Do-Not-Track failed. According to Wikipedia, Apple dropped support and not many people adopted it anyway.
It was always doomed to fail. You're asking the wolves not to eat you by setting an HTTP header. If these companies were the kind to care about the honor system, they wouldn't be tracking you in the first place.
I think the point jschwartzi was trying to make is that Do Not Track paired with legislation requiring companies to honor it could be a reasonable solution.
I'd still end up having to disable it because there are plenty of trackers that are not bound by US laws (or any laws) and providing DNT is a stronger identification signal than not giving it.
Regulation around Do-Not-Track failed, as it often does when captured by industry. The Do Not Call list started in 2003, but it seems it's starting to be taken a lot more seriously lately. Everyone should keep using Do-Not-Track and somehow logging/reporting/publishing violations of it (although I don't even know to whom -- maybe the best we can do is a version of plaintextoffenders for now). It can eventually end up as ammunition for a future bill to actually start regulating this effectively. Calling it a failure and abandoning it is not going to help.
> The Do Not Call list started in 2003, but it seems it's starting to be taken a lot more seriously lately.
Is it though?
I'd say Do-Not-Call is a failure. Much like CAN-SPAM. Both are 2003. Check the calendar. I'm still wading through more spam than ever in my inbox and getting an ever increasing number of scammers calling my cell phone.
The problem is always going to be that you need a watchdog with teeth. As we've seen in recent years, all of these government three letter agencies can be gutted simply by swapping in some corporate patsy at the top. Maybe you can beg the government mommy for your freedom and law enforcement back in 4-8 years. Antitrust laws exist. How many decades have we gone now since actual, serious enforcement?
Shouldn't Do-Not-Track be the default anyway? Why must we opt out of tracking, spam calls, and spam emails?
And, of course, the elephant in the room is: who wants spam calls, spam emails, and tracking in the first place? No one! No one would opt in to any of that crap. Which is why the laws are carefully designed for apathy and toothless enforcement.
If you want to talk legislation then talk legislation. If you want to talk tech solutions then talk tech solutions. But an HTTP header is neither of those things.
Imagine we all just drop encryption. Instead we just pass a flag in the TCP header that says "please don't look at my data passing through this network." Yeah that sounds insane, right?
DNT was about trying to avoid government regulation. It was an opportunity for the ad industry to show that it could self-regulate and respect people's choices. Now that it has failed, the next step is for the government to step in and mandate privacy protections.
The only chance it had was the EU (or California, or some other influential region) mandating compliance. I still don't get why the EU didn't do it (either using the existing DNT header or a new one). That could easily put an end to the cookie dialogs.
It was always doomed to fail. You're asking the wolves not to eat you by setting an HTTP header. If these companies were the kind to care about the honor system, they wouldn't be tracking you in the first place.