alt Hacker NewsMaybe it's because I'm idealistic in addition to being old, but I think a lot of this functionality was in fact added for explicit purposes.
A client sends the language header or the list of supported fonts not so that the server can "do whatever they want with this data." There is (or was) a real reason for it when we came up with these standards.
The fact that website providers, or more specifically ad-networks, have chosen to use these for other purposes is breaking that implicit agreement.
(edit) but you're probably right that i'm expecting too much.
Replies
Sure, but I think some of the stuff it sends isn't necessary. A website doesn't need to know the list of fonts on my machine, for example.
Some of them are questionable: most websites do not need to know my time zone, but when a website can use that in a useful way related to its functionality, it would be annoying if the browser were to popup an allow/deny dialog, and even more annoying if I had to manually set it in the website's bespoke settings panel.
I'm not sure what the solution is here.
I don’t understand why that would be an implicit agreement, though? Why would I expect that the website would not try to figure out who I am?
They are free to remember whatever they want about my request… but I am also free to modify the request however I want, if I choose to randomize the list of fonts or choose to not send it or whatever.