An interesting tidbit from Mozilla’s latest privacy release (https://www.ghacks.net/2023/11/21/firefox-120-ships-today-with-massive-privacy-improvements/):
The first introduces support for the Global Privacy Control in Settings. The privacy feature informs websites that you visit that you don’t want your data sold or shared. It is legally binding in some states in the United States, including in California and Colorado.
What’s to stop users from utilizing a VPN exit point in California or Colorado to force the binding nature of the request?
If you’re going to attempt this sort of thing then why go through CA or CO? Why not go through a GDPR country directly?
Latency.
I should also add, this would require you to use a GDPR respecting instance. There’s a reason places like Amazon have
amazon.comandamazon.co.uk, etc. That’s not tenable for me, or most users.