I would like to raise two somewhat related reasons for keeping Do Not Track which I have not yet seen discussed.
Reason 1: The analytics industry has made it easy for webmasters to make an explicit choice.
More than 15 analytics tools support the ability to obey Do Not Track signals as a setting for webmasters. Instead of leaving it up to webmasters to code a solution, the analytics industry has stepped up and has made it easy for a webmaster to make an explicit choice. A webmaster can migrate from one analytics tool to another tool while still being able to easily apply the same choice.
Reason 2: A significant number of websites have added text in their privacy policies indicating an explicit choice regarding Do Not Track signals.
Privacy policies are difficult to read and interpret. There are not many standards for privacy policies, making them typically very hard to compare against each other.
If we put our creative minds to the task, we might see that Do Not Track offers us a solution by providing a reasonably consistent way to QUICKLY EVALUATE a company’s explicitly chosen practice by looking at only a small portion of a privacy policy.
We can either spend the time to open up a privacy policy and search for the Do Not Track section or we can perform a web search with the website’s name and the “Do Not Track” text.
It is not important whether we actually set the Do Not Track setting in our web browser! What is important is that the setting actually exists in our web browser as a potential choice. By keeping that setting available as a choice for users, some webmasters may continue to feel compelled to describe the explicit choice made for their websites, and we gain the ability to quickly understand the INTENTIONS of a given website. Do Not Track grants us the ability to be able to SAVE TIME by having a common way to evaluate multiple websites.
Here is a list of analytics services which offer a setting to enable or disable the obeying of Do Not Track signals.
https://experienceleague.adobe.com/en/docs/marketo/using/product-docs/web-personalization/getting-started/setting-web-personalization-to-do-not-track “In Web Personalization and Predictive Content, a marketer can set a toggle to indicate whether to support or ignore the browser’s Do Not Track (DNT) setting.” “When the toggle is set to On, Web Personalization will honor and support the browser’s Do Not Track (DNT) setting, and will not track any web activity or run any campaigns or content recommendations on your website.”
https://saschaeggi.medium.com/setup-matomo-analytics-with-drupal-and-respect-do-not-track-header-gdpr-compliant-d382b12e2740 “Matomo already provides you a setting to respect users with a ‘Do Not Track’ (DNT) header set.”
https://docs.simpleanalytics.com/dnt “By default the data will not include visitors with the Do Not Track enabled. To also record DNT visitors you can add data-collect-dnt=‘true’ to the script tag” “If you don’t add the data-collect-dnt attribute we will not record visits from users who have DNT enabled.”
https://developer.bitmovin.com/playback/docs/do-not-track-cookie-handling-in-analytics “By default Bitmovin Analytics will honor this user preference and ignore all incoming requests that have the DNT header set to 1.”
https://www.hotjar.com/policies/do-not-track/ “Before collecting your data, Hotjar always checks to see if you have enabled the ‘Do Not Track’ setting in your browser.”
https://wp-statistics.com/resources/do-not-track/ “The DNT-respecting functionality is active by default, aligning with our privacy-first philosophy.”
https://help.mouseflow.com/en/articles/4325367-the-privacy-settings “Honor Do-Not-Track” “This setting allows you to honor the Do-Not-Track (DNT) signal. When enabled, Mouseflow will listen for the signal and if it is found, prevent the user session from being recorded.”
https://jetpack.com/support/jetpack-stats/jetpack-stats-honor-do-not-track-dnt/ “As a site owner, you can force the Jetpack Stats feature to honor any visitors with DNT enabled and not track their activity”
https://wideangle.co/documentation/data-do-not-track-handling “Wide Angle Analytics proudly handles the Do Not Track irrespective of broader adoption. Doing so allows your visitors to indicate their Opt-Out of the tracking process.”
https://docs.metrical.xyz/privacy/what-we-track “Metrical will honour the Do not Track setting and we don’t send the visit when we find the do not track flag enabled.”
https://umami.is/docs/v1/tracker-configuration “You can configure Umami to respect the visitor’s Do Not Track setting.”
https://wpcrux.com/blog/how-to-make-google-analytics-respond-to-do-not “To make Google Analytics respond to ‘do not track,’ you can enable the ‘Respect Do Not Track’ option in the settings of your Google Analytics account.”
https://documentation.freshpaint.io/integrations/destinations/apps/mixpanel/mixpanel-reference “Ignore DNT” setting “When enabled, Mixpanel will track all events, regardless of if the browser has ‘Do Not Track’ enabled.”
https://websmithiananalytics.ca/help/dnt “Yes, we honor the Do Not Track (DNT) setting from browsers that support it.”
https://github.com/milesmcc/shynet “By default, Shynet will not collect any data from users who specify DNT.”
https://baseanalytics.io/do-not-track-dnt/ “We do honor the Do Not Track (DNT) setting from browsers which support this.”
the idea of “do not track” is quite comical.
It assumes the other party to honour the request. It is as good as telling thieves not to open your door because you put up a “do not open”.
The “Do not track” signal also became an additional attribute used for fingerprinting users.
Nah, the idea was sound. When Do Not Track was introduced, most jurisdictions had privacy laws which required users to opt-out. Sending this DNT header could have been an indication of users not wanting to be tracked and therefore would have served as legally binding opt-out.
It was Microsoft that killed it, by having Internet Explorer send the DNT header by default. When it’s sent by default, without users actively choosing to activate it, then it cannot serve as a legally binding opt-out anymore.
Source: trust me bro
Where’s the lie?
isn’t DNT enforced in the EU only? That is hardly “most” jurisdictions
The GDPR kind of does the job that DNT could have done, if that’s what you’re thinking of…? Tracking generally needs to be opt-in for EU citizen, so you don’t need to send a cautionary opt-out signal anymore.
Admittedly, the “most jurisdictions” is me guessing, based on how I expect laws to work in most countries. As in, I expect most countries to have some law that says you can’t take someone’s data, if they don’t want you to take it. And then tracking is/was somewhat of a grey area, because companies argued that tracking is totally in the interest of users, like, who doesn’t want to see personalized ads? But yeah, if you then remove any doubt by sending them an opt-out, then it’s most definitely not a grey area anymore.
If you wish to ask websites to respect your privacy, you can use the “Tell websites not to sell or share my data” setting. This option is built on top of the Global Privacy Control (GPC). GPC is respected by increasing numbers of sites and enforced with legislation in some regions.
More info on this: https://globalprivacycontrol.org/
After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.
For HTTP:
A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.
For JavaScript:
The globalPrivacyControl property is available on the navigator object
GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:
GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).
Emphasis mine
it’s useless
