DNT doesn't solve all problems, though. Not only is DNT being deprecated, it also lacks the proper customisability the law actually prescribes for data processing.
There's no value you can give DNT that says "you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers".
As a practical example: there are news sites that will not play videos if you hit "deny all" because their video host does some viewership analytics. I'm fine with that, but not the 750 other advertisers the news site tries to have me track.
Of course, "deny all" should be an option, "accept all or deny all" isn't control.
For the longest time we had https://en.wikipedia.org/wiki/P3P as a basis to build on, but that officially died the day Edge became Chromium-based.
> you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers
I'm sorry, but does a user who would want this actually exist? This seems like a hypothetical dreamed up by the marketing team to avoid having to accept that a large group of users hate all their tracking shit.
I do not want my data sent to data brokers or used for advertising. I have less of an issue if my data is used to improve a service I use and only for this, as long as I value/trust the service. The problem is that many websites really want to sell your data to third parties and/or use if for advertising, that often it feels safer to just refuse any consent.
Yes, it's quite common for users to want this. I think a lot of people don't realize functionality like "remember I want dark mode every time I visit" or "keep me logged in when I reopen my browser tomorrow" constitutes first-party tracking and requires consent under EU law.
Sorry, but no. Those functionalities fall under "functional cookies" and as such do not require consent. Also, there is no tracking needed for the dark mode at all. And "logging in" does not mean "tracking"
Strictly necessary cookies, session tokens and such, are exempted. But there’s no general exemption for cookies that provide functionality a user might like. If your site will function without remembering who I am when I come back tomorrow, you have to disclose that you’re going to try to remember me and give me a chance to say I don’t want you to. Doesn’t matter how benign your plans for that information are - the whole point is that the user is in control and they get to make that decision.
At my first job I took phone calls for an insurance carrier and agents definitely didn't like finding out that all the unhandled exception screens the rater had simply disappeared into the abyss.
You download a specific tool which only has the purpose of collecting your local error reports and sending them to Microsoft". Later on that tool became just a button in your control panel that submitted all your local errors and told you if those errors had an already developed solution.
That's how they did all their error telemetry until like late XP era, and it worked just fine.
All the people insisting that they need* this telemetry is also horse shit. Companies are demonstrably not producing better and more bug fixed software, and demonstrably are not using that data to make serious improvements, but demonstrably ARE using that data to choose where to focus dark pattern and other sales funnel based efforts.
If Unity and Unreal and GPU drivers can ask me "Do you want to send this error report" with a default no, nobody else has any excuse.
Even now, a significant amount of companies use the system of "Please upload your error log and the output of this command to this forum" as their bug report solution and it works just fine if that company actually intends to fix bugs.
The solution is not to turn your software into spyware. Stop being entitled. You don't have a right for me to QA your software for you, that's your job. Even with all this telemetry, companies only fix the most common and most obvious bugs anyway, so the perfect telemetry is utterly useless. Those bugs would have surfaced anyway.
Developers in the 80s did not need telemetry to get bug reports and fix things and release patches. Learn some history of your profession people.
Has throwing a hundred thousand bugs onto your sprint backlog actually helped anyone develop better software? No. Meanwhile it has exposed all your customers and users to predatory bullshit from your marketing and sales departments, and enabled your worst product managers to optimize hostility and extraction.
It's already seen as a valid opt-out signal against this sort of thing in Germany. LinkedIn got in trouble and lost a court case for not respecting the DNT header if memory serves me right.
