I worked for an advertiser a while ago - they were totally respecting DNT header, _except_ on the browsers that had it on by default. The business argument was that "it's bogus/meaningless if the user didn't set it explicitly" - industry wanted that to be "opt-out-of-tracking" not "opt-in-to-tracking".

> they were totally respecting DNT header, _except_ on the browsers that had it on by default

This is a disingenuous argument for that company to make; it's totally reasonable for some browsers (particularly privacy-focused browsers) to have privacy respecting defaults. Microsoft didn't make the change because they wanted to hurt advertisers, they made the change because they had good reason to believe that's the default that the majority of their users wanted.

My take is that if consumers are informed enough that not opting out can be seen as as conscious consent to be tracked, then they're also informed enough that not opting in can be seen as conscious dissent to be tracked. We don't get to selectively decide that users are only stupid in one direction.

On a more cynical level, I've commented to the same effect elsewhere, but I do not believe advertisers when they say that browser defaults were the reason DNT failed. It failed because it was going to see adoption.

If it had remained off by default, but effective promotion campaigns and public education meant 90% of users went and turned it on anyway, advertisers would have come up with another excuse to stop respecting the header. Advertisers weren't ever interested in responsible user consent, they were interested in having some kind of meaningless gesture they could point to when other privacy-respecting solutions got proposed. As soon as that gesture had teeth and was being used by a significant number of people, then it was no longer serving its original purpose. The unspoken terms of the deal were, "most people won't have this header set."

Case in point, the iOS changes that Facebook is going crazy over aren't opt-in or opt-out. They force the user to make a choice, so it's exactly as easy to opt into tracking as it is to opt out of tracking. This seems like an extremely reasonable compromise -- there is no default behavior, the user gets to choose what they want. How can anyone complain about that?

And yet, Facebook is still mad, not because the new dialog is a dark pattern or because it's not capturing users' real preferences, but because Facebook knows that a substantial portion of their users are going to opt out.

> It failed because it was going to see adoption.

Absolutely, but "browser defaults" were an easy excuse. I was not really defending advertisers here; though I do believe they'd have had a harder time finding justifications if the feature actually had organic adoption. It was a failed and poorly-thought marketing gesture from Microsoft, that only backfired on the end-users.

> Microsoft didn't make the change because they wanted to hurt advertisers, they made the change because they had good reason to believe that's the default that the majority of their users wanted.

I strongly disagree here. Microsoft did not make the change out of the goodness of their hearts - not any more than advertisers ignored DNT because they were convinced "it's not the user's real option". This was all marketing speak/ internal&external justification for their actions.

There is something to be said about that tbh, the do-not-track option should be an option on first launch.

Then again, I'm sure very few people are like "Sure do track me pls". I know Microsoft tries to package and word it nicely in their Windows setup (then ignores it at a next update).

Tracking needs to spelled in dead simple terms for people.

Eg:

Are you okay with contractors at the following companies:

[list of 54,683 companies no one outside the industry has ever heard of, with addresses in 162 different countries]

Having access to:

-every item you've ever purchased at Amazon, eBay, footlocker, hot topic, CVS, [your local sex shop], best buy, target, wall Mart, etc. Including your prescriptions.

-every picture you've ever uploaded to the internet, including ones you've never shared publicly

-your current location and your location whenever you ever use the app, as accurate as a few inches

-every single file on your device

- all of you emails

-recordings of your phone calls, video chats, and messages

-...

Sure, tracking may not be at this level yet. But has anyone actually seen the God mode panels at Google, Amazon, Microsoft, and shared the hard details of what is there?

No. Privacy is generally considered a right. Opt-in/off-by-default is the correct position.

I'd be happy to compromise on a single question, asked once per device:

Would you like advertisers to be able to track you (Yes) (No)

Of course advertisers know full well people will press No, and that will harm their income.

Exactly, although I would never hit yes I think it is important to give customers the opportunity to make their own, educated choice.

That isn’t consistent with the difference in dependency on advertising that occurs from app to app. It could be, however, that the device-level prompt could set the default for future app-level prompts. (That sounds annoying in retrospect, but maybe the right way.)

Another consideration is your point that preventing ads will harm advertisers’ income. In some cases, hurting income is an acceptable loss, but in others where the service is sustained by advertising, less so.

Perhaps another compromise could be to allow apps that do not accept the tracking prompt to only access basic functionality, with an explanation that the tracking supports their premium service. That’s a very different world for Facebook and others.

If you want to make tracking opt-in, that's great. Doing so would obsolete the do-not-track header. But do-not-track was never going to do that itself. The purpose of do-not-track was to be an explicit declaration of intent. Trying to co-opt it benefited no-one.

I see what you’re saying. I generally agree with implementing designs and standards along the lines of their intent.

On this particular issue, I’ve pretty much decided for myself that individually tailored advertising, net-wide implicit tracking and surveillance capitalism in general need to be banned, or owned by the commons and walled with fine grained permissions. I’m waiting for the tech world to catch up.

Seeing this from the inside - I believe that large/reputable advertisers have no problem[1] with e.g. GDPR being opt-in, because it's a law that levels the playing field. With DNT, the question was "who blinks first" - it was all too easy for some players to take the stand that "it's not user intention thus it's irrelevant" in order to force everyone else to do the same. MS abused the industry-defined standard and twisted it into something that it was not meant to be, so then it became ignored.

[1] Ok, not "have no problem", it's a lot of technical work that is not "feature" and they need to pay for. But again, rules are the same for everyone, and "full GDPR support" can be sold as a feature, so they're largely fine with it. There's also slightly inconsistent interpretation of the law, depending on company. That's also to be expected, some niche players will push the boundaries of the law hoping to get market share, while the larger ones/that have more to lose will remain somewhat conservative and just tell their clients "our interpretation is correct, if you want to go with the niche players suit yourselves, your risk". In time, as courts set legal precedents for the interpretation, this will smooth out.

IOW they were fine with abusing the power of defaults when it was on their side.