There is a toggle buried three menus deep that says you can turn the tracking off. I keep wanting to know one thing about it: does the device believe it?
A toggle is a UI element. It is a promise made by a settings screen. What the hardware does after you flip it is a separate question, and the two are connected only by trust and an engineer’s good intentions. Sometimes those are enough. Often nobody checks.
This is the part of privacy that gets skipped. We argue endlessly about whether consent was given and almost never ask whether consent was honored. The first is a policy question. The second is an empirical one, and it is the only one I find interesting, because it has an answer you can capture on the wire.
So I have a simple rule now. A privacy control is not real until I have watched the traffic with it on and with it off and seen the difference. If the packets look the same either way, the toggle is decoration. It made you feel better, which is its own kind of feature, just not the one advertised.
None of this requires assuming bad faith. Most of the time the gap is a stale code path, a default that was never wired to the setting, a server that keeps a session open because tearing it down was extra work nobody prioritized. The result for you is identical whether it was malice or a Tuesday afternoon. The device kept talking.
If you take one thing from this: stop reading the settings menu as a description of reality. Read it as a claim. Then, when you can, go check the claim. The web has a file for exactly this idea. robots.txt is a polite request, not a fence. A crawler that ignores it is not breaking anything except your assumption. Treat the privacy switch in your living room the same way.
Verify, then trust. Never the other way around.