RFC 35140: The Do-Not-Stab flag in the HTTP Header
Date: Message-Id: https://www.5snb.club/posts/2023/do-not-stab/
Tags: #rant(3)
Date: March 7, 2111
Abstract
This document defines the syntax and semantics of the Do-Not-Stab
header, a proposed HTTP header
that allows users to indicate to a website their preferences about being stabbed. It also provides
a standard for how services should comply with such user preferences, if they wish to.
Authors
[REDACTED]
(Google)[REDACTED]
(Google)[REDACTED]
(Google)[REDACTED]
(Google)
Introduction
Over the last 50 years, advancements in peripherals have allowed websites to stab users. A number of industries have popped up to provide SaaS (Stabbings as a Service). Some users have expressed discomfort when a knife is plunged into their chest, and this header allows those users to express their personal preferences.
A user preference can, of course, be ignored by bad actors. However, most stabbings are not done by malicious actors, they are simply law-abiding companies which will gladly stop stabbing you if you ask. This standard provides a method for a user to easily opt-out of all stabbings, except those mandated by law, and ones that the company wants to do anyways.
Syntax
The header has only one form, Do-Not-Stab: 1
. This is because the lack of a header indicates a
clear preference that the user wants to be stabbed.
Defaults
A user-agent MUST NOT adopt Do-Not-Stab: 1
as the default preference. If a user-agent were to do
this, web services SHOULD ignore the preference and stab the user anyways.
This is because user-agents are in no position to determine if a user wants to be stabbed or not, this must be an explicit choice that the user makes.
Enforcement
Microsoft has committed to supporting the Do-Not-Stab
header inside the EEA (European Economic
Area). Outside of the EEA, support for the header is still in-progress, and you may get stabbed,
even with the header set. If you are in a country that leaves the EEA, you may get stabbed.
Exceptions
Exceptions to the Do-Not-Stab
header are accepted when commercial interests outweigh safety
concerns. These include, but are not limited to
- Stabbing users who have consented to being stabbed (even if they don’t know they consented)
- Stabbings requested by a government. Websites SHOULD NOT try to challenge the legality of any stabbings requested, the user probably deserved it.
- Stabbings that are probably not going to kill the user.
- Shareholders wanted it
Editor Comments (REMOVE BEFORE PUBLISHING)
seriously, what the fuck is with companies nowadays demanding that they be told to not do the things they know they shouldn’t be doing anyways? why is microsoft respecting the user’s choice only in the EEA? because they only have to there. extremely funny how they were also the ones to set Do-Not-Track by default in IE, thereby getting everyone to ignore it for IE. because companies are god damn children and must be told no explicitly by every person individually. it’s a fucking wonder that DNT even got in as a general option and wasn’t mandated to be set per-origin, making it even more fucking useless than it is.
it’s fucking depressing when even the fucking bare minimum form of regulation is followed to the letter and no more, because every company out there fucking hates you and would sell you out to make a bit more money if they legally could. and even if they couldn’t, who’s going to stop them?
“We and our 756 partners process personal data[…]” wow big polycule this website is in, there’s no fucking way they actually need to work with that many fucking companies, what the shit? adtech is a scourge on humanity and serves zero fucking purpose.