The Do Not Track header was originally proposed in 2009 by researchers Christopher Soghoian and Sid Stamm.[2] Mozilla Firefox became the first browser to implement the feature.
I wonder how many web developers actually honour Do Not Track. I do, in all the websites I've made for my employer too, but I think I'm only getting away with it because my employer doesn't know. I've even made it so that browsing with Do-Not-Track enabled also skips the cookie consent banner and just assume the user wants no cookies other than the strictly necessary ones (like their session/login cookie), and doesn't include Google Analytics, instead just upping a single view counter on the page, with no PII in there.
A better option would be to just make tracking illegal, and heavily fine companies that are found to be doing it. And make it strict liability, so intent doesn't matter.
You're taking exactly the right approach in my book. Thank you!
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice.
Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off.
Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
There was a much more elaborate standard called P3P recommend by w3c in 2002. It apparently defined a description of how business can use personal data.
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...
shdon|1 year ago
kelnos|1 year ago
I can dream...
jeroenhd|1 year ago
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice. Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off. Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
killerstorm|1 year ago
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...