[vmaurin]

Same goes for age verification.

There was the DNT header, that was a bit to simplistic, but was never implemented https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

The thing people need to understand here is that the annoyance is not due to lack of technical solutions, or regulations forcing something. It is explicitly wanted by the industry so they can maximize the consent rate. The browser solution is probably the best technical/user friendly one, but ad tech/data gathering industry won't have any consent. As they control most of the web, they will never do that

[Animats]

It was implemented in browsers and ignored by sites. Chrome help says:

Turn "Do Not Track" on or off

When you browse the web on computers or Android devices, you can send a request to websites not to collect or track your browsing data. It's turned off by default.

However, what happens to your data depends on how a website responds to the request. Many websites will still collect and use your browsing data to improve security, provide content, services, ads and recommendations on their websites, and generate reporting statistics.

Most websites and web services, including Google's, don't change their behavior when they receive a Do Not Track request. Chrome doesn't provide details of which websites and web services respect Do Not Track requests and how websites interpret them.[1]

About the best we have browser side is a mode where all cookies are cleared at browser exit.

[1] https://support.google.com/chrome/answer/2790761

[djoldman]

In chrome, saving anything to your device can be blocked completely:

chrome://settings/content/siteData

Here's an extension to block at a per-site granularity (despite it saying cookies, it blocks it all including local storage):

https://chromewebstore.google.com/detail/disable-cookies/lkm...

[pessimizer]

That's not an implementation. That's a request to sites that you visit to comply willingly. An implementation would be defensive.

It's what you would do if you had the crazy idea that a browser should be a client for the user, and only a client for the user. It should do nothing that a user wouldn't want done. The measure of a client's functionality is indistinguishable from the ability of the user to make it conform to the their desires.

[TheCoelacanth]

It's not realistic to completely prevent tracking solely on the client-side. Every time that you interact with a server, that's an opportunity to track you. You can't prevent unless you just completely stop interacting with the server.

[Semaphor]

> About the best we have browser side is a mode where all cookies are cleared at browser exit.

No. The best we have are adblockers and scripts like consent-o-matic.

Clearing cookies does mostly clear cookies, tracking goes far beyond that. Clearing cookies has always been a red herring enabling adtech submarines like "I don’t care about cookies".

[zenmac]

Didn't manifest v3 kinda voided all that for chrome based browser? Even brave's time in manifest v2 is timed. For that reason have switched to Firefox.

[Semaphor]

Use an adtech browser, win adtech prices.

[disruptiveink]

Correct. Age verification and privacy consents belong on the browser. The issue is that on the browser, things work a bit too well (remember https://en.wikipedia.org/wiki/P3P ?), so the big players are incentivized to ignore completely the browser-based mechanisms and say/do nothing whenever they see lawmakers going on a dumb direction (risking fines is a reasonable price to pay in order to kill adoption of an actual browser/OS based control that would cause a dent to their tracking operations) that puts the onus on individual website operators.

[p_l]

Fun fact - if you handle DNT properly, you don't need to show the consent screen... because you're not doing anything requiring said consent.

[jeroenhd]

I believe Medium's DNT implementation showed a little confirmation button on embedded Youtube players. That's the kind of consent screen you may still need with proper DNT handling.

None of those cookie popups, though. That's all malicious compliance.

[voxic11]

I don't think this is true. DNT being absent or set to consenting is not enough to infer the user has given specific and informed consent under the GDPR.

> Explicit consent: Under the GDPR and similar laws, consent must be specific, informed, and an unambiguous, affirmative action from the user. Consent cannot be assumed by a user's continued browsing or inaction, which is what DNT would require.

[p_l]

if DNT is absent you could show GDPR-compliant consent screen (ofc, it would still need to be actually compliant, i.e. with "reject all" button front and center)

[cyanydeez]

At this point browsers should become publicly owned. Theres zero benefit in private ownership. Its a utility and nows the time to accept that.

[LunaSea]

Utilities are not public either anymore in most western countries.

[ants_everywhere]

[flagged]

[GJim]

I think you will find there is an entire world beyond the shores of the USA.

[ants_everywhere]

US browsers account for more than 90% of the market share though. The main non-US browsers are Opera (Norwegian company majority owned by a Chinese company) and Samsung browser (South Korean company). Both Opera and Samsung are based on an American controlled open source project (Chromium, controlled by Google).

So for the vast majority of people in the world government ownership of their browser would mean American political control. The current administration has expressed both in theory and practice a willingness to directly exert influence over organizations even when they are supposed to be independent of government control. That would be a concern for much of the world even outside the US.