Forgot your password?
typodupeerror
Advertising Privacy Your Rights Online

An Overview of the Do Not Track Debate 108

Posted by Soulskill
from the no-means-no dept.
jonathanmayer writes "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. Quoting: 'With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?' The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."
This discussion has been archived. No new comments can be posted.

An Overview of the Do Not Track Debate

Comments Filter:
  • by Anonymous Coward on Friday October 12, 2012 @04:53PM (#41635575)

    you want me to read about privacy on a website with no less than 4 web bugs and tracking code up the wazoo, not to mention all their shitty adverts
    get off my web

    • My positive contributions to Slashdot has allowed me to disable adverts.
    • ... at how some people (particularly in certain industries) manage to make non-issues into issues.

      Legislate "Do Not Track". Period. Done. End of story, end of problems. Those who make their living from tracking the comings and goings of other, innocent and unknowing people, can go suck eggs. I have no sympathy.

      None.
  • As I remember it, things were expanding quite quickly even before every little click was tracked. I imagine things might slow down with Do-Not-Track, but they will keep growing.

  • by Anonymous Coward on Friday October 12, 2012 @04:59PM (#41635711)

    DNT is useless. You WILL be tracked if you give sites information that is useful in tracking you. The very best you can do is chase the tracking out of your legal jurisdiction and into other countries or underground.

    The only effective way to stop tracking is client side. It's like the analog of MMPORG games, where the client cannot be trusted, because it must be assumed to be in malicious hands. Here, the server cannot be trusted not to track you, because it must be assumed to be in malicious hands.

    DNT is actively harmful, because it makes tech-illiterates think that if they set it in their browser, they will not be tracked. We have already seen that is not the case.

    • Do-Not-Track seems useless, but when the browser vendors find someone not playing nice, you may see a complete block of any accessible information from anywhere outside of the current domain of the webpage. This puts a burden on the website to funnel all computational and tracking related functions to the current domain. They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have po
      • by dshk (838175)

        They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have popcorn.

        It will be indeed interesting. Latency between USA and EU is about 120 ms...

    • by Beerdood (1451859) on Friday October 12, 2012 @05:23PM (#41636113)
      Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless. A little header where "DNT=1" in the html and... Presto! No more tracking!

      Except that there's no way to actually enforce that companies won't track
      Except that we still won't know if our browsers will give out our information even with this flag on
      Except that [the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," ]
      Except that there's too much money at stake to just prevent sites from gathering your data. Even if your data is anonymized (meaning you set the flag on, and you don't see targeted ads as a result) - there's no guarantee that your data isn't still being collected by 3rd parties from the sites you go to. This is why there was such a fuss over the decision to make IE10 do-not-track's setting off by default. The only way you can guarantee your data isn't being used is to prevent it from being sent in the first place, or somehow falsify the data being sent back to the server
      • by rgbrenner (317308)

        I think what you're trying to say is that the DNT folks took their inspiration from the evil bit [wikipedia.org], not realizing it was an april fools joke.

      • by Tom (822)

        Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless.

        Really?

        So, you've read all the W3C papers [w3.org]? You've been to the workshops [w3.org]? You are aware of the discussions inside the Tracking Protection Working Group [w3.org]?

        No, wait, you just have an opinion based on reading a few badly researched online magazine articles.

        • by ChatHuant (801522)

          So, you've read all the W3C papers?

          Your argumentum ad verecundiam fails. An obviously bad design remains obviously bad no matter who may have come up with it. Accepting it blindly, without looking at its technical merits, just because it has been blessed by the W3C is silly (not to mention that the authority you appeal to, the W3C, has one of the worst track records in regards to coming up with reasonable and feasible designs).

          But I think you can reach some interesting conclusions by looking at the originators of the proposed standa

        • by fatphil (181876)
          Well, I know that Fielding published a new version of the DNT standard with changes to the "defaults" section exactly 1 month *after* he submitted the patch to change Apache's behaviour; and that change to the standard supported his patch, whereas the origins of the DNT standard explicitly preclude his patch. And the topic of defaults wasn't in the agenda of any of the WG mettings since the previous version of the standard.

          Not coming up with the conclusion that Fielding is a corrupt shill is quite difficult
    • by Anonymous Coward

      It adds another bit to your browser fingerprint and so, together with IP, user agent string, Accept: headers etc., makes it just a little easier to track you even in absence of cookies.

    • by Lennie (16154)

      Actually the idea behind DNT is that it works when it is combined with laws.

      As an example the EU already has an opt-in law (well ok, most countries in the EU have created a law based on what was agreed up on at the EU level).

