That’s a good point. However in the EU it should be the opposite - otherwise the site is violating GDPR.

Sometimes I have a feeling sites do whatever they want anyway regardless of bow many dark patterns I click through to find the “no” and “off” buttons because there are no real repercussions. Just like the “do not track” request and “robots.txt” are essentially useless.