RFC 35140: HTTP Do-Not-Stab (2023)

Original Article ↗ Hacker News Discussion ↗

Overview of the Satire and Its Targets

  • The fake “Do-Not-Stab” header is widely read as a direct parody of Do-Not-Track and similar “voluntary compliance” privacy mechanisms.
  • Commenters say the joke works because it exposes the absurdity of asking bad actors to self-identify and then trust them to behave.
  • Several connect it to earlier satire like the “evil bit” RFC and “A Modest Proposal,” noting the same core point: malicious entities won’t cooperate just because a standard asks nicely.

RFCs, Standards, and Process

  • Some explain how RFCs are actually produced: mostly via IETF working groups, mailing lists, and an RFC editor; “request for comment” is now more historical than literal.
  • Others note that published RFCs are immutable and effectively final; updates require new RFCs.
  • There’s discussion of Do-Not-Track’s history, its deprecation, and the emergence of alternatives like Global Privacy Control (Sec-GPC).

Regulation, EU Policy, and Cookie Banners

  • Strong split on EU regulation:
    • One side argues GDPR-style laws are necessary, corporations will always push boundaries, and adtech’s “malicious compliance” (e.g., dark-pattern cookie banners) is the problem, not the law.
    • The other side sees the EU as over-regulating, citing things like tethered bottle caps and pervasive cookie popups as examples of bureaucratic overreach and poor outcomes.
  • Several emphasize that cookie banners arise from tracking/third‑party analytics choices, not from any strict requirement to show them.
  • Some note ePrivacy rules predated GDPR and that enforcement capacity is limited, leading to noncompliant or performative “consent” UIs.

Corporate Behavior, Capitalism, and Power Asymmetry

  • Many comments frame the issue as structural: companies are financially incentivized to exploit data and treat users as raw material, not customers.
  • Views range from “they don’t hate you, they’re just indifferent and love your money” to outright anti-capitalist critiques calling for banning or criminalizing tracking.
  • There is cynicism about self-regulation, industry “malicious compliance,” and monopolistic lock‑in (e.g., Microsoft’s and adtech’s behavior).

User Defenses and Tools

  • Suggestions include: privacy‑respecting browsers, Do-Not-Track / GPC toggles, adblockers, cookie‑banner–blockers, auto‑deleting cookies, or simply avoiding much of the modern web.
  • Some advocate more “militant” tech use (blocking, poisoning data, civil-disobedience style resistance); others express fatigue, seeing it as a losing war of attrition.

Tone, Rhetoric, and Meta Discussion

  • Mixed reactions to the article’s appended “editor comments”:
    • Some appreciate an explicit, serious explanation for readers who miss the reference.
    • Others feel the angry rant breaks the comedic tone and “ruins the joke.”
  • Broader debate over whether clarity and inclusivity or insider cleverness should be prioritized in this kind of satire.