I’m not really sure I can support using DNT headers currently. Some good points were made about alongside GPC, DNT being legally recognized for GDPR requests in some countries. I live in the US outside of California, and don’t closely follow along to the nuances of either CCPA or GDPR, so correct me if I get something wrong. Given the list of websites in a comment that respect DNT, the notion that DNT is voluntary to handle, and how many websites use to harm users instead (further fingerprinting data points), I don’t see why Mozilla should be keeping around DNT for the time being.
Yes, the fingerprinting metric for DNT may not be that unique of a data point if a given user isn’t using content blocking extensions and other browser-hardening techniques. It still is however a data point often masked to follow the herd in order to minimize fingerprinting in territories where user privacy isn’t enforced by law. If law actually demanded respect to user privacy, I think DNT could work. As it stands though, it really doesn’t seem like DNT is well-ingrained in law.
Given the list of sites you listed, I only recognize two websites on the list that claim to support DNT. Perhaps a majority of these sites are from smaller organizations and/or based in the EU? On top, this is only what the sites’ privacy policies claim, no? How many of these sites are actively proven to respect DNT beyond claiming that they do?
It really seems like DNT is still considered way too optional for websites to handle and respect. The best way for this to change is for the GDPR to recognize proper DNT handling as mandatory for sites to be compliant in the EU. Furthermore (unlikely to happen anytime soon but would be helpful) is for the US to gain similar privacy laws at the country-level that also defines enforcement.
There is just about zero reason I think nicely asking website admins to monitor and add support for DNT. Given that a majority of the problem with violations isn’t with the smallest of independent websites, but those run by larger businesses, I doubt simple activism will work. If just activism for respecting the privacy of users actually did something, I feel like in ~15 years Do Not Track headers would have shown meaningful progress. The only way going forward is deliberate user-enforced destruction of available tracking points granted to websites or law that dictates when and how websites may track users: be it GPC, DNT, or something else. Only when a consensus is being reached should Mozilla and browsers prepare to support the enforced feature.
EDIT: re-reading the list of websites claiming support for DNT, I found a second website I recognize.
As I understand it, most of the Pebble’s OS is currently Open Source. Traditionally, you could download updates and applets, watch faces for your Pebble through it’s app, as well has have many phone integrations. Most of the phone integrations can now be done through GadgetBridge and applets downloaded from Rebble.
Given the minimal need for always-online or really much of a internet connection at all beyond what is needed for third-party applets (weather watch faces, etc.), the older Pebble smart watches are able to be made about as private as one could reasonably expect from a Bluetooth wearable.
The two upcoming remakes appear to be basing the mobile app and applet repo upon the Rebble community’s work, if not outright using it as the source. If the watches gain GadgetBridge support and/or the companion app is fully open source, I imagine these will be as worthy as the older watches.