Do_not_track - Hacker News

Posted by RubyGuy 17 hours ago

358 points | 114 comments

endgame 54 minutes ago|

No. It shouldn't be an opt-out, and it is bad practice to write conditional settings in the negative.

charles_f 12 hours ago||

It's interesting that we're so used to be tracked at this point that no one balks at being opted-in by default. A flag called DO_NOT_TRACK sounds like a good idea, but also suggests the default is CONSENT_TO_TRACK=1, and I find that creepy.

thephyber 11 hours ago||

Do not track WHEN?

This flag is sent by my browser when I connect to SOMEONE ELSE’s SERVER.

The internet only took off because the primary business model which ran on ads and derivative information that servers do to their users.

It’s not fun. It’s not private or secure. It’s not illegal (in most jurisdictions for most industries). The flag exists as a response to the de facto and de jure state of the world, not some fairytale scenario.

RugnirViking 7 hours ago|||

> The internet only took off because the primary business model which ran on ads

No? It took off before advertising was widespread as a primary or sole funding business model? Also there's literally nothing about advertising that requires data collection about users. Sure they love to do it, and they might even believe that it helps their profits in some way. But it's not inherent, they got along just fine with billboards and newspaper classifieds. TV ads never required personal information. Not did pre roll cinema ads, or radio adverts. Nobody was bemoaning in the streets that they couldn't possibly find anything to buy

y42 5 hours ago||||

> The internet only took off because the primary business model which ran on ads and derivative information that servers do to their users.

quite the opposite I would argue:

https://nickyreinert.de/2020/2020-10-24-marketing-killed-the...

tdeck 28 minutes ago||||

The article is about local desktop / CLI tools that collect telemetry, not the web browser "do not track" standard.

thayne 5 hours ago||||

You can have ads without tracking.

lee_ars 28 minutes ago||||

> This flag is sent by my browser when I connect to SOMEONE ELSE’s SERVER.

...and promptly, thoroughly ignored.

charles_f 11 hours ago||||

Article quite literally talks about tracking of cli tools you run on your own computer, half of which are to pilot products that you pay with your own money.

Get off your high horse.

doginasuit 10 hours ago||

I would advocate for not getting your horse high to begin with, or hide your stash better.

dylan604 8 hours ago||

Wow, I guess I grew up too close to actual cowboys that this is an interpretation I just never considered. Not sure why though as it's right there for the taking.

righthand 6 hours ago||||

You’re confusing the Internet with Google.

Griffinsauce 4 hours ago|||

> The internet only took off because the primary business model which ran on ads and derivative information that servers do to their users.

Arguable, on the other hand it did kill the internet. (or, almost so far, we'll see whether we rebound after decades of enshittification)

shevy-java 4 hours ago||

I actually consider such a flag to be problematic. I don't want to give out any information - of course I never want to be tracked, but marking this via an ENV variable alone, already makes zero sense to me. I don't understand people who like that while claiming they do not want to be tracked; if they give that information, then this means they are marked.

_flux 3 hours ago||

I always choose to go with positive terms with variables etc, so this would then be ALLOW_TRACKING=0. It brings in some consistence and makes it easier to reason, as you get to avoid double negation.

Perhaps the "DO NOT TRACK" name is somewhat of an established term, though.

FrauElster 2 hours ago|

One could also implement ALLOW_TRACKING as comma separated list for applications I choose to allow it. Say I would like to share telemetry with go and brew, but not aws and the rest ALLOW_TRACKING=go,brew

_flux 2 hours ago||

..and what kind of tracking, e.g. anonymous usage statistics vs update checks, e.g.

  *:analytics=1:google_analytics=0,syncthing:upgrade=1

The specification could go on and on!

PufPufPuf 15 hours ago||

This is set up for the same fate as DNT in browsers. Collecting all the "do not track" env vars into a single "do_not_track.env" file, however, may not be a bad idea...

whitlock 15 hours ago||

https://toptout.me - exists and handles a lot of these problems, if not looking to create a new wheel.

Though if you just want a simple ENV var that handles this WHILE honoring the specification on this page: https://github.com/alloydwhitlock/do-not-track-cli

LocalH 15 hours ago|||

Advertisers chose to ignore DNT because they claimed Microsoft making DNT enabled by default took agency away from the user. In reality, they probably weren't going to honor it anyway.

Gigachad 9 hours ago|||

There's an inherent conflict. No one _wants_ to be tracked, there is no direct benefit to being tracked and only downsides. And advertisers want to track you. So there was no way to respect the flag other than making it obscure so only a few dedicated people turned it on.

xigoi 7 hours ago|||

> No one _wants_ to be tracked

Plenty of people seem to genuinely believe that “personalized ads” are good for them.

jampekka 22 minutes ago|||

No-one is too absolute, but could ne used as a rough rule of thumb.

Depending on the study, 0.16% to 7% want to get tracked.

https://noyb.eu/sites/default/files/2025-07/Pay_or_Okay_Repo...

Jaxan 2 hours ago||||

They are told to believe that.

PunchyHamster 2 hours ago|||

and yet if they had question prompted to them even most of them would click "no"

maccard 43 minutes ago||

No, they don’t. They will click whichever option gets the modal out of the way.

socalgal2 6 hours ago|||

To play devils advocate there is a direct benefit to being tracked, at least theoretically search and ads will more relevant to you. I get no one wants ads but you do see ads here and there. It would arguably be better for you if everyone of them was relevant than not. Similarly search or even LLM answers could be better if the preferences of the asker are known

No, in not making excuses for tracking and I do lots of stuff myself of avoid being tracked

I’m only responding to the false premise that there are no benefits. There are. You can just choose to believe they aren’t worth the cost. I believe they aren’t but I have friends who opt into all tracking and even register their presence with multiple apps. They believe they’ll make more positive connections

Griffinsauce 4 hours ago||

> theoretically > they believe

Exactly. From my experience: the times I've found an ad relevant and worth clicking is about one-to-a-gazillion. Maybe relevance is higher for others but that still doesn't necessarily translate to real value. (ie. your life was improved in any way)

Also, this all presumes the targeting actually works and the current sea ads for shoes I just bought disagree with that. It's all just spam.

mmooss 14 hours ago|||

Microsoft is too sophisticated to plead ignorance; they are responsible for that outcome and I think we can assume they knowningly chose it. (Though now Microsoft browsers are such a small portion of the market that it doesn't matter.)

The biggest failure of DNT was browser makers - including Mozilla - removing it. It has zero performance impact (1 bit?) or development cost. As long as it was out there, when there was momentum against tracking, advocates had evidence of both demand for privacy and of trackers ignoring user wishes.

pseudalopex 10 minutes ago|||

Global Privacy Control replaced Do Not Track.

applfanboysbgon 10 hours ago||||

> advocates had evidence of both demand for privacy and of trackers ignoring user wishes.

This evidence both still exists and is also completely useless for anything. The more important consideration, by far, is that the DNT flag was actively harmful to users in the real world because, if it was acknowledged at all, it was used maliciously to help fingerprint and track users. There is no reason for browsers to continue providing to their users a toggle that not only misleads them about what will happen with the setting enabled, but actively contributes to the opposite outcome because we live in a world where being evil is the norm.

dylan604 7 hours ago|||

Lately, I've come across websites that instead of a cookie banner display a banner that states they recognize and honor my wish to not be tracked. Whether that really do or not is something I did not spend time looking into. The first time I saw it I thought it was a fluke, and then it happened a few more times with in a short time period. Couldn't tell you what sites they were though as it was just something from search results.

quinndexter 6 hours ago|||

Just here to say yeah, I've seen this more of this lately- "The do-not-track signal has been followed" or somesuch.

mmooss 7 hours ago|||

Wow. I've never seen that. It would be great if it became more widespread.

But isn't DNT deprecated in most browsers? Maybe I misremember.

dylan604 6 hours ago||

::shrug:: I set it a long time ago and never looked back. I never looked into it being deprecated, but I knew that pretty much everyone ignored it for reasons. But by these banners, I'm guessing it still lives on as a setting.

whitlock 15 hours ago||

Love it. This is an annoying problem and likely the actual solution than asking folks to use a universal one. I'll put something together as a starting point.

spudlyo 16 hours ago||

I was surprised how hard it was to stop the Python transformers library from phoning home to Hugging Face. I set HF_HUB_DISABLE_TELEMETRY=1, and when I called Wav2Vec2CTCTokenizer.from_pretrained I explicitly passed local_files_only=True, but still I got got a warning about not having a valid HF_TOKEN. It wasn't until I stumbled upon HF_HUB_OFFLINE=1 that I'm somewhat confident that I'm not making outgoing connections to HF every time I load a wav2vec2 model from disk.

I wouldn't have realized this was happening at all if it weren't for the obnoxious HF_TOKEN warning.

woodson 14 hours ago||

HF is notorious for making it difficult to work offline (or at least not waste time trying to connect when everything needed is offline) and is constantly changing how it is being handled. Previously, there was TRANSFORMERS_OFFLINE, HF_DATASETS_OFFLINE, etc.

dylan604 7 hours ago||

Does something like Little Snitch catch these to help find the things doing hidden shenanigans?

ximm 16 hours ago||

Looks like a helpful honeypot! Any tool that will public announce support for this spec is a tool I know to avoid because it collects telemetry without explicit opt-in in the first place.

GuB-42 14 hours ago||

DO_NOT_TRACK support doesn't mean tracking is not an explicit opt-in.

Example: the software crashes, and there is a crash handler that asks you if you want to send a crash dump. With DO_NOT_TRACK, the crash handler is disabled entirely, no question, no dump.

If it gets some adoption, that's probably how it will work. Those who have an financial interest in using tracking (ex: ads) probably won't support such an option.

bstsb 13 hours ago||

i can't think of a single CLI that is possibly collecting analytics for ads

SpyCoder77 15 hours ago|||

Most services are already collecting telemetry, them announcing support for it won't change that.

xandrius 15 hours ago||

Well, don't look too deep else you won't be using many modern tools.

msla 15 hours ago||

Hey, it's a list of services to feed fake data to!

drnick1 16 hours ago||

It's probably easier to run your own DNS and blacklist the offending domains. There are good blacklists with millions of telemetry domains, e.g. https://github.com/hagezi/dns-blocklists.

tosti 16 hours ago||

Better yet, don't allow such spyware crap on your computer.

0123456789ABCDE 13 hours ago||

pfft, just don't have a computer and you'll be good

MajorTakeaway 7 hours ago||

Some hobbies are more fun than others.

rvz 15 hours ago||

That is the correct way of handling this.

Everyone proclaiming a "standard" is just adding to the long list of (unofficial) alternatives.

dylan604 7 hours ago||

obligatory: https://xkcd.com/927/

0123456789ABCDE 2 hours ago||

how is this relevant?

meling 2 hours ago||

For the record, Go’s telemetry is local by default (not uploaded): https://go.dev/doc/telemetry

sersi 3 hours ago||

While we wait for companies to very very slowly implement that proposal, is there a place that collects in one place all the opt out methods for most common tools in one place? Perhaps even a shell module that sets them and regularly updates its list?

smartmic 16 hours ago|

> Many CLI tools, SDKs, and frameworks collect telemetry data by default.

Any of those are using a dark pattern and before exploring new ways to opt out you should look for and spend your energy on an alternative which respects your freedoms upfront.

Otek 16 hours ago|

Exactly, new “standard” won’t fix it

More comments...