I think we're learning an important lesson in web economics this week, and it's this: if consumers simply ask for privacy and security on the part of web service providers, it will not be granted. There's no such thing as a user's 'terms of service' that imposes obligations on providers. The closest analogy I can think of was 'robots.txt' on my web server, which was routinely ignored. Now we also have the 'do not track' header on web browsers politely asking service providers not to issue and read tracking cookies. And the result: request ignored. (It's a bit like the telephone 'do not call' lists - that were prized by telemarketers as accurate lists of active telephone numbers they could call). We should have learned by now that corporations do not 'self-govern'. It simply doesn't happen. Corporations will opt for short-term self-interest over social good every time, unless constrained by law. Hence: "The DNT specification has become a joke. It has seriously been proposed that one of the 'Permitted Uses for Third Parties and Service Providers' be 'marketing.' So one of the permitted uses for Do Not Track might be to allow advertisers to track you."