Prefer: Censorship

Published: ← 2014-08-25 →
Category: ← Code →
Tags: ← Firefox Mozilla censorship

In the Mozilla blog post Prefer: safe, I read:

Mozilla believes users have the right to shape the Internet and their own experiences on it. However, there are instances when people seek to shape not only their own experiences, but also those of young users and family members whose needs related to trust and safety may differ. ... We’re pleased to announce a smart feature in Firefox for just this type of user called Prefer:Safe, designed to simplify and strengthen the online trust and safety model.

I thought this was encouraging. The “Prefer: safe” was clearly a browser header, and this description sounded like it would indicate to the site the browser wanted increased privacy and security controls, or at least better defaults. I thought it unlikely that a lot of sites would honor it, but maybe it would improve things.

At the bottom of the post, I clicked to read the draft for the standard. I was completely wrong.

“Prefer: safe” is not a security header, it is a censorship header. The draft flatly begins its explanation:

When present in a request, the “safe” preference indicates that the content which is not objectionable is preferred, according to the server’s definition of the concept.

There is nothing in the specification about “trust and safety”, or privacy, or security. Mozilla is purely adding censorship support to Firefox.

I have decided to support the use of the “Prefer: safe” header on this blog. If you visit any page with the censorship header, you receive a page reading only:

Your request included the “Prefer: safe” header requesting that “objectionable” material be censored. Accordingly, every page on this website has been completely censored. You are now “safe”.

If this header was set in your browser, you can disable it in the “Parental Control” control panel of your operating system. If it was set by the network you were connected to, you must install a censorship-resistant web browser like Tor.

Whoever turned the header on thinks they know better than you what you should learn. You can never trust them.

(You can test this with the command curl -H "Prefer: safe" push.cx )

If you’d like your browser to support Mozilla’s new censorship header, just add this file to your website and this text to your .htaccess file:

` # censor people using censorship header RewriteCond %{HTTP:Prefer} ^safe$ [NC] RewriteCond %{REQUEST_URI} !^/prefer-censored.html$ RewriteRule .* /prefer-censored.html [L] `{lang=”apache”}

And in the meantime: what the fuck, Mozilla?