  • Don't care. (Score:5, Informative)

    by pla (258480) on Friday October 12, 2012 @05:01PM (#41635745) Journal
    Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

    Have fun fulling your DB with useless crap trying to "track" me, Marketers.
    • Re:Don't care. (Score:5, Insightful)

      by fuzzyfuzzyfungus (1223518) on Friday October 12, 2012 @05:08PM (#41635853) Journal

      Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

      Have fun fulling your DB with useless crap trying to "track" me, Marketers.

      Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...

      I've personally found the EFF's little http://panopticlick.eff.org/ [eff.org] test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.

      • by Anonymous Coward

        Just taken the EFF test.

        With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(

        With JS disabled: 1 in 70 000 :)

        Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/

      • by kermidge (2221646)

        Thanks for the link - I'd forgotten about this. Took the test:

        "Your browser fingerprint appears to be unique among the 2,452,354 tested so far."

        Short conclusion: I'm screwed.

        • by pla (258480)
          Short conclusion: I'm screwed.

          That depends...

          If you count as "unique" every single time, it means you have avoided getting matched to a preexisting profile. A random user agent will have that effect.

          If, however, you count as 1/x the first time, 2/x the second time, 3/x the third time, and so on, it means they can actually match you to a unique previous visitor - yourself. Not so good, in that case.

          The trackers want you to look as unique as possible, but the same each time you visit. You, OTOH, w
    • Re:Don't care. (Score:4, Insightful)

      by c (8461) <beauregardcp@gmail.com> on Friday October 12, 2012 @05:16PM (#41635991)

      Exactly.

      The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously? If these people gave a single, pathetic thought about what consumers did or did not want, they'd be out of a career.

      AdBock/Ghostery/NoScript/etc means you don't have to trust any website not to track anything.

      • by Tom (822)

        Strange how it did work for the do-not-call list, you know?

        Even if DNT works only for 1% of sites - it still works better than your solution, which seems to involve throwing your hands into the air, running around and crying "the sky is falling, it is all hopeless".

        • by c (8461)

          > Strange how it did work for the do-not-call list, you know?

          The do-not-call list didn't do a thing for me. Of course, I'm in an entirely different jurisdiction, along with the majority of the rest of the planet.

          > Even if DNT works only for 1% of sites - it still works better than your solution

          The solution(s) where I explicitly take control over what goes from my browser to 100% of sites? I have to admit, I like my odds a lot better than yours.

          • by Tom (822)

            The solution(s) where I explicitly take control over what goes from my browser to 100% of sites?

            really ? [eff.org]

      • The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously?.

        That would be stupid, yes. But I think the point of DNT isn't that. It's to allow the user to express their desire.

        The current default is that it's acceptable to track users. To begin to eliminate tracking you have to give users a voice, the ability to declare that they don't want to be tracked. That's what DNT is. The next step is enforcement.

    • People don't all use Beverly Hills, CA 90210?
      • by philofaqs (668524)
        Bit tricky outside of the US, still, wanted to use the Queens's postcodefor a while, until I kept getting adverts for Nazi memorabilia 1st mention of Godwin gets 3 whooshes on either side of face. Hard
    • NoScript (Score:5, Interesting)

      by digitalaudiorock (1130835) on Friday October 12, 2012 @05:22PM (#41636101)

      The thing that pisses me off the most about most (even supposedly reputable) web sites these days, is the eye opener you get if you run NoScript. The fact that the home pages of supposedly reputable sites are trying to pull in javascript from like a dozen or more unrelated sites is just fucking inexcusable, and it seems to get worse every day.

      Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

      • by nerky (2743851)
        I have similar charred arse reaction; Ghostery reveals more cross-marketing shite.
      • by Tom (822)

        I do wish, though, that NoScript were a little less aggressive.

        I use javascript libraries pulled from CDNs on some of my sites, simply because it saves me the trouble of constantly keeping local copies up-to-date and the other usual CDN reasons.

        And not for tracking or advertisement. I'm talking about stuff like jquery, OpenLayers, etc. - presentation stuff.

      • by Anonymous Coward

        Some websites now even detect that you have blocked javascript and cookies and actively refuse to work until you enable them (e.g., I'm looking at you Target.com).

        That's more than just making sure your website gracefully degrades. That's purposefully spiting people who are security conscious.

        Well, their loss. Plenty of other stores out there that are willing to take my money...

      • by BenoitRen (998927)

        Agreed. On my oldest computer I have JavaScript turned off so it doesn't get bogged down with the tons of badly crafted JavaScript that is often found on websites these days.

        On some of them simple things like search forms will not work unless JavaScript is enabled. Examples are the well-known play.com website and the package courier Kiala's website.

