Yeah, I still don't quite get the argument against do not track, and why its clear declaration of intent couldn't be made binding. I mean, you're effectively telling web sites "Do not track me", and they are responding with "Hi, we'd like to track you - please spend ten minutes working through our dark patterns if you're not OK with that".
Unfortunately, DNT is not a clear declaration of intent, because privacy evangelists view it as their moral duty to make that decision for everyone.
It's an inconvenient fact that - perhaps a decade ago - we had DNT, and advertisers were starting to respect it, but then browser makers decided to default it to on, making it pointless.
You're very close, but I think "browser makers" makes it sound like it was more than one. Microsoft Internet Explorer defaulted it to on. Every other browser was in agreement that it would only get advertising industry buy-in if it was defaulted to off.
I think Microsoft's default-on stance was likely intentional sabotage - Google operates a big ad network and would have to deal with a lot of the fall-out.
Why shouldn't the default be to not be tracked, and only start being tracked if you explicitly want to? Advertisers always frame this conflict as though it's absurd to expect them to just stay out of our lives, and anything that makes it easy or default to avoid them should be rejected as impossible.
The feasible choices are between (a) DNT, off by default, that the more responsible and regulated side of the ad industry respects or (b) DNT, on by default, that everyone ignores.
Which one is the greater good?
In other words, you're welcome to walk up to me, slap me in the face, and call me a son-of-a-bitch... but that's probably not a great start to a conversation that ends with "Would you please work with me on this?"
> In other words, you're welcome to walk up to me, slap me in the face, and call me a son-of-a-bitch... but that's probably not a great start to a conversation that ends with "Would you please work with me on this?"
Wow, that's quite some re-framing going on there, if you're casting yourself as the advertiser in that sentence. It's more like if you were regularly "borrowing" my car without permission. Do not track is a bit like the lock on the car, which obviously you can get around in 30 seconds flat. Everyone has a lock on their car, right, and it's installed by default, so by the advertisement industry's reasoning it isn't a true indication of whether I want you "borrowing" it. If you were regularly "borrowing" my car without permission, it'd be reasonable for me to walk up to you, slap you in the face, and call you a SOB, but I'd me more likely to just call the cops.
Data about me is owned by me, and other entities can process it only in strongly limited circumstances. That's the default position, by the standard of basic decency, and also in law. Stop making it sound like me demanding control over my own possessions is unreasonable.
Yes, that is what you want. But you know there are other people in the world? Who want different things? Some of which may be the opposite of what you want? And that therefore, in the interest of civilization, we find consensus between what everyone wants?
Not pointless. We know that most people are not okay with tracking (the opt out on iPhones are 90+%), so the right setting is to be one by default.
However while the ad industry might be okay with a few nerds opting out they weren't okay with most of the general public opting out and so they spread stories like the one you repeated.
To get to 90%+, Apple had to present their users with a forced choice. The majority of users might prefer not to be tracked if they're put on the spot and required to give an answer, but how many would actually go to the trouble of changing a default?
> Unfortunately, DNT is not a clear declaration of intent
Often it is. Firefox, Brave and Safari explicitly advertise themselves as privacy-friendly browsers.
That leaves non-savvy users who just use whatever defaults exists, but there is an even stronger argument to protect precisely those people - you can't consent to something you don't yet understand.
Tracking can leak extremely sensitive information, just like microphone, screen sharing and webcam permissions could. Protecting the user is a sane default in all of these cases. The fact that personal data has commercial value is secondary, just like it would be with webcam access.
Imo, the only meaningful difference between tracking and camera access is that fully-fledged tracking was an accidental side effect of third-party cookies, and before "we" understood the implications of that a trillion dollar industry was established. The reason we're apathetic to tracking is because it's abstract and novel, whereas snooping to your audio or video is easier to grok.
Servers have access to both the DNT header and the browser id. Advertisers could have argued that the DNT header sent by some browsers was not an informed decision and likely forced those browsers back to explicit opt-in/opt-out by users. But they did not. They used the first escape hatch they found to ignore the header completely, kicking the can further down the road. Of course they did, because every body knows how many people will opt-in to tracking without being bribed.
Defaulting to no tracking is the correct default for advertisers that are respecting GDPR. If someone wants to be tracked, they can opt in by turning it off.
They obviously wouldn't want to just comply with DNT (or any other easy way to opt-out) as they'd be signing their own death certificate.
Instead they exploited the apathy & incompetence of the regulators with their so-called "consent" flow. Considering the GDPR was supposed to be enforced since 2018 and they've made it to 2021 without any consequences I'd say that strategy paid off.
