- Browsers could have implemented something that was compatible and sent the header accordingly
- Browsers literally implemented a header, called Do Not Track. You provided "active consent" by setting that header in the settings
The great amazing industry that does no wrong immediately used it for tracking.
Fast forward a few years. The industry is told in no uncertain terms: do not track without user consent. How did the industry respond? Did it implement this at browser level? No. Did it come up with a standardized pop-up? No. The industry immediately responded with malicious compliance and dark patterns.
Setting it in your browser settings is not compatible at all. It isn't active consent by any definition of the word. It isn't per-site but set globally (hence how it could be used to fingerprint browsers in the first place!). The header failed every possible test for actually providing any actual signal.
All browsers had to do was create active consent (like they do for pop-ups, remember those?), send the appropriate header, and that is it. It would only require a few changes but the industry decided not to do that ... for whatever reason.
- Browsers literally implemented a header, called Do Not Track. You provided "active consent" by setting that header in the settings
The great amazing industry that does no wrong immediately used it for tracking.
Fast forward a few years. The industry is told in no uncertain terms: do not track without user consent. How did the industry respond? Did it implement this at browser level? No. Did it come up with a standardized pop-up? No. The industry immediately responded with malicious compliance and dark patterns.
Some HN user: it's all the government's fault.