Because Microsoft made the dumb decision to turn it on by default in IE10, which instantly repelled every ad network that wanted to stay in business and destroyed any chance of it gaining a foothold.
The only reason ad networks were behind DNT in the first place was because they thought no one would use it and it would be a cheap way to divert attention away from legislation or technical solutions like adblockers. The moment there was any significant uptick in usage for any reason, there would have been a competitive motivation for the networks to abandon DNT.
On-by-default wasn't a problem because it was some kind of fundamental paradigm shift, it was a problem because it meant that the setting would actually be turned on for normal people.
If it were actually about Microsoft breaking a sacred contract or something, it would not have been difficult for ad networks to detect the IE10 agent string and apply browser-specific policies. But for the most part very few companies ever did, because if you're an ad network and you realize you can get away with ignoring privacy settings on one browser, why on earth wouldn't you do the same for every other browser?
DNT was doomed from the start specifically because it relied on advertisers voluntarily participating, and advertisers are never going to disrupt their own business model voluntarily.
> But for the most part very few companies ever did, because if you're an ad network and you realize you can get away with ignoring privacy settings on one browser, why on earth wouldn't you do the same for every other browser?
I see this as a reason to blame Microsoft.
While some point companies would have tried to abandon it anyway if it got popular, there would actually be some barriers to doing that if it was already established. It also would have been easier to add legal teeth after showing the system worked. The IE thing killed it in a fragile early state so we got nothing.
It's not that I disagree that a more robust, established standard would have been more resistant to this attack, I just don't think that you can build a robust, established standard without first getting people to use it. I disagree that there was ever any possibility, Microsoft or not, that this was ever going to turn into something with teeth.
To get to the point where DNT would reasonably be called a widespread standard, people would need to use it. And as soon as people started to use it, ad networks would come up with an excuse to ignore it. My feeling is that Microsoft just happened to be that excuse.
On a more optimistic note, I do think we got a few things out of DNT. We learned a valuable lesson about self-regulation -- so nowadays, Safari and Firefox aren't asking anyone's permission to block trackers and fingerprinting and they're doing it in ways that advertisers can't just decide to ignore.
DNT is valuable in the sense that it's what we can point to when advertisers complain that they don't have a seat at the table anymore.
Let's be real here - privacy by default is how it should be. It would behoove all of us to stop blaming the victims here, which are the people being gently squeezed for all the information possible. Having that header on by default was the sane and reasonable choice.
On or off by default, the header is useless. Including a tracking blocker without any "acceptable tracking" list would be sane. It would have been even more sane if iframes and third-party resources were never allowed by browsers, but that ship has sailed.
Not necessarily, but it still does grab a huge amount of data. Internet provider, device, session time, pages navigated during session and even ways to segment users across devices, using that data for testing or ad targeting. Not to mention I was able to unintentionally identify my neighbour browsing on one of my client’s sites using those metrics.
It definitely collects them, as in Google is receiving that information. And just because they don’t show it to you doesn’t mean it’s not used internally in some subtle, undetectable-from-the-outside way (given their bottom line is directly linked to how well they can stalk everyone online to serve them ads).
Whether this is true or not depends on two things:
1. Your definition of PII. PII is defined in legislation in some states/countries, whereas other terms are used elsewhere. Some definitions are very loose, whereas for example, the EU definition of a close/equivalent (simply referred to as "personal data") is extremely strict (some might say too strict). If we take the EU definition, GA definitely collects "personal data" as it is 100% required to provide dashboard data on "unique visits".
2. Even if you take a looser definition of PII, by which Google could potentially provide all GA dashboard features without collecting any PII, you are still giving Google direct access to PII, and explicitly sending them some PII in some situations. So in this case, you're relying on your trust of Google's internal company policies on not storing that data that they receive. Given their track record in compliance with the law on data collection, there is very little reason to trust them.
Yes. And perhaps I'm cynical in my old age but if I were Google, I would prefer that people used my extension so I could more easily line-up their browsing habits.
...recaptcha, adwords, youtube embeds, the Chrome permanent login and a dozen others?
Simple, they‘re being used to restore the main cookie. Stuff like this, just as the Chrome adblocker, are just a fig leave for plausible deniability. If you want reasonable protection, use Safari or Firefox with that Origin adblocker and the Multi-Container plugin against first-party tracking.
