I think the article made a typo that claims GPC is the same as DNT.
When you enable the feature, the GPC sends a signal… This signal is sent via a special HTTP header called DNT: 1 (Do Not Track)
But the GPC spec does say it sends a new signal: Another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
A user agent MUST generate a Sec-GPC header
So if it generates a header, it can still be used for fingerprinting, but this header is actually less restrictive for what the receiver must do.
DNT was “do not track,” and GPC is "do not sell:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
I think the article made a typo that claims GPC is the same as DNT.
But the GPC spec does say it sends a new signal: Another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
So if it generates a header, it can still be used for fingerprinting, but this header is actually less restrictive for what the receiver must do.
DNT was “do not track,” and GPC is "do not sell: