the idea of “do not track” is quite comical.
It assumes the other party to honour the request. It is as good as telling thieves not to open your door because you put up a “do not open”.
The “Do not track” signal also became an additional attribute used for fingerprinting users.
Nah, the idea was sound. When Do Not Track was introduced, most jurisdictions had privacy laws which required users to opt-out. Sending this DNT header could have been an indication of users not wanting to be tracked and therefore would have served as legally binding opt-out.
It was Microsoft that killed it, by having Internet Explorer send the DNT header by default. When it’s sent by default, without users actively choosing to activate it, then it cannot serve as a legally binding opt-out anymore.
isn’t DNT enforced in the EU only? That is hardly “most” jurisdictions
Source: trust me bro
After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
For HTTP:
A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.
For JavaScript:
The globalPrivacyControl property is available on the navigator object
There’s no harm in removing DNT if GPC replaces it, but to me GPC just looks like DNT 2.0
If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting. This option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.
More info on this: https://globalprivacycontrol.org/