It means nothing. DNT is being ignored by most websites anyway and is also a fingerprinting metric.
The DNT flag amounted to the equivalent of a digital pinky swear from website operators. Oh they still tracked you? That’s too bad… South Park’s rubbing nipples meme
DNT didn’t do shit anyway. If you’re relying upon corporations like Google to not track you just because you asked nicely, then you have a very naive view of how much they actually give a shit about your wishes.
This article mentions using Global Privacy Control as a replacement for Do Not Track, but doesn’t bother to explain what GPC does. Its adjacent article incorrectly claims that GPC uses the DNT: 1 header field, fails to explain further, and links to a Mozilla page that doesn’t explain it, either.
Even the GPC web site fails here, offering several pages of vague, abstract fluff about their intentions and a useless document full of marketing industry acronyms, without anything substantial about how it works. The single mention of a spec fails to state where to find it. The closest it comes is a tangential sentence containing a broken github.io link.
Finally, and only because I happen to know github.io’s URL format, I was able to guess my way to an organization page, and from there to a project page, which has a README file containing a footnote linking to the proposed spec:
Geez… it’s as though the people involved don’t want anyone to know how this proposed safeguard is supposed to work.
After reading it, it looks like these are the main differences in Global Privacy Control vs. Do Not Track:
- Replaces the
DNT: 1header field withSec-GPC: 1. - Adds a javascript property to indicate the same thing.
- Does not honor preference changes after the first navigation to a site. (Having changes respected apparently requires clearing site data from the browser and reloading. A helpful browser might prompt the user to do this.)
- Defines a way for sites to indicate that they are aware of GPC (but does not require them to honor it).
- Expresses a wish that your data not be shared, but says nothing about it being collected.
- May be considered legally binding in some jurisdictions. It’s not clear whether the few that currently recognize it will enforce it in any meaningful way.
There is one website, that I know of, that does not ignore DNT: geizhals. Also in germany you cannot ignore DNT by law (most still do).
