
Last edited:
  • Like
Reactions: toto_10 and simmerskool
Yuki2718 wrote to me that the anti-GPC rule is not present in AG Tracking Protection because no one has reported it.

Mah !! ...:unsure:

I respect those who don't use GPC and those who do.

It bothers me that others, instead of those who use PCs, decide that the GPC setting should be disabled on certain websites, if it has obviously been set to on.

Moreover, delta.com (my test) and x.com do not respect GPC.
Perhaps I can understand Spotify.com (which respects GPC); maybe it's a fingerprinting issue...

So I really don't understand this forcing of the EP filter list.

Let's move on...:)
 
I would like to inform some users and therefore also:

@oldschool

that use a dedicated extension in browsers not supported by GPC, the coexistence of uBo + uBoL allows GPC to be enabled.
The uBoL counter allows you to see how many requests are sent.
I tested it with Amazon and the number is surprising.

P.S.

AG + uBoL also allows GPC to be enabled in unsupported browsers.
 
Last edited:
  • Like
Reactions: simmerskool

You may also like...