W3C Proposes Unified "Do Not Track" Privacy Standard

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

Wrong prioroties

[tomhudson]

Not tracking should be the default, and you should have to opt in to tracking.

Re:

[Luckyo]

Problem with this approach is that no one will respect it then, as it will present massive losses to advertisers to respect it.

Re:

[TheRaven64]

So you prosecute and fine the companies that do it until the losses from the fines exceed the profits from the tracking.

Re:

[Luckyo]

How do you "prosecute and fine" companies that don't adhere to standards? If we did that, microsoft would've been bankrupt for IE6.

Standards become standards not because they are mandated, but because they are both mandated and ACCEPTED. Purely mandated, unaccepted standards end up not used at all.

Re:

[TheRaven64]

By making tracking illegal under something like the EU's data protection directive.

Re:

[Luckyo]

So in other words, you don't as its impossible. You need completely new legislation for it.

Re:

[Fujisawa Sensei]

Would have been nice if M$ were bankrupted for IE6.

Re:

[LordLimecat]

Its a web standard, not a law. You set an incredibly dangerous precedent by letting w3c standards dictate law-- what if one day they set a standard that all browsers must conform to IE9's behavior?

Re:

[tomhudson]

as it will present massive losses to advertisers to respect it.

It depends on how opt-in is marketed.

It can represent massive SAVINGS to advertisers, since they won't be wasting time and energy on tracking people. So they'll go to the easier and cheaper "cost per view" model, where their ads are displayed w/o any tracking code. Of course, the companies who SELL the invasive advertising models (google, yahoo, microsoft, facebook) won't be happy, since that means less ad revenue. Tough!

Without user tr

Re:

[Luckyo]

You seem to think that people who do that stuff for a living are just as stupid about it as average person is about targeted marketing. I have bad news for you - people in that industry work for a living making tap water look worth buying at prices higher then gasoline just because they bottled it and ran an advertising campaign based on nothing but images with no concrete promises.

You seriously expect people like that to buy their own bullshit? They are the masters of it, and will see through your bullshit

Re:

[tomhudson]

You seem to think that people who do that stuff for a living are just as stupid about it as average person is about targeted marketing.

I don't confuse evil with stupid :-)

And it doesn't matter in the long run, because eventually both the laws and people's expectations will change, and targeted advertising will die.

understanding them for what they really represent - a massive decline in average consumers that will be seeing their ads, just as you conclude yourself.

That's happening anyway. As more brow

Re:

[Runaway1956]

The advertisers can't "lose" money by respecting a do-not-track policy. They can only "not make" money by doing so.

Re:

[zoloto]

So why don't advertisers track the way they used to? Just because it's available to spy on people doesn't mean it's right or legal to do so.

Re:

[Luckyo]

But it is. Whatever is not forbidden is allowed. That is one of the base tenets of our (Western) justice system. Law is waaaaay behind on this topic, as most of the ways to track people didn't exist a decade ago.

Re:

[kiwimate]

I agree 100%, and contend it should be the same for Google registering your AP SSID [slashdot.org].

Re:

[LordLimecat]

Enable it by default and noone will opt in. If noone opts in, noone will adopt or honor the standard (or else most websites will move to a paywall approach).

It HAS to be disabled by default.

Re:

[tomhudson]

or else most websites will move to a paywall approach

No - most websites would revert to display ads that don't include tracking. Those that can't sustain themselves on that will just thin the herd, making the rest more viable.

Re:

[TheInsaneSicilian]

It's there, it's always there, at the end of the website address line... the classic "reload" symbol... unless I'm misunderstanding what you're griping about not having access to?

Re:

[Anonymous Coward]

Assuming that you are actually wondering where they put it and aren't just bitching about the lack of customizability: they moved it to the URL bar.

Circled in red in the pic: http://i.imgur.com/Oz6mS.png [imgur.com]

Re:

[S.O.B.]

Look at the end of the location bar. When the refresh/reload button is immediately after the location bar it becomes part of the location bar. If you customize the toolbar and move it somewhere else it will revert to it's previous appearance.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Runaway1956]

I'm on Firefox 11. Guess what? There's a "Refresh" icon right there! It's on the right side of the address bar. Not to the right of the address bar, it's ON the address bar, on the right side.

And, seeing that I'm on FF 11 - WTF took you so long to download and install FF7? Is your internet THAT FUCKING SLOW?!?!?! Maybe you don't really need a browser, but a higher antenna for your television.

Noble ambition

[ackthpt]

Raise your hand if you think it will be fully adopted by Facebook.

And Microsoft will probably come up with their own standard...

