A community for Lemmy users interested in privacy
Rules:
the idea of "do not track" is quite comical.
It assumes the other party to honour the request. It is as good as telling thieves not to open your door because you put up a "do not open".
The "Do not track" signal also became an additional attribute used for fingerprinting users.
Nah, the idea was sound. When Do Not Track was introduced, most jurisdictions had privacy laws which required users to opt-out. Sending this DNT header could have been an indication of users not wanting to be tracked and therefore would have served as legally binding opt-out.
It was Microsoft that killed it, by having Internet Explorer send the DNT header by default. When it's sent by default, without users actively choosing to activate it, then it cannot serve as a legally binding opt-out anymore.
Source: trust me bro
If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting. This option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.
After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don't see why this couldn't be used for tracking too.
For HTTP:
A user agent MUST generate a Sec-GPC header... if... gpcAtNavigation is true.
For JavaScript:
The globalPrivacyControl property is available on the navigator object
GPC also looks like a watered down version of DNT. DNT was "do not track," and GPC is "do not sell:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
Emphasis mine