        Another baffling example is your list of saved adverts on a website I regularly visit where people sell their used stuff. After ticking the checkboxes of the adv

      • by robsku (1381635)

        Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

        I've actually been thinking of writing a short rant about this for last couple days - what's especially annoying is when you do the "Temporarily allow all from this page" (I usually resort to this to see the comment thread on pages, many which don't even show hints of such even existing before you allow several domains) and instead of getting a working site after enabling 3-5 domains you now get "scripts partially allowed" with those 3-5 allowed and something like 4-8 new domains introduced by these 3-5 one

    • by Dwedit (232252)

      Hard to lie about your zip code when they can Geolocate you. Need to use a proxy to get around that.

      • by pla (258480)
        Hard to lie about your zip code when they can Geolocate you. Need to use a proxy to get around that.

        I show up as coming from somewhere in Georgia (US state, not a former Soviet satellite). Presumably, my ISP joins the rest of the outside world there.

        Except... That missed my actual location by about 1500 miles.

        So, not really all that tough - If you trust IP-based geolocation to tell you where I live, you wouldn't believe me if I really told you.
  • Cliff notes: (Score:5, Informative)

    by fuzzyfuzzyfungus (1223518) on Friday October 12, 2012 @05:01PM (#41635749) Journal

    Team Marketing is on tactical thermonuclear crack. I don't know where the hell they got it; but damn if it isn't the good stuff. Consider the below, from a 'Rachel Thomas' working on behalf of the "Direct Marketing Association":

    "Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.

    Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.

    Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years."

    Yes, she actually said that [w3.org]. In public.

    • by Tom (822)

      Where's a crowdfunding assassination site when you need one? Is hitstarter.com still available?

  • Firefox community (Score:3, Informative)

    by Synerg1y (2169962) on Friday October 12, 2012 @05:04PM (#41635801)

    Has got you covered... some what:

    https://addons.mozilla.org/en-US/firefox/addon/firegloves/ [mozilla.org]
    https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ [mozilla.org]
    https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ [mozilla.org]

    Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)

    • by dshk (838175)

      Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)

      It is even more hilarious that you look pron on your friends' laptops. The average site explicitly disables - actually does not enable - pron ads. Pron ad is enabled only on other pron and similar, non-family-friendly sites.

      • by Synerg1y (2169962)

        Megaupload (was) & rapidshare are a mixed bag of stuff with plenty of legit uses. Being new to the internet however... that's just inexcusable on slashdot.

    • That has happened to me before as well.... lol http://www.inetsoft.com/ [inetsoft.com]
  • "Fate of economy" (Score:2, Insightful)

    by Dunge (922521)
    If the economy depends on private corporations analyzing the behaviors of citizens, fuck the economy. Seriously, people will still buy the things they need without having ads thrown in their faces every 2 seconds.
  • I haven't read about the full spec of DNT, but in Piwik I am provided with only the option of not tracking people who are requesting not to be tracked, and the instructions around that particular option (within the GUI) state that it should be left checked. But I disagree with this. My website is my private property, and I should be allowed to track what users do so that I can make my site perform better for my users. This is why I feel there should be options in DNT, which I also don't see in my FF browser

    • So, you want a DNT=2 - track locally only.

      Submit it to the W3C.

      • Submitted to mailing list (not sure where else to submit to):

        I don't know if this is the correct place to post this suggestion, but as a very small website operator and consumer, I would like to request a third option in the Do Not Track standard.

        I have observed through options in Piwik and Firefox that the implementation of DNT seems too absolute. In the browser I can only select to never be tracked or to always be tracked, and in my analytics software I can only select to never track or to ignore tracking

    • by Lennie (16154)

      Tracking on your website isn't the real issue here anyway. Most people don't seem to understand that very well.

      The real issue is advertisement company tracking you all over the web and combining that information because they have ads on a lot of the websites out there. Then you are talking about things like: Online Behavioral Advertising

  • by sootman (158191) on Friday October 12, 2012 @06:03PM (#41636725) Homepage Journal

    Summary: Advertisers are assholes and do not give a fuck about what you want.

    Did I miss anything?

  • by Anonymous Coward

    The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin.

    Not for me.

    A few minutes of quiet reflection and the liberal application of common sense will result in the following:

    (1) DNT=1 needs to be set by the user to be useful. It doesn't make sense for the browser distributor to set it, because he's not the guy who's actually using it.

    (2) Of course, there needs to be a default setting for DNT if the user hasn't specified it yet. If it defaults to DNT=1, then that's tantamount to a small handful of guys who create browsers for a living, in unison, giving the fi

    • by 0123456 (636235)

      DNT=1 needs to be set by the user to be useful.

