The Architecture of Non-Consent: Why Web Surveillance Was a Choice

Web surveillance began in 1996 with DoubleClick's third-party cookies, creating a tracking infrastructure that was never approved by the public. This system imposes heavy costs on performance and privacy, relying on 'consent' gained through user exhaustion and dark patterns. Apple's recent privacy features prove that tracking is a choice browser vendors made, not a technical requirement for the internet to function.

Key Points

The web's surveillance architecture was pioneered by DoubleClick's third-party cookies and later scaled by Google.
Tracking is not a technical necessity but a commercial choice to repurpose data paths for value extraction.
The 'consent' model is flawed, as 90% of users accept tracking only when the 'Reject all' option is intentionally hidden or difficult to access.
Surveillance has physical costs, including a 10x slowdown in page speeds and massive energy consumption from 600 billion daily real-time bidding requests.
Apple's ATT demonstrated that the technology to protect users has always existed, and its implementation caused a $10 billion revenue shift in a single year.

Sentiment

The HN community broadly agrees with the article's core thesis that surveillance was a deliberate choice and not inevitable, with strong anti-surveillance sentiment and frustration with industry and regulatory failures. However, there is notable pushback on the article's rhetorical excesses (Stasi comparisons), uncritical presentation of Apple as a privacy champion, conflation of tracking with surveillance, and the article's own technical ironies. The dominant mood is weary agreement mixed with cynicism about whether change will occur — predominantly agreeing on fundamentals, with significant nuanced pushback on framing and proposed solutions.

In Agreement

Tracking-based advertising is a deliberate architectural choice, not an inevitability — Apple ATT proved opt-in defaults are feasible and the majority of users chose to opt out
Personalized ads are largely ineffective and often serve scams and irrelevant content, making the surveillance trade-off unjustifiable even on its own terms
Cookie consent banners are malicious compliance by industry, not a GDPR requirement — GDPR actually mandates opt-out as the default
Everyone has something to hide — phones collect deeply sensitive data including medical, financial, sexual, and political information that can lead to real-world harms
WHATWG and Google's browser dominance allow the surveillance industry to shape web standards in their favor, entrenching tracking architecturally
Mass surveillance by governments and corporations represents a convergence of interests — both state and corporate actors want the same information infrastructure
Ordinary people's apparent indifference to surveillance stems from not understanding concrete harms like dynamic pricing, addiction engineering, and election manipulation

Opposed

Comparing ad tracking to the Stasi is hyperbole — ad companies merely want to sell products, and conflating them with violent state surveillance weakens the argument
The article cites no concrete documented cases of ad tracking data being used for political repression
Apple's ATT does not actually block trackers — apps continue to fingerprint users through other means, so it is not the clean proof-of-concept the article implies
Apple itself is a major surveillance actor — it was part of PRISM, collects extensive telemetry, and runs a multi-billion-dollar ad business
Tracking and surveillance are not the same thing — conflating them weakens the argument by implying intent that may not exist
Google was legally prevented from removing third-party cookies by antitrust regulators, so framing it as a simple choice ignores structural legal constraints
Ad-supported models gave people in poorer countries access to information and platforms that would otherwise be behind paywalls