Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Privacy Groups Mull 'Do Not Track' List for Internet

Posted by Zonk on Wed Oct 31, 2007 01:44 PM
from the i'd-sign dept.
Privacy Government The Internet Politics
Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.
+ -
story

Related Stories

Submission: Online ad tracking targetted by privacy groups by athloi (1075845)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Privacy Groups Mull 'Do Not Track' List for Internet 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Do not spam? (Score:5, Funny)

    by ACS Solver (1068112) on Wednesday October 31 2007, @01:48PM (#21187017)
    So when will I be able to add my email to a "do not spam" list?

    • Re: (Score:3, Insightful)

      by FlyByPC (841016)
      Right this way, sir. Our company has set up a database to help manage your email marketing experience. And it won't even cost you a thing! Just confirm your valid email address via a script, and...

      The sad thing is, I know this would collect a LOT of valid emails. (Probably from folks who would buy things from spammers, too.) Unfortunately, I'm not quite evil enough to bring myself to do that. It's too bad, really.
    • Well, out here at the Minsk Home for Deposed Nigerian Cabinet Ministers the first thing I must do is get hold of this list so I can stop scamming all you people.

      Since most web usage is tracked anonymously it's much more likely that identifiable information will be hijacked from a copy of the the "no not track" list than from any of the web tracking itself. Seems like kind of a silly, tinfoil-hat-inspired idea!

      • Re: (Score:2, Insightful)

        by sm62704 (957197)
        Mods, the GP was indeed humorous but its writer deserved mod points (you don't get points for "funny"; mod me however you want, my karma's excellent so "funny" is fine). His point in the admittedly humorous post was that these lists would be completely worthess, as there is no possible way to enforce them.

        This is completely unlike the "do not call" lists; these are country-specific. If I spam your phone and you're on a do not call list, we're most likely to share the same government (at least so far) You ca

  • unrealistic goals (Score:5, Funny)

    by User 956 (568564) on Wednesday October 31 2007, @01:49PM (#21187029) Homepage
    Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said.

    Also, they want world peace, and a pony.
    • Ponies exist, they desire a unicorn..
    • Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

      • Download Firefox
      • Install the Adblock Plus and NoScript extensions
      • T
      • Go to Edit | Preferences or Tools | Options (depending on platform) and go to the Privacy tab. Uncheck 'Accept cookies from sites'.
      • Click Exceptions. Add in all the sites that you use that need cookies to work right (online banking, Slashdot, etc.)


      Tada! You're done. Now you can't be tracked (unless you specifically want to be).

      • Re: (Score:3, Insightful)

        by walt-sjc (145127)
        This "do not track" group is a bunch of die-hard IE users. Since MS refuses to add reasonable privacy tools, they are looking for legislation. Idiots. This is a browser problem, not an advertiser problem. Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE, I don't know what the hell they are thinking Congress will do. Most likely we will end up with a law that outlaws privacy tools like Firefox / Adblock and inst
        • the problem stems from congress writing legislation that will satisfy everyone and instead it satisfies no one. we have elected officials who have the backbone of a jellyfish (none).

          what we need is for congress to say, consumers have an expectation, if not a right, of privacy. what they do in a legal environment should be there business and their business alone.

          but what we get is, things like the ftc's do not call list where yea...your number is blocked unless of course if you send in a text message to a co
      • Alternate step one and two: Download Opera

      • I'm sorry, you lost me around that third step.

      • Permit Cookies [mozilla.org] is a more user friendly version of your last two steps.

        Turn off cookies for all sites, then to permit a site (session or permanently) you just hit alt+c and choose one, then hit enter.
      • As much as I like Adblock Plus and Noscript, I tend not to recommend that people install Noscript or disable cookies. Adblock Plus and automatic filter downloads are nice. But it's a lot to ask someone to manually whitelist a bunch of Noscript stuff with every new website they visit. My current Firefox installation is going on 1 year now, and you'd think I would have a good whitelist built up. But it never fails that just about every day I there is a good chance I will visit 3 or 4 websites that won't r

        • Re: (Score:3, Informative)

          by mdm-adph (1030332)
          My friend, I had kinda the same problem as you did (having to maintain a huge whilelist with NoScript) -- that's why, on the first tab of the configuration window, you'll see an option for "Allow Top-Level Sites by Default." No more keeping track of a huge whitelist.

          Now, any site you go to will automatically allow JavaScript from that domain (I mean, if you didn't want its JavaScript running on your machine, what are you going there for?). Any other domain's scripts that are present on that page will s

    • Re:unrealistic goals (Score:4, Insightful)

      by TheMeuge (645043) on Wednesday October 31 2007, @01:55PM (#21187117) Homepage
      Exactly.

