It isn't meaningless, it just means that users don't consent by default. That's the default state; permission should always be explicit.
Perhaps the header should be made to be easy to apply per domain, so websites can request tracking permissions, but in my opinion the necessity of the header is exactly the point of enabling it by default.
The header is simple: I do not want to be tracked. Do not track me. If you want to track me, ask me to disable the header so I can leave your website.
Honestly, I don't understand why this header wasn't mentioned in the ePrivacy directive the EU passed recently. There's a perfectly good way to communicate intent about tracking options to websites, and it's being blatantly ignored.
Honestly I think people accepted this claim too easily. First of all only one browser did that AFAIK. Second of all even if it were entirely opt in it’s another fingerprinting target and was actively being used for that. I really don’t think the people who would fingerprint DNT care one bit whether it’s an explicit statement of intent or not.
It didn't. Advertisers like to think that they have a moral right to track people unless explicitly told not to stalk people. In that framework, changing the default means that a DoNotTrack header doesn't necessarily show intent on the part of the user.
Instead, the appropriate framework is that advertisers do not have a moral right to track users unless the user has consented to it. By having the DoNotTrack header be on by default, it means that a user removing it shows consent to be tracked, where previously its absence could also have indicated that the user was unaware of the header.
The default has never changed from the point of view of the user. The default is "don't steal my data". DNT was just reflecting the reality of the situation: user not making a choice indicates they don't want you to steal their data.
> DNT was just reflecting the reality of the situation: user not making a choice indicates they don't want you to steal their data.
Advertisers don't need a header telling them what they should do by default. They can get that information from elsewhere. DNT was going to be a way to opt-out, and some advertisers promised to listen to that. Setting DNT without user action removes the "opt".
In the sense that browser vendors decided to put on a privacy protection facade by enabling a "privacy protection" flag that webshites can easily ignore. The earn kudos from users while websites can keep abusing said users. Win-win for greed.
[0]: https://en.m.wikipedia.org/wiki/Do_Not_Track