[landerwust]

If any browser vendor just pushed a trivial standard like

    X-Consent: no-cookies

    X-Consent: cookies-ok

Sites would have gobbled that header up overnight, and the other browsers would have received substantial pressure to follow.

But it's a missed beat by now, nobody is paying to have hundreds of thousands of web sites updated for such a thing even if it did exist.

Sucks none of the major browser vendors are based in Europe or this might have happened. Meanwhile, I'm no lawyer, it's not clear whether the header would pass the legal test, but I'm sure a sufficiently motivated party might have a good shot at arguing that it did

[aenario]

Not quite sure if this is sarcasm ?

The do not track header is about 10 years old, ans was promptly ignored by all websites

     DNT: 1
     DNT: 0

[y04nn]

DNT is too simple, there should be new better standard integrated in web browsers. The never ending popups with absolutely 0 constancy across sites is atrocious, moreover if I rejected a cookie for a domain on site A I will be prompted on site B if I want to reject it again.

For every domain that wants to create cookies, I should be prompted by the browser (like I allow camera access) if I authorize it to do so, we can even imagine that each domain would have cookies purpose information ('mydomain.com/cookies_policy') in JSON that the browser is able to present to the user (describing each cookie of the domain). Then the browser would be responsible to never create cookies that I rejected.

The main advantage would be that in incognito mode I would not have to repeat myself 10 times a day.

[Macha]

If you want to see an example of a more granular policy that the browsers (well, Internet Explorer, but it was the majority browser at the time) implemented also being ignored, see P3P: https://en.wikipedia.org/wiki/P3P

[aenario]

Ultimately the only cookie an users will willingly accept is the sessionid/rememberme. And the "remember me" checkbox is consent enough under the GDPR.

Behing all the legalese and marketing-speach, all the other purposes boils down to :

    - We are too lazy to setup a matomo, so we are giving google your browsing pattern. 

    - FB is forcing us, so we can pay ever so slightly less for ads

    - Google is offering to tell us your sex and age

    - If we dont track you, we will show you a viagra ad.

    - Through 4 intermediaries, we can pay this totaly-objective-blog which sent you here.

I'd love to hear from someone with a complex cookie consent pop-up, but i'd bet there is about 80% "accept all" (because the users have been trained to do it) 19% "reject all", and no-one is mixed.

So the do-not-track would have been accurate enough.

[LunaSea]

I asked this elsewhere in the thread as well, but what about tracking done through the session cookie?

e.g: Tying together two browsing sessions by one user on two different devices.

[Cthulhu_]

Main difference is that Do Not Track was an industry incentive, not a legal requirement like the GDPR is. They could have made it legally binding, but they chose not to.

[landerwust]

Hrm fair point. I'm not sure DNT could have been repurposed to imply consent under much newer regulations, but you're generally right, this mechanism predated the EU regs and somehow was passed up.

[distances]

"Somehow" is because there was nobody enforcing it, so nobody had any incentive to honor the request. Legislative approach is the only way to have an actual effect.

[josefx]

DNT was also intended to be an explicit opt out. However Internet Explorer enabled by default for three years, giving the industry an excuse to question its validity and ignore it. Privacy centric Microsoft or intentional sabotage?

[ohgodplsno]

As it stood, DNT was used as an additional 1.5 bytes of identifying information: Yes/No/Not Set. To be then promptly ignored.

[robin_reala]

The good thing is we only have to look at the abject failure of do-not-track to see that this approach categorically doesn’t work.

[05]

Ah, the RFC 3514 approach..

[oefrha]

cough DNT cough