Re:Noble ambition

[iluvcapra]

If they invite Microsoft to the ISO open document standardization meetings, it's only fair they invite Facebook and Google to the privacy standardization meetings.

Re:

[ackthpt]

If they invite Microsoft to the ISO open document standardization meetings, it's only fair they invite Facebook and Google to the privacy standardization meetings.

Participation is no guarantee of full adoption. We've seen it happen before.

Re:

[Billly Gates]

Or IE will follow that 100%. ... but Windows will track it and watch what you type instead and report it to Bing :-)

Re:

[iluvcapra]

Whoosh. Forget adoption, it'll require Herculean effort to keep the usual suspects from torpedoing the whole proposition.

Watch for the press release: "We were working with the committee to make sure our customers needs were met and that a balance was found between privacy and ease-of-use but ultimately we felt we had to abandon the effort because the standard was unworkable (because of our poison-pill amendment, bwa ha ha!)"

Re:Noble ambition

[Anonymous Coward]

You obviously don't realize that it was Microsoft who first submitted a Do Not Track proposal to the W3C, earlier this year.

http://threatpost.com/en_us/blogs/microsoft-submits-tracking-protection-proposal-w3c-022511
http://www.w3.org/Submission/2011/SUBM-web-tracking-protection-20110224/

The Microsoft specification/method doesn't require to cooperation of publishers and doesn't rely on the behaving properly - unlike the methods implemented in Firefox and Chrome do, which therefore are practically useless against ill-behaving advertisers who do not honor the user's wishes regarding privacy.

Re:

[lvxferre]

It's interesting to Microsoft to kill tracking, since it's what their biggest rival - Google - uses for generate revenue, and MS's income comes from their [dubious quality] OS and office suite.

Re:

[TheRaven64]

Exactly. In this case, Microsoft's incentives line up with the general public's, so there's a good chance that their standard will do what we actually want. FireFox and Chrome get most of their funding from Google, so they've got an incentive to appear to be acting in consumers' favour without actually making tracking too difficult. Apple probably just doesn't care - Safari isn't a profit centre for them.

Re:

[ygslash]

The Microsoft specification/method doesn't require to cooperation of publishers and doesn't rely on the behaving properly - unlike the methods implemented in Firefox and Chrome do, which therefore are practically useless against ill-behaving advertisers who do not honor the user's wishes regarding privacy.

It doesn't really matter. Either way, in the best case they'll spend a huge amount of man hours on developing a standard, everyone will adopt it, and no one will use it. Because you won't get the functionality you need on any significant site when Do-Not-Track is enabled.

Yea, this will . . . .

[bogidu]

work as well as that 'Do Not Call' list.

Re:

[masternerdguy]

And this has affiliations with those damn "pinko commie open source fascists" (I've heard this). It's doomed.

Re:Yea, this will . . . .

[EdIII]

You can't compare the two.

Telemarketers (Debt Collectors are not bound by it) are required to show proof that they checked the number against the list within 14 days of contact. If they cannot, and they made contact, it is a 50k USD fine the last time I checked per infraction .

Of course, the only way the FTC knows about it is complaints. What does the FTC have? Phone records. Everything they need to assess the fine, and they love to do it.

This is completely different, and completely retarded, if it has no such teeth. How does the consumer even know to complain in the first place?

The consumer does not know:

- What information I am storing server side in my databases.
- If I am even processing the privacy requests in the first place. That's all new code. Once that standard is in place I will have to go back to every website I am responsible for and enact the new policies.
- If, and when, I sold the information to 3rd parties.
- If, and when, I was hacked and the information copied. Unless new laws mandate disclosure.
- If, and when, affiliates were provided the information.

It is kind of hard to compare the two together. This new standard puts an awful lot of responsibility on website developers and owners, of which many, are ill equipped to comply with new standards like this immediately. There is a significant percentage that will not even upgrade to a new web server capable of processing the requests.

What about foreign web servers? At least the FTC can nail telemarketers in the US regardless of where the call came from as long as the profit was made in the US.

Re:

[HopefulIntern]

Telemarketers (Debt Collectors are not bound by it) are required to show proof that they checked the number against the list within 14 days of contact. If they cannot, and they made contact, it is a 50k USD fine the last time I checked per infraction .

I had a heated discussion about this the other day (some soulless prick [read:telemarketer] on reddit doing an AMA) and as it turns out, "surveys" and "research questionnaires" are exempt from the DNC list in both the US and the UK. All they have to do is shape the call in the form of some stupid questions and they can advertise to you all they like by cold calling. They also will continue to call unless you say "Please take me off the list" in those exact words and with no variation. "Please stop calling

Can we get one...

