Just curious, but it sounds like this is the ideal use case for Do Not Track. Do you all use that as a signal to not track/remove nonessential cookies?
Yes, we do treat that as a valid signal. But users still shouldn't use it today anyway, since it has no teeth and many companies will use it as part of a composite identifier. If Do Not Track had more regulatory teeth, I think it might have gone somewhere.
Global Privacy Control (GPC) is the modern alternative, and the mechanism by which California's privacy legislation / CCPA is largely handled from a technical perspective. Unfortunately it is not available by default in Chrome, but it is in eg Firefox / DuckDuckGo browser. Because it has legal teeth, it has more power to give you a tracking free experience even if a company had the technical capability to track you.
It can still help you even if you're not in California because geolocation is not perfect, but it does provide the ability to monetize ads that are tracking free. The threat of enforcement has to be real and continue to be demonstrated, though, or it won't last.
iCloud Private Relay also causes tracking companies a lot of real pain (sort of a mini-Tor where Apple and CloudFlare each have only half of your unlock key), but it's a technical bandaid with a variety of flaws that can break many legitimate things.
Ultimately each situation is one that requires judgement, which is why I think a legislative/judicial answer is the only one that ultimately holds up. GPC allows for a little more nuance than DNT. People care about the intent of respecting "Do Not Track." It some cases it may requirement a judgement about whether or not a company violated that request, not whether it was "technically impossible for the company to violate that request (we thought) but oh oops it was possible...I guess that just means we need to make it harder, the company doing the violating was okay because they worked within the bounds of what was technically possible."
A company that violates this privacy, especially when you've indicated that you do no consent, should have to face penalties. And because we expect some companies to go out of business for violating these rules, we should also make sure that their "data assets" aren't simply transferred to some new company in bankruptcy court when an adverse ruling comes down.
IggleSniggle|10 months ago
Global Privacy Control (GPC) is the modern alternative, and the mechanism by which California's privacy legislation / CCPA is largely handled from a technical perspective. Unfortunately it is not available by default in Chrome, but it is in eg Firefox / DuckDuckGo browser. Because it has legal teeth, it has more power to give you a tracking free experience even if a company had the technical capability to track you.
It can still help you even if you're not in California because geolocation is not perfect, but it does provide the ability to monetize ads that are tracking free. The threat of enforcement has to be real and continue to be demonstrated, though, or it won't last.
iCloud Private Relay also causes tracking companies a lot of real pain (sort of a mini-Tor where Apple and CloudFlare each have only half of your unlock key), but it's a technical bandaid with a variety of flaws that can break many legitimate things.
Ultimately each situation is one that requires judgement, which is why I think a legislative/judicial answer is the only one that ultimately holds up. GPC allows for a little more nuance than DNT. People care about the intent of respecting "Do Not Track." It some cases it may requirement a judgement about whether or not a company violated that request, not whether it was "technically impossible for the company to violate that request (we thought) but oh oops it was possible...I guess that just means we need to make it harder, the company doing the violating was okay because they worked within the bounds of what was technically possible."
A company that violates this privacy, especially when you've indicated that you do no consent, should have to face penalties. And because we expect some companies to go out of business for violating these rules, we should also make sure that their "data assets" aren't simply transferred to some new company in bankruptcy court when an adverse ruling comes down.