      My first reaction to this story was to add the "futile" tag.

      I think we all have to get used to the thought that if there is any information out there, that is publicly accessible in plaintext, it will be cataloged, author identified, and data-mined ad infinitum. Given the technological capability to collect, organize, and process data... as well as the prolific availability of said data, we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression.

      The way I see it, the only way to ensure any real privacy, is to personally ensure anonymity at any point where it seems necessary. With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society... but this is a choice we're all making right now, and will certainly have to make in the future.
      • The best way to ensure privacy is actually to charge for the use of said data.... ie: for the person whose data is being used to get a check in the mail.

        When companies have to pay for this they will be more circumspect about what data they collect and how much.

        This would work for spam as well.... opt in and get paid. Currently someone else is getting paid to collect your data, leaving you out of the equation except as the victim/volunteer.

        Advertisers and market researchers should be paying us for the opport
  • mull, from what i remember means scuttle, bar, make harder, oust. these people are not trying to prevent a do not track list, they are trying to establish one.

  • Anyone else see the problem here? (Score:4, Insightful)

    by Kelson (129150) * on Wednesday October 31 2007, @01:51PM (#21187053) Homepage Journal
    Anyone else see the problem here?

    OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list.

    Oops.

    A better idea would be a standardized opt-out system where your browser tells every server, "Do not track me," then set up web applications to honor that choice.

    Maybe set up an X-DontTrackMe header for HTTP requests. Or a standardized DontTrack=true cookie not linked to a domain. Something that has no unique information and gets sent to every website. Then turn it on and off in the browser with a checkbox.

    Something like that could be tested as a Firefox extension or IE browser helper (if I'm remembering the terminology correctly) to start with, then added to browsers themselves.
    • I don't allow cookies. Your method won't work. How about a "X-I-want-to-be-tracked" cookie and a "X-my-SSN#-is" for the 3 idiots on the planet that WANT to be tracked?
    • Why "opt-out" at all? If there's potential for abuse, it should be opt-in. That's already been accepted with bulk commercial email. Now, it just needs to be enforced.
    • Using a hash would work, but the number of problems with the list far out weight any good reason to have a sensible debate on the top.
    • So if I'm running a website and someone says "don't track me" I'm supposed to not log any of the user's actions on my server?

      Golly, I wish I could do that while robbing a bank with my "don't videotape or look at me" tshirt on.

  • Internet != Telephone (Score:5, Insightful)

    by One Childish N00b (780549) on Wednesday October 31 2007, @01:52PM (#21187065) Homepage
    The 'Do Not Call' list works - to a degree - because people who ignore it run the risk of legal action, due to all being inside the country they're calling. I can't see many companies going to the extent of running offshore telemarketing companies due to the high cost of international calls.

    This problem obviously does not exist on the internet - the cost of serving up those banners to millions of people clearly doesn't eat into the profits of these companies, so there's no reason for them to stop, and if laws are passed forcing them to stop, they'll simply be replaced by foreign companies advertising either on behalf of the same companies serving up the ads now, or set up by the advertising companies to circumvent the laws.

    This won't work.
    • Your reasoning on the telephone situation is sound, but you have overlooked something: VOIP. I have received telemarketing calls from overseas, and it was obvious by the sound quality that it was a VOIP call. The caller even confirmed that he was calling from India.

      Unfortunately, they have already figured a way around that law if they want to do it.
    • You obviously don't realize how many telemarketting firms are located in Montreal (90% of which call the US, since they don't have to follow US do not call lists)..

  • How? (Score:3, Interesting)

    by saterdaies (842986) on Wednesday October 31 2007, @01:56PM (#21187129)
    The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

    Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

    Am I missing something?
    • Doubleclick and others put tiny images on many web pages so they see your cookie no matter where you go.
      • They see your DoubleClick cookie. There isn't a way to do this cross-adnetwork. So, I can opt out with DoubleClick, AdSense, Microsoft, Yahoo, TextLinkAds. . . individually. But I can't get a cookie from the FTC or someone that will be readable by all the advertizers.

  • on a "do not spam" list (Score:5, Informative)

    by khallow (566160) on Wednesday October 31 2007, @01:58PM (#21187157)
    The largest lesson in emal spamming has been that they'll send spam to anything resembling an email. They don't care where it came from or how and why they got it. So as I see it the only value of a "do not spam" list is that it will contain a lot of active email addresses. That is gold to spammers and I think anyone who believes such a list will reduce spamming (rather than have the opposite effect) is sorely deluded.

    • Re:on a "do not spam" list (Score:4, Insightful)

      by kinko (82040) on Wednesday October 31 2007, @04:00PM (#21188749) Homepage
      Obviously such a list would not contain the actual addresses, but some type of checksum for each address. Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

  • (yawn) Yet another pre-defeated proposal (Score:5, Interesting)

    by Arrogant-Bastard (141720) on Wednesday October 31 2007, @02:02PM (#21187211)

    Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

    Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

    This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

    Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

  • This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

  • Kick me (Score:3, Insightful)

    by FranTaylor (164577) on Wednesday October 31 2007, @02:10PM (#21187307)
    This is the Internet equivalent of having a 'Kick Me' sign stuck to your back.

  • I do this already. (Score:3, Insightful)

    by sherriw (794536) on Wednesday October 31 2007, @02:22PM (#21187429)
    I already 'opt out' of website advertising - I add the advertiser to my do not advertise list. It's called adblock. It's gold.
  • They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

    I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

    U
  • that website owners pay for bandwidth since this would kill adsense, pretty much?

    The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

    It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online, there is no way to link a name to the observed browsing habits of a person unless ISPs get involved and connect IPs to names.
  • Cookies don't work, they'd have to be set for each site. IP address doesn't work, they change and are shared. And what exactly is it people are worried about in the first place? That's what I don't get here... how is your privacy being violated if they don't know who you are?

    If this is limited to advertising to people who are customers... that is, people who have some kind of relationship that would allow them to be identified... that would work. But it doesn't sound like that's what people are concerned about...
  • I recall when commercialism was just beginning on our early utopian internet. Now the net is largely garbage and advertising leaving people to assume that the net wouldn't exist without it... kinda like cable TV without commercials. I don't like it and we don't need it. But it isn't going away.

    But there should be some kind of W3C standard for web browsers and commercial web sites that could offer up a simple "dash board" that identifies a variety of characteristics about the sites users are browsing and
  • They want to keep track of the people who don't want to be tracked ... *blink*
  • The Do Not Call list was to prevent unsolicited calls.

    This, however, is saying, "Look, I want to go to your Web site and have you not track me." To which I think the valid response should be, "Well then, don't come to my Web site."

    The user is entirely in control. He initiates the actions, not the Web site. It's not as if he's running a program and the Web site suddenly shows up. And if it does, that's spyware/malware, not cookie tracking.

    I second the CookieSafe, Adblock and NoScript extensions. Once a user
  • Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

    It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

  • Tried and failed (Score:3, Informative)

    by uigrad_2000 (398500) on Wednesday October 31 2007, @05:04PM (#21189539) Homepage Journal
    There is already a policy like this, called P3P [wikipedia.org] (Platform for Privacy Preferences Project).

    P3P lets a create a all-encompassing privacy plan for their browser, and only websites that comply with particular levels of user privacy, and sign their sites as doing so, are able to set and read cookies in the way that the user specifies. The standard was created by W3C, and even had support initially from IE and Mozilla.

    The code for P3P in Mozilla sat untouched from 2003 until 2007, so they turned it off for a few releases to see if anyone would notice. When no one complained, they finally yanked it out [mozilla.org] of the firefox and seamonkey trunks.

    The vast majority of websites are never going to file one of these documents, since it is just a bunch of paperwork, and a setup for a lawsuit against yourself.

    My questions not answered by this article are:

    1. What does this new system have that P3P does not?
    2. Why is the FTC involved? Does the government have to control every aspect of our lives?
    3. Who is actually going to trust every website out there to abide by these controls? A company that signs and promises not to abuse your data, and then asks for extra privileges are the most likely to abuse it.
    4. If a website does abuse data that they promised not to, how will they be caught? Will they be tried in court as criminals? Copyright infringers are tried as criminals and we all know how that turned out.

    The Do not call registry works because it is tied phone numbers, which are static for users, and are the only gateway for phone communication between a user and a solicitor. There is no such vehicle for the internet. If the U.S. government wants to assign web browsing IDs for all users, then it could work. If that ever happens, I'm moving to Cambodia.

  • Why bother? (Score:3, Interesting)

    by ajs318 (655362) <sd_resp2@earthshod.c o . uk> on Wednesday October 31 2007, @05:59PM (#21190125)
    All you need is a local HTTP proxy server set to block known advertising servers, and a local DNS server set to point the target URLs of tracking scripts somewhere benign. If your proxy server strips out __utm* cookies, so much the better.

    Actually, screw local -- if you were an ISP with your own servers and the wherewithal to (re)sell ADSL, you could offer something like this as a paid-for service; and even give out CDs with a customised Firefox, preconfigured to use your proxy and DNS. I know people would gladly pay a premium for advert-free surfing -- after all, Sky Plus users pay for (what is effectively) advert-free television.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.