An Overview of the Do Not Track Debate 108
jonathanmayer writes "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. Quoting: 'With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?' The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."
nice summary, shite website (Score:3, Informative)
you want me to read about privacy on a website with no less than 4 web bugs and tracking code up the wazoo, not to mention all their shitty adverts
get off my web
Re: (Score:2)
I Am Constantly Amazed (Score:2)
Legislate "Do Not Track". Period. Done. End of story, end of problems. Those who make their living from tracking the comings and goings of other, innocent and unknowing people, can go suck eggs. I have no sympathy.
None.
Re: (Score:2)
An Expanding Internet (Score:2)
As I remember it, things were expanding quite quickly even before every little click was tracked. I imagine things might slow down with Do-Not-Track, but they will keep growing.
why so much energy around DNT? (Score:3, Insightful)
DNT is useless. You WILL be tracked if you give sites information that is useful in tracking you. The very best you can do is chase the tracking out of your legal jurisdiction and into other countries or underground.
The only effective way to stop tracking is client side. It's like the analog of MMPORG games, where the client cannot be trusted, because it must be assumed to be in malicious hands. Here, the server cannot be trusted not to track you, because it must be assumed to be in malicious hands.
DNT is actively harmful, because it makes tech-illiterates think that if they set it in their browser, they will not be tracked. We have already seen that is not the case.
Re: (Score:3)
Re: (Score:1)
They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have popcorn.
It will be indeed interesting. Latency between USA and EU is about 120 ms...
Re:why so much energy around DNT? (Score:5, Insightful)
Except that there's no way to actually enforce that companies won't track
Except that we still won't know if our browsers will give out our information even with this flag on
Except that [the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," ]
Except that there's too much money at stake to just prevent sites from gathering your data. Even if your data is anonymized (meaning you set the flag on, and you don't see targeted ads as a result) - there's no guarantee that your data isn't still being collected by 3rd parties from the sites you go to. This is why there was such a fuss over the decision to make IE10 do-not-track's setting off by default. The only way you can guarantee your data isn't being used is to prevent it from being sent in the first place, or somehow falsify the data being sent back to the server
Re: (Score:2)
I think what you're trying to say is that the DNT folks took their inspiration from the evil bit [wikipedia.org], not realizing it was an april fools joke.
Re: (Score:2)
Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless.
Really?
So, you've read all the W3C papers [w3.org]? You've been to the workshops [w3.org]? You are aware of the discussions inside the Tracking Protection Working Group [w3.org]?
No, wait, you just have an opinion based on reading a few badly researched online magazine articles.
Re: (Score:2)
So, you've read all the W3C papers?
Your argumentum ad verecundiam fails. An obviously bad design remains obviously bad no matter who may have come up with it. Accepting it blindly, without looking at its technical merits, just because it has been blessed by the W3C is silly (not to mention that the authority you appeal to, the W3C, has one of the worst track records in regards to coming up with reasonable and feasible designs).
But I think you can reach some interesting conclusions by looking at the originators of the proposed standa
Re: (Score:2)
Not coming up with the conclusion that Fielding is a corrupt shill is quite difficult
Best part about DNT (Score:1)
It adds another bit to your browser fingerprint and so, together with IP, user agent string, Accept: headers etc., makes it just a little easier to track you even in absence of cookies.
Re: (Score:2)
Actually the idea behind DNT is that it works when it is combined with laws.
As an example the EU already has an opt-in law (well ok, most countries in the EU have created a law based on what was agreed up on at the EU level).
Don't care. (Score:5, Informative)
Have fun fulling your DB with useless crap trying to "track" me, Marketers.
Re:Don't care. (Score:5, Insightful)
Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.
Have fun fulling your DB with useless crap trying to "track" me, Marketers.
Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...
I've personally found the EFF's little http://panopticlick.eff.org/ [eff.org] test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.
Interesting... (Score:1)
Just taken the EFF test.
With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(
With JS disabled: 1 in 70 000 :)
Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/
Re: (Score:3)
Just taken the EFF test.
With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(
With JS disabled: 1 in 70 000 :)
Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/ [mozilla.org]
If you don't want to be tracked, you want to be 1 in a million, not one in 100.
I got: Your browser fingerprint appears to be unique among the 2,452,130 tested so far. Meaning if anyone sees my browser fingerprint at one place and then again at another place, they know it was the same browser.
My fingerprint showed up as unique both with and without NoScript. :(
I run the Zemana anti-logger program and it was somehow able to see that, which surprised me. With JS on, it's the huge numbers of fonts that give you away, especially if you have any kind of desk top publishing program or strange word processor installed.
Re: (Score:2)
Thanks for the link - I'd forgotten about this. Took the test:
"Your browser fingerprint appears to be unique among the 2,452,354 tested so far."
Short conclusion: I'm screwed.
Re: (Score:3)
That depends...
If you count as "unique" every single time, it means you have avoided getting matched to a preexisting profile. A random user agent will have that effect.
If, however, you count as 1/x the first time, 2/x the second time, 3/x the third time, and so on, it means they can actually match you to a unique previous visitor - yourself. Not so good, in that case.
The trackers want you to look as unique as possible, but the same each time you visit. You, OTOH, w
Re: (Score:2)
Thanks, guys.
I'm getting killed by user agent (1 in 46k), plugins (unique), and system fonts (1 in 82k). Were I to switch to, for example, Win7, the big three browsers, and a small common set of plugins I'm guessing it'd be a lot better. Instead, like a thorough-going idiot, I run 64-bit Linux, Opera, and what I had thought to be a standard set of media plugins. I hadn't intended this to be useful for some un-bidden data miner. I've been totally naive about fonts; so far as I knew I just had the standar
Re:Don't care. (Score:4, Insightful)
Exactly.
The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously? If these people gave a single, pathetic thought about what consumers did or did not want, they'd be out of a career.
AdBock/Ghostery/NoScript/etc means you don't have to trust any website not to track anything.
Re: (Score:3)
Strange how it did work for the do-not-call list, you know?
Even if DNT works only for 1% of sites - it still works better than your solution, which seems to involve throwing your hands into the air, running around and crying "the sky is falling, it is all hopeless".
Re: (Score:2)
It's unenforceable and unverifiable.
I agree it's not that easy.
You get much better chances with AdBlock/URL filter/hosts file/whatever than with DNT.
Yeah, because spam filters have put an end to spam. Uh... wait... why is 80%+ of e-mail traffic spam if filtering and blocking work so well? Oh yes, because they don't.
Re: (Score:2)
> Strange how it did work for the do-not-call list, you know?
The do-not-call list didn't do a thing for me. Of course, I'm in an entirely different jurisdiction, along with the majority of the rest of the planet.
> Even if DNT works only for 1% of sites - it still works better than your solution
The solution(s) where I explicitly take control over what goes from my browser to 100% of sites? I have to admit, I like my odds a lot better than yours.
Re: (Score:2)
The solution(s) where I explicitly take control over what goes from my browser to 100% of sites?
really ? [eff.org]
Re: (Score:2)
I have ABP, Ghostery and BetterPrivacy installed, and the EFF's little toy can still identify me uniquely.
NoScript isn't really an option for anyone who doesn't live in a bubble, because tons of sites use JS for completely benign purposes these days. And lots of sites that are really useful do both need JS and track you - try using Google maps without javascript. And no, I don't plan on spending half my waking hours on fine-tuning exactly which scripts are allowed to run and which aren't.
So, yes, you can ke
Re: (Score:2)
I'm not opposed to the DNT flag at all - I have it set - and I think it's a good idea to be able to set up a digital "No Trespassing" sign. I'm still locking my door though.
Couldn't agree more. Even with DNT and even if DNT were mandatory, I would still leave AdBlock enabled.
Re: (Score:2)
The do-not-call list works because there are legal repercussions for disobeying its mandate. Companies that called people on the list and were not exempt were liable for hefty fines.Obeying the strictures of these regulations was mandatory, by force of law. It was not optional.
Agreed.
The obvious next step for DNT is to make it mandatory. The fact that the ad companies are running amok over it shows that a) we're on the right track and b) it needs to be mandatory or they'll ignore it.
But it can only be in this order. You can't pass a law without the DNT flag, because advertisers would whine that some people really want to be tracked.
the premise behind DNT (Score:2)
That would be stupid, yes. But I think the point of DNT isn't that. It's to allow the user to express their desire.
The current default is that it's acceptable to track users. To begin to eliminate tracking you have to give users a voice, the ability to declare that they don't want to be tracked. That's what DNT is. The next step is enforcement.
Re: (Score:2)
> It's about hoping some of them they might respect the flag.
Well, yes. It's a proposed Internet standard; obviously it's based on a large degree of hope with a side order of anticipated disappointment.
> It's a "social" solution, and possibly the best social solution possible.
A "social" solution for what's essentially sociopathic behaviour? You're right, I just don't understand DNT.
Re: (Score:2)
Re: (Score:1)
NoScript (Score:5, Interesting)
The thing that pisses me off the most about most (even supposedly reputable) web sites these days, is the eye opener you get if you run NoScript. The fact that the home pages of supposedly reputable sites are trying to pull in javascript from like a dozen or more unrelated sites is just fucking inexcusable, and it seems to get worse every day.
Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.
Re: (Score:1)
Re: (Score:3)
I do wish, though, that NoScript were a little less aggressive.
I use javascript libraries pulled from CDNs on some of my sites, simply because it saves me the trouble of constantly keeping local copies up-to-date and the other usual CDN reasons.
And not for tracking or advertisement. I'm talking about stuff like jquery, OpenLayers, etc. - presentation stuff.
Re: (Score:1)
Some websites now even detect that you have blocked javascript and cookies and actively refuse to work until you enable them (e.g., I'm looking at you Target.com).
That's more than just making sure your website gracefully degrades. That's purposefully spiting people who are security conscious.
Well, their loss. Plenty of other stores out there that are willing to take my money...
Re: (Score:2)
You're fucking kidding right?? Like code being pulled from packages I chose to install on MY computer is the same as a website I'm visiting choosing to make ME run code from sites I never even heard of?? What exactly is your point, aside from proving your astonishing ignorance??
Re: (Score:1)
Agreed. On my oldest computer I have JavaScript turned off so it doesn't get bogged down with the tons of badly crafted JavaScript that is often found on websites these days.
On some of them simple things like search forms will not work unless JavaScript is enabled. Examples are the well-known play.com website and the package courier Kiala's website.
Another baffling example is your list of saved adverts on a website I regularly visit where people sell their used stuff. After ticking the checkboxes of the adv
Re: (Score:1)
Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.
I've actually been thinking of writing a short rant about this for last couple days - what's especially annoying is when you do the "Temporarily allow all from this page" (I usually resort to this to see the comment thread on pages, many which don't even show hints of such even existing before you allow several domains) and instead of getting a working site after enabling 3-5 domains you now get "scripts partially allowed" with those 3-5 allowed and something like 4-8 new domains introduced by these 3-5 one
Re: (Score:2)
Hard to lie about your zip code when they can Geolocate you. Need to use a proxy to get around that.
Re: (Score:2)
I show up as coming from somewhere in Georgia (US state, not a former Soviet satellite). Presumably, my ISP joins the rest of the outside world there.
Except... That missed my actual location by about 1500 miles.
So, not really all that tough - If you trust IP-based geolocation to tell you where I live, you wouldn't believe me if I really told you.
Cliff notes: (Score:5, Informative)
Team Marketing is on tactical thermonuclear crack. I don't know where the hell they got it; but damn if it isn't the good stuff. Consider the below, from a 'Rachel Thomas' working on behalf of the "Direct Marketing Association":
"Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.
Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.
Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years."
Yes, she actually said that [w3.org]. In public.
Re: (Score:2)
Where's a crowdfunding assassination site when you need one? Is hitstarter.com still available?
Re: (Score:2)
No, it isn't. It is... fuck me sideways with a chainsaw... an advertisement company.
Is it the end of the universe [comedycentral.com] ?
Firefox community (Score:3, Informative)
Has got you covered... some what:
https://addons.mozilla.org/en-US/firefox/addon/firegloves/ [mozilla.org]
https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ [mozilla.org]
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ [mozilla.org]
Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)
Re: (Score:1)
Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)
It is even more hilarious that you look pron on your friends' laptops. The average site explicitly disables - actually does not enable - pron ads. Pron ad is enabled only on other pron and similar, non-family-friendly sites.
Re: (Score:2)
Megaupload (was) & rapidshare are a mixed bag of stuff with plenty of legit uses. Being new to the internet however... that's just inexcusable on slashdot.
Re: (Score:1)
"Fate of economy" (Score:2, Insightful)
On or Off (Score:2)
I haven't read about the full spec of DNT, but in Piwik I am provided with only the option of not tracking people who are requesting not to be tracked, and the instructions around that particular option (within the GUI) state that it should be left checked. But I disagree with this. My website is my private property, and I should be allowed to track what users do so that I can make my site perform better for my users. This is why I feel there should be options in DNT, which I also don't see in my FF browser
Re: (Score:1)
So, you want a DNT=2 - track locally only.
Submit it to the W3C.
Re: (Score:2)
Submitted to mailing list (not sure where else to submit to):
Re: (Score:2)
Tracking on your website isn't the real issue here anyway. Most people don't seem to understand that very well.
The real issue is advertisement company tracking you all over the web and combining that information because they have ads on a lot of the websites out there. Then you are talking about things like: Online Behavioral Advertising
Re: (Score:1)
I remember the internet before all you scumbag advertisers showed up.
There is a psychological phenomenon which shows past events in better light. First, the internet without advertisements never existed. There were ads on Arpanet. Second, you would feel less nostalgy for the internet of the eighties or nineies if you actually have to use that nowdays.
Re: (Score:2)
I would be interested in seeing actual transfer amount statistics, breaking down the traffic through a major backbone provider.
Exactly what percentage of internet traffic is "service", and what percentage is "advertisment related"?
(EG, what prcentage of the data transfered in a 24 hour polling period is explicitly advertisement related, vs all other uses.)
I have see some very data hungry adverts. Flash based ads especially. (Blizzard, I am looking at you. Movie studios, you too!) Give that those can easily
Re: (Score:1)
Re: (Score:3)
I mean..
I realize network neutrality is the defacro norm (at least for the time being), but let's say backbone provider A has a peering agreement with downstream provider B, and advertising company C.
Downstream B gets lots of traffic through their pipe from advert company B, pumped into the through backbone connction A.
The adverts have to traverse intermediate networks to reach the "recipient".
That same 900kb of data takes bandwidth on many networks, and is not exactly free to transmit.
What I was asking, is
Re: (Score:2)
Also, in addition to the actual advert itself, if we also factored in all the inter-server communication between advertising companies as well, (eg, slashdot sends a request to the advert company server [via the user], telling the advert where the advert was displayed for payment processing, which then sends a random advert, as well as the cross-hosted script requests, and added http get requests for said files that would not have been generated without the need to serve the advert.), all those nickles and
tl;dr (Score:3)
Summary: Advertisers are assholes and do not give a fuck about what you want.
Did I miss anything?
The application of common sense (Score:1)
The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin.
Not for me.
A few minutes of quiet reflection and the liberal application of common sense will result in the following:
(1) DNT=1 needs to be set by the user to be useful. It doesn't make sense for the browser distributor to set it, because he's not the guy who's actually using it.
(2) Of course, there needs to be a default setting for DNT if the user hasn't specified it yet. If it defaults to DNT=1, then that's tantamount to a small handful of guys who create browsers for a living, in unison, giving the fi
Re: (Score:2)
DNT=1 needs to be set by the user to be useful.
Are you seriously claiming that you really, honestly believe that the majority of people want to be tracked by a zillion advertising sites all across the web, and only a minority object to that?
With a default of 'do not track', those who really want to be tracked can still turn it off.
Re: (Score:1)
The problem with (1) is that DNT=0 is the same as DNT isn't set.
Both say it's ok to track, in different ways. 0 means I say yes to tracking, so track. No setting says I say nothing to tracking, so track.
Very few users actually want to be tracked.
So why is 'it's ok to track' the default?
Re:The application of common sense (Score:4)
Not set doesn't mean "ok to track." Yes, they will track you, but the difference from DNT:0 is when it's not set, they're tracking you without your consent (nobody said you're ok with it). With DNT:0, you are consenting.
And the difference between that and DNT:1 (where most of them also track you) is that when it's not set, they have plausible deniability that they resisted your preference. With DNT:1, you're not consenting and they can't credibly say "I didn't know you had a problem with that."
(Unless you're running MSIE10, in which case if you send DNT:1, they can say "I didn't know you had a problem with that.")
Maybe this is the best way to look at it. DNT is "plausible deniability by default." It's not about tracking; it's about the relationship, and it provides a previously-missing piece of the model, representing the level to which hostility has escalated.
Re: (Score:2)
Yes but what is the point of informing people who NEVER GET IT, with things that people already know?
The only people who assume everyone would want anonymity unless they opted in are the same people who will look for the "next step" once they find that "DNT=1" was ignored and everyone in marketing is corrupt UNLESS "GTH=1".*
*GTH stands for "Gun To Head".
This is like telling the last person that Global Warming is a problem, or that the only issue electronic voting machines solved was that of having voters wh
Re: (Score:2)
Blame Fielding, who is injecting user-unfriendly paragraphs into the w3c standard with apparently no discussion and consensus at all.
Re: (Score:3)
A few minutes of quiet reflection and the liberal application of common sense will result in the following:
Because a few minutes of your thinking are more valuable than the various workshops, meetings and discussions of the W3C Tracking Protection Working Group and all its associates and members?
You really think this wasn't discussed by a hundred people before the current draft was written? Really?
Nothing I've read has changed my conclusions one bit.
So what is it that you have read? Half-arsed magazine articles? Or have you read the actual papers of the actual W3C, the workgroup members, the various parties? Allow me to guess...
Re: (Score:2)
Actually the default DNT is no header. The user did not make a choice.
If advertisers don't respect it and we are fairly sure it is going on, we'll sent lawyers because there are laws (like in the EU) which says they can't do that without consent.
I've adapted the "spam solutions" list for DNT (Score:4, Funny)
It's much shorter. :-)
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting tracking. Your idea will not work. Here is why it won't work.
(x) Dude, fucking seriously. A checkbox to say "Hi marketers, please don't track me!"? What are you, on crack? You've got better odds walking through a bad neighborhood wearing gold chains and a "Please don't mug me" shirt.
Furthermore, this is what I think about you:
(x) This is a stupid idea, and you're a stupid person for suggesting it.
Re: (Score:3)
That's stupid, because it implies a technical approach to fighting tracking won't work. And technical approaches are, in fact, very likely to work to a great degree.
We know this, because back in the 1990s we-the-users had better tech, so tracking us was harder.
WHAT?! B-B-Better tech?! Yes.. from TFA:
must die (Score:2)
Do not track is a farce that relies on the good will of corporations acting against their own interests.
I'd far rather internet users smarten up and be careful what they do online.
The information isn't under the user's control anyhow, so I'd rather that fact be transparently known and precautions taken, rather than have gullible users live in some magical fairy world where they pretend they are safe.
Based on a wrong assumption (Score:2)
No Honor (Score:1)
After the W3C's recent face-to-face meeting in Amsterdam, the the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," effectively saying it intends to stick to its own self-regulatory approach to user privacy.[
That's okay, Digital Advertising Alliance, because I didn't expect anyone to honor such a less-than-worthless piece of shit that is embarrassingly considered a standard. Fuck, even Apache only honors it purely at their own discretion and completely disregards certain OS and browser configurations. However, I bought and own my own computers, and they will obey their master and honor my rights and privacy that you disregard. I have my own little "self-regulatory approach" already implemented for you, no ne