| > Common sense would indicate that ticking of the box overrides the browser setting In theory, the /.well-known/ file could have its timestamp updated to reflect to the browser that the situation has changed and the user may perhaps need to make another choice. In practice, every website with trackers will just always pretend things have changed and browser controls will be useless. > Except now apply that logic to the mess of “we respect your privacy, click here to allow sharing your data with our eleventy bajillion trusted partners” popups on so many websites. So, again, by default opt-out and asking for their permission to opt-in. So this setting does absolutely nothing to stem that tide? What’s the point of it then? This is why I prefer what Microsoft attempted to do with P3P instead. Of course no website ever bothered implementing it, but Microsoft came up with a protocol to at least list a display privacy policies for every partner website. If browsers came with UI to manage which trackers the user accepts by default, with specific website overrides of course, this mechanism could be extended to in-browser privacy popups that can have their defaults be "no, fuck off" without the ambiguity. The protocol could even be extended to permit the website to request changing the sharing setting, for instance when you sign up for a newsletter. As long as the UI is gatekept enough (say, once per x minutes after user interaction, up to y parties at once, otherwise the notification will be a little icon in the URL bar), it might just automate away the entire cookie popups. Of course you'd need to convince the EU and California to declare these protocols as mandatory, but I think that's going to be a lot easier with a protocol where users have more choice than with this unary GPC header. |