Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wouldn't it be better to mandate that sites honor the Do Not Track* HTTP header, rather than require each site to explicitly seek user consent?

* http://dnt.mozilla.org/



§66 on page 20 of Directive 2009/136/EC at [1] seems to explicitly allow the use of Do-not-track header as an opt-in mechanism:

  Where it is technically possible and effective,
  in accordance with the relevant provisions of
  Directive 95/46/EC, the user’s consent to
  processing may be expressed by using the
  appropriate settings of a browser or other
  application.
[1] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2...


That seems to imply that if you have 'accept cookies' and 'accept 3rd party cookies' checked, you can be tracked. Those boxes exist for precisely this reason, are they not consent?


DNT is not implemented in most browsers, and it's not the default policy in any, AFAIK. It'd hardly have the same effect.


>DNT is not implemented in most browsers

That's true, but only (or at least, partly) because the sites can just ignore the header. If this became a standard HTTP hear and there was a requirement for it to be respected, browsers will quickly start supporting it.

>and it's not the default policy in any, AFAIK. It'd hardly have the same effect.

That's the whole point. It would still allow for analytics to be collected and made use of to improve web experience, while giving concerned users an easy way to opt out without being constantly hassled with "Will you allow us to track you?" question from each and every site they visit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: