Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This shouldn't be necessary. The default behavior of web services should be no tracking, whatsoever, unless specifically agreed to in writing by the user. This should be enforced by laws, not a toothless organization like W3C, and there should be real punishments for disobeying.

However, this is a good PR move by Microsoft. They don't make too many of them, so congrats.



What would you count as tracking? Would websites only have analytics or A/B test results on users that have printed, signed and sent them consent forms?


I haven't thought of every corner case but I would set up something like this:

You can track a user during a single session on a single site.

To track across multiple visits the user must set up an account of some sort.

To track across multiple sites the user must provide some kind of explicit permission.

Anonymize any session records that don't have this kind of permission.


That seems a little excessive, but the sentiment is good. Any personal data, including browser history, should not be stored without user consent.... Like a "track me" header field.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: