Study: Ad Networks Not Honoring Do-Not-Track

itwbennett writes "According to a new study from Stanford University's Center for Internet Society, almost half of the Network Advertising Initiative (NAI) members that Stanford studied left tracking cookies in place after a Web user opted out of targeted ads. NAI's executive director said that with no consensus on what do-not-track means, ad networks continue to gather data for business reasons other than providing targeted advertising. 'Under the NAI self-regulatory code, companies commit to providing an opt out to the use of online data for online behavioral advertising purposes,' Curran said. 'But the NAI code also recognizes that companies sometimes need to continue to collect data for operational reasons that are separate from ad targeting based on a user's online behavior.'"

But self regulation works !!!

[unity100]

And the 'invisible hand' will always be watching our back.... or is it ...

Re:But self regulation works !!!

[Attila Dimedici]

Unlike the government the 'invisible hand' is not watching our back. Of course, the reason the government is watching our back is because it is looking for an opportune time to stick a knife in it.

Re:But self regulation works !!!

[jazman_777]

The government will stab you in the back. Globalist multinationals will stab you in the front. It's a two-headed monster.

Shocked!

[AliasMarlowe]

I am shocked, shocked, I tell you, to discover that "do not track" preferences are being ignored.
It's almost as if the trackers actually wanted to track you...

Remember to flush your cookies regularly in every browser you use, and to use a different browser for financial stuff (including purchases) than for regular browsing. And don't get me started about BaseFuck (or was it FaceBook).

Re:

[Midnight Thunder]

Indeed, the 'invisible hand' is more interested in what we have in our pockets.

Re:

[imric]

ROFL - don't you understand? When the market is abused, the invisible hand DOES correct things... Through government regulation. That's what capitalism in a democracy (even in a Republican Democracy like ours - the level of abstraction just creates 'lag' - though that lag IS painful) is all about. The error most who call themselves 'Libertarian' make nowadays is considering government to be separate from markets; that regulations maliciously spring from nowhere simply to server politicians who are never

Re:But self regulation works !!!

[Attila Dimedici]

My experience has been that most new government regulation is designed to "fix" problems that were created by government regulation in the first place. When the market has been abused (almost always the result of government regulations), it results in government regulations that make the market even more susceptible to abuse.
It has gotten to bad that the current administration has the guts to call for new laws and regulations to "fix" a problem that was created by them actively not enforcing current laws and regulations (look into "Operation Fast & Furious").

Re:

[imric]

No. Simply no. Government regulations may fix older regulations, true. The market is both complex and dynamic, and the 'invisible hand' doesn't come down like a hammer and pin things in one place, forever. If that was the way things worked, 'gaming the system' be even worse than it is normally.

As to your example, that is an example of government social engineering, NOT economic (save of course, black-market economics). The 'invisible hand' is a part of free-market, economic dogma, not religious or soci

Re:

[Attila Dimedici]

The problem with your theory is that regulations stifles competition rather than preserve it. Regulation creates another barrier to entry, thus providing one more protection for the incumbent in any particular business.

Re:

[Outlander Engine]

Regulation stifling competition is a soundbite, not a fact.

Or do you prefer to having mercury spread by coal fired power plants or lead paint all over your house?

If the new regulation erects a barrier so high that new business cannot compete using the existing process, then usually an entirely new way of doing things will overturn the monopoly.

Re:

[Attila Dimedici]

Some regulations may be necessary, but all regulations make it harder to compete in that particular industry.

Re:

[Barefoot Monkey]

Some regulations may be necessary, but all regulations make it harder to compete in that particular industry.

False. Counterexample: rules against anticompetitive practices make it easier to compete - that's the reason such regulations exist, after all.

Re:

[Attila Dimedici]

Give me a specific example. Define "anticompetitive practices". You have declared that a theoretical group of regulations make it easier to compete. I say that in the real world, it does not work out that way. I know of no monopolies that exist that were not created by government regulation.

Re:

[ohnocitizen]

most new government regulations are designed to "fix" problems that were created by lack of government regulation. When the market has been abused (almost always the result of a lack of government regulation), it results in reactions from businesses and government alike that make the market even more susceptible to abuse.

Fixed that for you.

Re:

[Attila Dimedici]

You go right on believing that and politicians will go right on taking away your rights to "fix" problems that they created.

Re:

[ohnocitizen]

You seem to think private industry and the "free market" will solve problems, and that it is the government alone creating them. We as citizens need to keep pressure on both politicians and corporations to behave in a civilized manner, because without oversight both have proven time and again the potential for abuse.

Re:

[ohnocitizen]

As I'm sure you will go on believe corporations will save us, helping politicians cede ever more ground to them. Do you not see their growing power, or do you not care? Look to the RIAA and MPAA, or BP for examples of how corporations act when might makes right. Politicians, however corrupt they are (and I don't dispute at all that they are), are *supposed* to represent us. Let's get that back!

Re:

[Attila Dimedici]

No, It don't believe corporations will save us. I have noted that as people like you have demanded more regulations to rein in the power of corporations, corporations have become more powerful. Then I looked at what happens when the government creates new regulations and I discovered that whenever the government creates new regulations in an industry it is always followed by a consolidation in that industry with there being fewer, bigger corporations each with more power in whatever industry these regulatio

Re:

[Anonymous Coward]

As opposed to right-wing tactics: first, create a problem; then, don't fix it.

Re:

[halivar]

AdBlock Plus, and browsers with cookie whitelists. That's your invisible hand. Unless you meant something else, in which case you'll need to sit on your hand in a comfy chair for about 2-3 minutes...

Re:

[idontgno]

AdBlock Plus, and browsers with cookie whitelists. That's your invisible hand

Exactly. My ABP invisible hand is displaying the universal greeting [wikipedia.org] to those advertising leeches.

Re:

[obergfellja]

bubbah! grab my tin hat, we've got some ideas to share!

Re:

[Jawnn]

And the 'invisible hand' will always be watching our back.... or is it ...

...applying the lubricant between our blithely parted cheeks? Yeah. Pretty much.

Re:

[ObsessiveMathsFreak]

Well, it has to keep an eye on your back in order to stab the knife in correctly.

Re:

[gstoddart]

And the 'invisible hand' will always be watching our back.... or is it ...

Oh, it's watching ... but it plans on stealing your wallet.

The 'invisible hand' doesn't do what its worshipers claim it does ... the only question is if they know that, or are still deluding themselves that it works.

Re:

[tixxit]

Honestly, I don't use an ad blocker as, mostly, ads don't bother me and I understand their need. However, I'd not feel so bad about installing an ad blocker that only blocks ad agencies known to not honour the do-not-track header.

Adblock, Cookie Monster, Better Privacy

[Nursie]

These are three things I like.

You can probably still track me if I visit you site, but I'm damned if I'm going to help you.

Re:

[sphealey]

Throw TrackMeNot in there too to confuse the sniffers installed at your ISP.

sPh

Re:

[al0ha]

Add Request Policy and NoScript to that list and cross domain pixel tracking will cease as well.

Of course there is always browser footprinting, so do not, for one minute, think that your activities can not be tracked regardless of what you do unless you also go about dynamically changing the data your browser sends with HTTP requests; but adding these simple helpers ups the game a little at least.

Re:

[Bob the Super Hamste]

Sounds like a new Firefox add on that will randomly generate this data with each request is needed.

Re:

[Em Adespoton]

Toss in TACO [abine.com] for good measure

Why is that weird?

[NoNonAlphaCharsHere]

I always assumed that when I checked the "Do Not Track" box, they set a special cookie.

Re:

[i.r.id10t]

I figure that too, which is why I point ad servers (especially slow ones!) to 0.0.0.0 or 127.0.0.1 in my hosts file.

Re:

[NoNonAlphaCharsHere]

Damn! I knew I should have ended that with a winky emoticon ;-)

To your point, it's best to be running a local Apache returning 404 Not Found if you're using hosts to block certain sites. Avoids timeouts. I find Adblock Plus does a faster job.

Re:

[the_B0fh]

wouldn't the local apache serving a single transparent pixel as a 404 be a better idea?

Re:

[NoNonAlphaCharsHere]

That's not a bad idea. My point was to send a response of some kind back, rather than just simply not answering. Your way probably involves sending fewer bytes.

Re:

[i.r.id10t]

Nah when I have apache installed locally instead of ads I get a bunch of porn ...

Re:

[X0563511]

If 127.0.0.1:80 is timing out, your network stack (or firewall implementation) is fucked.

You should be getting back (immediately) an ICMP Connection Refused. This should actually be /faster/ than a proper HTTP response.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

My 80,000+ line custom hosts file approves. Thats my opt out. I never contact your site again. Ever. I don't exist to them anymore.

I can't stand to use the internet on machines that are not mine anymore. It's amazing how many ads, tracking, stats, and plain ol GARBAGE being loaded there is on most pages.. And at home i don't see any of it. Pages load much quicker. Layout is much cleaner. Bandwidth is saved as well.

hosts file + noscript + flashblock = Internet looks and works pretty damm smooth.

Som

Re:

[arth1]

0.0 and 127.1 are bad if you run a local web server.

If you want an error, or run a special-purpose web server that only returns blanks, set it to 127.2 instead.

Re:

[Midnight Thunder]

The browser may ask the server to do something, but it doesn't mean the server will honour the request.

If you don't want to be tracked, then you need to do it yourself, instead of trusting those 'honourable' marketing people.

Slashdot Ads

[AdamInParadise]

Is it just me or did /. disabled the option to hide the ads for people with good Karma?

Re:

[Flyerman]

Just you.

Re:

[Aladrin]

It's still up there for me.

Re:

[danaris]

Ads reappeared for me the other day, too. I wasn't sure whether it was because my karma slipped below an invisible threshold or because they'd removed the option—particularly since they never explained why I got the option, or why, 2-3 times, it randomly turned itself off and had to be re-checked.

Dan Aris

Re:

[cpicon92]

It's just you. I still have the option on the upper right of this page.

Re:Slashdot Ads

[Talderas]

It's still there but even with it checked I still keep seeing slashvertisements for Bitcoin. It must be broken.

Re:

[Pop69]

It's still there for me, your karma must just be shit

Re:

[Runaway1956]

This question seems ironic, in light of the discussion that it is found in. Aren't we "techies"? Aren't we discussing anti-tracking, and along the way, advertising? I don't SEE advertisements at slashdot - and I've never bothered to "disable advertisements" due to my karma.

The Geek Police will probably be along shortly to revoke your card . . .

Isn't that a surprise...

[madhatter256]

Not surprised at all. Look at how effective the "do not call" list has been?

It works for the most part, but the information is still available and for sale for scrupulous telemarketers.

Not surprised that this "do not track" can easily be worked around.

Re:

[AuMatar]

Seeing as I haven't had a telemarketer calling in most of a decade, it worked pretty damn well. Of course, that has federal law backing it.

Re:

[drpimp]

Same holds true for those "No soliciting" signs.

Didn't Expect Much, Didn't Get Much

[Gr33nJ3ll0]

I checked the "Do Not Track" checkmark, and honestly didn't expect ANY of the advertisers to respect the completely voluntary setting. The fact that any of them, let alone 50% are actually respecting it is a big improvement.

Re:

[mlts]

I would actually be astounded if they actually honored it. However, because there are no laws (unlike the do not call list), the cookies, LSOs, and "ever-cookie" stuff still persists.

This makes me glad for not just AdBlock, and BetterPrivacy, but for sandboxie so anything that gets missed will get completely deleted once the browsing session is done.

This can't be right!

[karmicoder]

I, for one, am SHOCKED that ad networks aren't honoring my polite request not to make money off of me. I'm also puzzled that I continue to get emails about Viagra after dutifully clicking on the "opt-out" link in those e-mails. I should write a letter to my congressional representatives. They'll listen!

Justification for Adblock et al

[CelticWhisper]

For those people who tried to argue against Adblock and other tools to help users control how their information is used and how their browsing experience plays out, this should take the wind out of their sails at least a little. Browser developers and advertising companies came up with a standard for not tracking the users who don't want to be tracked and the ad companies promptly turned around and fucked those users over. Why should we respect the wishes of marketers who don't want us blocking ads now?

Re:Justification for Adblock et al

[maxume]

There is no need to justify Adblock or the like, an http request is just a request for some information, it is not a promise to treat that information in a certain way.

Re:

[CelticWhisper]

Only now, it's tit-for-tat at worst because the ad providers have demonstrated that they cannot be trusted to be honest and respect people's wishes for privacy. For those sites that users really want to support, there are targeted whitelist rules or simple old-fashioned donations.

Re:

[improfane]

I see this argument parroted everywhere. It's very flawed. You assume that your content is worth the adverts. It is not.

It's up to me what my computer downloads. The cost in bandwidth, my time waiting for websites, tracking and potential for malware is not worth the adverts.

Flash

[tepples]

How about using Flashblock?

Then the site will just stop using HTML technologies and present itself as a Flash app (and possibly as an iPhone and iPad app if there is demand). That way, unblocking the site in Flashblock will unblock the ads.

Re:

[npsimons]

For those people who tried to argue against Adblock and other tools to help users control how their information is used and how their browsing experience plays out, this should take the wind out of their sails at least a little.

Those people arguing against AdBlock, et al had no wind to begin with. It's MY computer, I decide what runs on it. If they don't like people copying their data without paying for it, perhaps they should have considered that before they posted that data on the public Internet, tha

Require interaction with the ad first

[tepples]

If they don't like people copying their data without paying for it, perhaps they should have considered that before they posted that data on the public Internet

Then the providers of advertising-supported works could escalate it by requiring the user to interact with an ad before the user receives a token that allows decryption and display of the work.

Re:

[LWATCDR]

http://.trafficmp./ [.trafficmp.]
Fixed that for you.
Well if you have Adblock.

Delete'em

[sphealey]

Better Privacy + Cookie Monster + separate browser just for Facebook. Seems to do a fairly good job in total.

sPh

Re:

[zero0ne]

amen to that.

I hadn't logged into Facebook for something like 6 months, and the changes that happen to sites when they see you as a logged on Facebook user is astounding... and annoying!

A separate browser isn't a bad idea.

Re:

[Artraze]

Rather than a separate browser, you can use Firefox's profiles. It's easy to do: just set you firefox shortcut to "firefox -no-remote -ProfileManager" (works on Windows and Linux). Separate profiles are, as best as I can tell, completely independent. They have separate caches, extensions, and of course cookies, bookmarks history, etc.

Keep in mind that plugins (Flash!, Java, etc) have permissions outside the browser, so absent of disabling them or using something flashblock the profiles can still be linke

Re:

[mdm42]

$ sudo echo "127.0.0.21 facebook.com" >>/etc/hosts

There ya go...

Confusing NAI with DNT...

[Anonymous Coward]

The NAI opt out has little to do with DoNotTrack. I do agree though that how cookies are supposed to be handled via DoNotTrack are unclear based on the standard. When working on an implementation of it, my company decided to actually put a cookie on any machine that has the DNT flag set. This cookie contains no tracking data and is ignored by our servers, but the consensus was that when opting out users have been trained to look for the presence of an opt-out cookie and so not putting one there may be co

Actually better than I feared

[danaris]

"Almost half"? I would have expected the number of ad networks ignoring do-not-track to be closer to 80%.

This indicates that more than half are honoring it, which is, IMHO, quite a victory for our side.

Dan Aris

Re:

[Translation Error]

Sounds like quite the Pyrrhic victory to me. Sure, it's a nice surprise that half the ad networks are honoring it, but unless the vast majority of them do, I don't see how the flag is actually useful in practice.

Re:

[ceoyoyo]

Half of them were dumb enough to get caught.

I expect pretty much 100% of them are still tracking, but some of them are a little bit better at it.

Re:

[praxis]

I though from the context of a do-not-track mechanism, "our side" was pretty clearly referring to those that do not wish to be tracked. I'm not sure why you'd think it means the average consumer.

They need a TSA

[ChilyWily]

That is a "Trusted Shopping Associate" - if only people registered then they could opt-out you see. oh wait.

integrity

[Anonymous Coward]

Ah yes, we all know the advertising market is full of honesty and integrity...

Re:integrity

[TwinkieStix]

I work as a software engineer for an affiliate networking advertising company. Our business wouldn't exist if we couldn't track a click from a publisher (affiliate, like a deal blog or a search engine) to an advertiser (merchant, somebody selling stuff). I am extremely familiar with how we handle customer data, and we have no use for it. Our tracking technology aggregates the majority of the information related to sales fairly early on in the data pipeline and discards a lot of it after a relatively short time (hours). We have external and internal auditors that check up on the methods we use to clean personally identifiable information (PII, as they always call it). Even something as relatively benign as our own client's e-mail addresses are secure. When it comes to the likes of our actual advertisements, our company culture is nearing paranoia about NOT storing PII because even an accidental leak would reflect poorly on our clients and be devastating to our business. I really hope the other advertising companies see the risk of collecting this information as expensive as we do and take as much effort to avoid letting it be traceable back to individuals.

I have to say this: the opinions and statements are my own and not those of my company in any way.

Well, duh

[GreatBunzinni]

Who in their right mind expected that if you give anyone full control over a lucrative resource and then tell them not to use it although you have absolutely no power to enforce your demand that they would respect your request? I mean, not even your kids respect anything you say that goes against their will if there isn't a consequence for their infraction.

Not surprised

[bragr]

Data is how these companies make money. No one wants to buy ads if the ad company can't tell their clients how many views and unique views the ads are getting. Data is their lifeblood and they aren't going to stop because we asked nicely.

Re:

[lawnboy5-O]

Data is uber primo facto and all things important. Its the package.

I witnessed the printing/advertising/publishing industry evolve into a variable data and targeted-intended-onslaught-beyond-your-privacy advertising nightmare...

and you think Murdoch has problems.

They know your neighbor's last big purchase and sent you swag based on your sex, income, (very) local community, religious beliefs, to see if you want to purchase the same thing... and they know so much more - its an indoctrination into co

Re:

[bragr]

On the up side, advertising companies have stopped sending me bras.

One way to give them an incentive?

[anilg]

So I have an idea that could possibly work? What if we could give an incentive to the ad networks to honor it?

The gist is Adblock/etc, band up and agree that they will by default only block networks that do not adhere to DNT (this would be the default option on first install, users who want more can change this option to say "everything"). By doing this, adnetworks who do follow DNT will rach a tiny (but growing) surge of users they would not otherwise. Not to mention some good karma.

Re:

[bragr]

The grand majority of users are morons who probably don't even know about adblock. Firefox wouldn't include it for political reasons, and google and microsoft probably couldn't for anti-trust reasons. Not going to happen.

well duh

[circletimessquare]

"Hi, we would like you to voluntarily limit your sources of revenue by not giving your customers, advertisers, the tracking options that they want."

doesn't work folks

sorry, the market doesn't regulate itself in some respects. mostly in those respects that involve moral behavior. you need regulation and enforcement for that

Re:

[JesseMcDonald]

Exactly. The market will not help you curtail others' natural rights to suit your own "moral" code. That sort of thing requires organized, "legitimized" aggression, i.e. a government.

Re:

[circletimessquare]

i especially like the part where random assholes define for themselves what their natural rights are. these "natural rights" often run roughshop over other people's actual natural rights

you need government because on their own, people act irresponsibly. doesn't even have to be menace involved, just abject stupidity usually suffices for irresponsible behavior

Re:

[0123456]

you need government because on their own, people act irresponsibly. doesn't even have to be menace involved, just abject stupidity usually suffices for irresponsible behavior

If people are irresponsible and stupid, how do you improve that by giving guns to those people and telling them they won't be punished if they use them?

