it’s useless
the idea of “do not track” is quite comical.
It assumes the other party to honour the request. It is as good as telling thieves not to open your door because you put up a “do not open”.
The “Do not track” signal also became an additional attribute used for fingerprinting users.
Nah, the idea was sound. When Do Not Track was introduced, most jurisdictions had privacy laws which required users to opt-out. Sending this DNT header could have been an indication of users not wanting to be tracked and therefore would have served as legally binding opt-out.
It was Microsoft that killed it, by having Internet Explorer send the DNT header by default. When it’s sent by default, without users actively choosing to activate it, then it cannot serve as a legally binding opt-out anymore.
Source: trust me bro
Where’s the lie?
isn’t DNT enforced in the EU only? That is hardly “most” jurisdictions
The GDPR kind of does the job that DNT could have done, if that’s what you’re thinking of…? Tracking generally needs to be opt-in for EU citizen, so you don’t need to send a cautionary opt-out signal anymore.
Admittedly, the “most jurisdictions” is me guessing, based on how I expect laws to work in most countries. As in, I expect most countries to have some law that says you can’t take someone’s data, if they don’t want you to take it. And then tracking is/was somewhat of a grey area, because companies argued that tracking is totally in the interest of users, like, who doesn’t want to see personalized ads? But yeah, if you then remove any doubt by sending them an opt-out, then it’s most definitely not a grey area anymore.
If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting. This option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.
More info on this: https://globalprivacycontrol.org/
After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
For HTTP:
A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.
For JavaScript:
The globalPrivacyControl property is available on the navigator object
GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
Emphasis mine