Microsoft (for once) did nothing wrong. The problem is the DNT flag was unenforceable, and that's something governments should have pushed on.
https://www.ietf.org/rfc/rfc3514.txt
But hey, clicking those "reject all" (when you can at all) does not guarantee a bad actor would comply with one's wishes either.
GDPR has had every bit correct _technically_ (needs zero dialog if one doesn't track), but it could only work if these actors were honest. It turns out it reveals how bad they are.
I suppose the only thing that could possibly work is legislation that would guarantee these bad actors to be sued to oblivion + burden of proof on them that they don't track.
They did. Our current anti-tracking laws all come from pushing on that.
The problem is that the DNT is way too simplistic. Browsers fail to inform the users abut it and keep track of sites independently, and the protocol fails to allow the site to request fine-grained authorizations and inform why they are needed.
There's a sibling talking about P3P that has neither of those problems.
The thing that killed DNT was making honoring it optional in the first place.
Especially given all the things you can rightly blame them for.