Re:well duh

[circletimessquare]

capitalism promotes maximal market function, which results in maximum financial yields. this is good. capitalism will also happily market baby organ donation and human slavery as well. this is bad

pure capitalism then is a form of evil. capitalism is a great beast. it must be harnessed and yoked and it must be controlled and it must be tightly curtailed. or it will run roughshod over your society

having said all this, noncapitalistic societies are doomed to grinding poverty. so you NEED capitalism. you just need to keep the great beast harnessed under a strong yoke

Of course.

[liquidweaver]

People respond to incentives. You cannot just ask someone to do something. I'm not sure why it continues to be a surprise when someone does/doesn't do something, when they have no incentive to change their behavior. We've been wired this way since the beginning - shouldn't this be obvious?

Re:

[Bob the Super Hamste]

I propose pulling a Milton form office space then.

Re:

[jfruhlinger]

Self-regulation can be a response to incentives, actually; one of the incentives is to not have regulations imposed by the government. The history of movie ratings in the U.S. -- first the Hayes Code, and then the current rating system we have now -- are examples of industry self-regulation that was designed to stave off government censorship. Technically you don't have to have your movie rated by the MPAA, but since virtually everyone in the film business participates in the system, it's difficult if not

I am shocked, SHOCKED!!!

[sconeu]

Who'd have thought that ad networks wouldn't give up their source of revenue?

You have shaken my worldview to its core

[bigsexyjoe]

This is so thoroughly at odds with everything I know and understand of this world that I am now in a horrible existential crisis. I will time to deal with this.

I have little to no faith in that

[amn108]

I don't get all the hype with the Do-Not-Track, because from the beginning, I had zero faith in the method. Frankly, it's almost funny to read this now, when I knew this to be exactly what would happen. If not worse.

I mean, do you trust in a sign you'd put up on your front door, saying "Do not rob"? Thought so.

On Internet anno 2011, in the world we live in, with the kind of overpopulation and hunt for resources and money, the kiddie stuff that is "Do not track" does not work, at least not for your common greyzone law hustlers. The thinking needs to go in to other places, like a comfortable cookie policy that can also communicate to and from the user. So that people save some cookies they want, and reject the others. I could go on and on, but it's not really that hard, but I am surprised this "Do not track" thing has gotten so far off the ground. One would think it'd die in infancy, like all the other obviously lousier ideas.

Flawed study

[rgviza]

As an HTTP expert (16 years working with the protocol at a low level, often writing code to use the protocol directly through socket connections) and programming professional, his results raised two flags for me after reading his methodology.

He stated that he only reloaded the browser after opting out. Non persistent cookies don't get deleted until you completely kill every process for a given browser because they share cookies across browser processes. Simply shutting one of the tabs off or closing one bro

Advertisers dishonest? Amazing!

[straponego]

Their entire purpose in life is to lie and cheat in order to make money. Anybody who expect voluntary ethical behaviour from a marketer doesn't know marketers. And don't talk to me about the mythical wise, long-term thinking marketers.

The hell you say.

[Snodgrass]

No further comment necessary.

adsuck and xxxterm

[fialar]

There's a very simple solution to this. Just download & install xxxterm and adsuck. Those scumsucking advertisers won't be able to track you anymore.

http://opensource.conformal.com/wiki/Adsuck [conformal.com]
http://opensource.conformal.com/wiki/XXXTerm [conformal.com]

Re:

[Anonymous Coward]

Just absolutely shocked.

Me too! We all know that businesses never lie, are always out for the interests of the public, and are always good citizens of society. Just look at the cigarette companies with their honesty about their product, the pharmaceutical companies and their complete disclosure about their drugs and their complete lack of political pressure on the FDA, the banks and how they were completely up front with the Fed and Congress about their operations regarding the financial meltdown, every company on Wall Street that

Re:

[bonch]

A corporation made the computer you used to type that. Your anti-business tirade is every generic, stereotypical dorm-room philosophy that's ever been written.

Re:

[mmcuh]

We obviously need to be more clear. I'm making my browser send the X-Do-Not-Fucking-Track-Me-Motherfucker header.