[Anonymous Coward]

...for use without a computer?

It's about loopholes, adherence and enforcement

[the eric conspiracy]

Similar issue to do not call. Then politicians exempt themselves and you get swamped with very obnoxious robocalls with fake caller IDs before election day.

And then there are the agencies who just ignore the thing.

And then the enforcement is lax.

Thanks, but I'll use my own tricks too.

Re:It's about loopholes, adherence and enforcement

[betterunixthanunix]

And then the enforcement is lax.

Enforcement by whom? This is just a standard by W3C, and it is a weak one at that. If you fail to produce compliant HTML, your web page might not render correctly; if you fail to follow this standard, nobody will notice.

Privacy is not something that a standard can guarantee you.

Re:

[mark_elf]

W3C Police. Sounds good to me.

Re:

[awshidahak]

W3C Police. Sounds good to me.

Sounds good to me as well.

Re:

[PwnzerDragoon]

Wouldn't work. Every time they'd get sent out on a call, they would have to spend three years deciding the most efficient route first.

Re:

[causality]

And then the enforcement is lax.

Enforcement by whom? This is just a standard by W3C, and it is a weak one at that. If you fail to produce compliant HTML, your web page might not render correctly; if you fail to follow this standard, nobody will notice. Privacy is not something that a standard can guarantee you.

I hope this doesn't work out the same way anti-telemarketer devices did prior to the Do-Not-Call List.

Anyone remember those? They used various tones and other tricks to try to convince the telemarketers' auto-dialers that the number was invalid or not in service. How did the telemarketers respond? Did they take the hint that they were not wanted and focus their efforts on people who might be more willing to entertain their sales pitches? No. They interpreted that as "those people must be using those

Re:

[Raenex]

One favorite was to sound interested and then ask for their own personal telephone number. When they inevitably refused, I'd say something like "what's wrong, you don't like having strangers bother you at home?"

I played a few of those games too, but ultimately decided it was taking more of my time than I wanted. So instead, as soon as the person went into their pitch, I would just leave the phone off the hook, thereby wasting their time and not mine.

Re:

[PerfectionLost]

One favorite was to sound interested and then ask for their own personal telephone number. When they inevitably refused, I'd say something like "what's wrong, you don't like having strangers bother you at home?"

I played a few of those games too, but ultimately decided it was taking more of my time than I wanted. So instead, as soon as the person went into their pitch, I would just leave the phone off the hook, thereby wasting their time and not mine.

I'd play the game with the opening, "Oh he's dead." Which usually draws an immediate silence, and them taking the note to not call that number again.

Re:

[the eric conspiracy]

It did say Federal Trade Commission was part of this.

Re:

[adolf]

It did say Federal Trade Commission was part of this.

Did it say which side they're on?

Pre-emptive "What about Apple?" response

[93 Escort Wagon]

I cheated and read the article.

Apple is part of the working group (along with Microsoft, Facebook, et. al.); but listing IBM's participation was deemed more important by the submitter, kierny.

Like that will happen

[Billly Gates]

It is not like 2 of the biggest search engines also have their own respective browsers, where the companies have a vested interest in tracking typing, mouse clicks, and other online behaviors to advertise or anything.

Re:

[93 Escort Wagon]

It is not like 2 of the biggest search engines also have their own respective browsers, where the companies have a vested interest in tracking typing, mouse clicks, and other online behaviors to advertise or anything.

Nonsense. Google has already said it will honor your preference - all you have to do is add "_do_not_track" to your individual email account name - for example "billy.west_do_not_track@planex.com".

Usually I post the whole text

[symbolset]

But this isn't technically email, though the principle is the same. You only get a Link [craphound.com].

Your post advocates a ( ) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

...

not quite do not track- more like pretend not to

[Tyrannosaur]

" Possible exemption for aggregate analytics ISSUE-22: Still have "operational use" of data (auditing of where ads are shown, impression tracking, etc.) ISSUE-23: Possible exemption for analytics ISSUE-73: In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract ISSUE-24: Possible exemption for fraud detection and defense ISSUE-25: Possible exemption for research purposes ISSUE-28: Exception for mandatory legal process ISSUE-75: How do compa

Re:

[tomhudson]

It's because they don't want you to track what THEY are doing.

Calling this "do not track" is like ... well, like pretty much all those other misnamed initiatives.

Eventually, we'll all just have to set up a random generator that routes all over the place, uses auto-generated bogus email accounts, and randomly clicks on tons of ads - when it gets to the point that invasive targeted ads are worse than plain display ads with no tracking, they'll drop the tracking.

When?

[ukoda]

So when they say "summer 2012" do they mean Jan/Feb 2012 or Nov/Dev 2012?

Re:

[webnut77]

So when they say "summer 2012" do they mean Jan/Feb 2012 or Nov/Dev 2012?

You live on the bottom side of the earth, don't you? How come you guys don't fall off?

Re:

[ukoda]

Bottom? I'm in New Zealand. We don't fall off because we are on the top. The Earth obversely spins clockwise so therefore South Pole is on the top. It's all explained at http://en.wikipedia.org/wiki/Reversed_map [wikipedia.org]

Re:

[webnut77]

So, does the sun rise in the West or does you day progress from evening 'til morning?

Re:

[ukoda]

Now you just being silly! Of course it rises in the East tracking from left to right across the sky/map to set in the West. Logical when you think about it, same direction most of us write.

Re:

[webnut77]

tracking from left to right across the sky/map

Wait, I confused. I'm facing West; from left to right? Ah, forgot: this is summer 2012.

Re:

[ukoda]

It would help if you look at the Wikipedia link in my earlier posting, When you use a corrected map with the South Pole at the top you will find the East is on your left. With summer pretty much started here and straddling the New Year it is unclear if it should be called the Summer of 2011 or 2012? Doesn't the W in W3C stand for World? So using a season for a time frame is ambiguous. Not as bad as saying 'Fall' which has to be translated from American to the English 'Autumn' then possibly reversed to

Re:

[TheRaven64]

From your link:

A reversed map, also known as an Upside-Down map

I think it's pretty clear that everyone knows you're drawing the map upside down...

Re:

[psiclops]

we used to spray all of the floors with glue. but as they would inevitably lose their stickiness and we had to keep re-spraying we eventually decided it would be a whole lot easier to just put glue on the bottom of our shoes. so this is what we do now.

i'm personally trying to come up with some sort of velcro solution at the moment. it's not going as well as i'd hoped :(

Re:

[webnut77]

I imagine them kangaroos don't take kindly to being hog tied while you apply the glue?

Re:

[MysteriousPreacher]

It must be cool living in the future. The 4:15 at Chepstow will be run hours earlier for you than it is for us. Get yourself to the bookies and make a fortune!

Evil bit?

[Anonymous Coward]

RFC 3514 [ietf.org] was meant as a joke. This time it looks like people are discussing it for real. Let's go ahead and add a "Captain Justice" HTTP header that would command all the bad guys to immediately stop being evil.

Good luck with that

[Hsien-Ko]

Those europe and asia-based trackers will still obsess over you.

I'm looking at you, eXtreme-Nosing.

Do Not Want

[Anonymous Coward]

Of course all the major companies want this feature. That way, they can code their websites to be completely disabled if they detect you don't allow tracking. It won't say disabled, but agree to this for a vastly improved experience. You'll be 'forced' to agree to them tracking you to view their site and now, in theory, they have your legal permission to do whatever with whatever they can get from you. Similar to agreeing to TOCs before using a website, but now it's transparent for all normal users (bro

"Please don't be evil" bit

[Anonymous Coward]

Isn't this sort of thing just a variation on the "evil bit" (http://tools.ietf.org/html/rfc3514)?

Re:

[mwvdlee]

This makes the bit a tristate one; "evil", "not evil" and "don't blame us; you didn't ask".

I'm guessing the most common use-case for this feature will be "track user" and "track user but try to hide it".

Hardly news

[Flarston Marston]

DNT has been around for ages

Why opt-out?

[Tom]

Opt-out is cashing in on the users who are lazy or don't get it.

Like spam, any solution short of opt-in won't solve anything.

Obligatory xkcd

[Anonymous Coward]

http://xkcd.com/927/

Just more entropy

[Ramin_HAL9001]

Oh great, attach more bits of entropy to your browser's set of environment variables that can uniquely identify you to malicious web applications.

The best way not to be tracked is to make your browser spoof the default configurations of very common browsers like Firefox or Internet Explorer, and then switch randomly between which profiles it spoofs as you navigate from site to site.

Help confine phishing to a smaller group

[MysteriousPreacher]

Have an "I will open strange attachments and will share my personal details to anyone who asks" list. Spam will drastically decline if the scammers have a single list they can target. Companies can prevent a lot of fraud by refusing to provide accounts to anyone on the list. I'm pretty sure the people who need to be on such a list won't volunteer. Easy solution, send them an email asking them to provide their bank details to prizeadminstraton@dutchinternationallotery.econohosting.cn in order to collect thei

Google, Facebook, IBM, Mozilla, Microsoft

[Tolkien]

A fox is now guarding this particular hen-house, how novel.