      Are you seriously claiming that you really, honestly believe that the majority of people want to be tracked by a zillion advertising sites all across the web, and only a minority object to that?

      With a default of 'do not track', those who really want to be tracked can still turn it off.

    • The problem with (1) is that DNT=0 is the same as DNT isn't set.

      Both say it's ok to track, in different ways. 0 means I say yes to tracking, so track. No setting says I say nothing to tracking, so track.

      Very few users actually want to be tracked.

      So why is 'it's ok to track' the default?

      • by Sloppy (14984) on Friday October 12, 2012 @06:58PM (#41637405) Homepage Journal

        Not set doesn't mean "ok to track." Yes, they will track you, but the difference from DNT:0 is when it's not set, they're tracking you without your consent (nobody said you're ok with it). With DNT:0, you are consenting.

        And the difference between that and DNT:1 (where most of them also track you) is that when it's not set, they have plausible deniability that they resisted your preference. With DNT:1, you're not consenting and they can't credibly say "I didn't know you had a problem with that."

        (Unless you're running MSIE10, in which case if you send DNT:1, they can say "I didn't know you had a problem with that.")

        Maybe this is the best way to look at it. DNT is "plausible deniability by default." It's not about tracking; it's about the relationship, and it provides a previously-missing piece of the model, representing the level to which hostility has escalated.

        • Yes but what is the point of informing people who NEVER GET IT, with things that people already know?
          The only people who assume everyone would want anonymity unless they opted in are the same people who will look for the "next step" once they find that "DNT=1" was ignored and everyone in marketing is corrupt UNLESS "GTH=1".*

          *GTH stands for "Gun To Head".

          This is like telling the last person that Global Warming is a problem, or that the only issue electronic voting machines solved was that of having voters wh

      • by fatphil (181876)
        > So why is 'it's ok to track' the default?

        Blame Fielding, who is injecting user-unfriendly paragraphs into the w3c standard with apparently no discussion and consensus at all.
    • by Tom (822)

      A few minutes of quiet reflection and the liberal application of common sense will result in the following:

      Because a few minutes of your thinking are more valuable than the various workshops, meetings and discussions of the W3C Tracking Protection Working Group and all its associates and members?

      You really think this wasn't discussed by a hundred people before the current draft was written? Really?

      Nothing I've read has changed my conclusions one bit.

      So what is it that you have read? Half-arsed magazine articles? Or have you read the actual papers of the actual W3C, the workgroup members, the various parties? Allow me to guess...

    • by Lennie (16154)

      Actually the default DNT is no header. The user did not make a choice.

      If advertisers don't respect it and we are fairly sure it is going on, we'll sent lawyers because there are laws (like in the EU) which says they can't do that without consent.

  • by sootman (158191) on Friday October 12, 2012 @06:10PM (#41636845) Homepage Journal

    It's much shorter. :-)

    Your post advocates a

    (x) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting tracking. Your idea will not work. Here is why it won't work.

    (x) Dude, fucking seriously. A checkbox to say "Hi marketers, please don't track me!"? What are you, on crack? You've got better odds walking through a bad neighborhood wearing gold chains and a "Please don't mug me" shirt.

    Furthermore, this is what I think about you:

    (x) This is a stupid idea, and you're a stupid person for suggesting it.

    • by Sloppy (14984)

      That's stupid, because it implies a technical approach to fighting tracking won't work. And technical approaches are, in fact, very likely to work to a great degree.

      We know this, because back in the 1990s we-the-users had better tech, so tracking us was harder.

      WHAT?! B-B-Better tech?! Yes.. from TFA:

      When you visit a site — say, The Verge, your browser loads content that is served directly by The Verge (the first party), like our articles and images. It also loads content served by third parties, li

  • Do not track is a farce that relies on the good will of corporations acting against their own interests.

    I'd far rather internet users smarten up and be careful what they do online.

    The information isn't under the user's control anyhow, so I'd rather that fact be transparently known and precautions taken, rather than have gullible users live in some magical fairy world where they pretend they are safe.

  • The article is based on the assumption that the total ad revenue of the industry would not be significantly less even if they have to show random ads to everybody again. The author thinks that the ad budgets does not really change, only they are spent on different methods. I have my experience which contradicts this assumption. We had a paid product and tested Google Adwords. The result was not good enough. We only managed to have a zero balance: the money we spent on ad was about the same as the additional
  • After the W3C's recent face-to-face meeting in Amsterdam, the the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," effectively saying it intends to stick to its own self-regulatory approach to user privacy.[

    That's okay, Digital Advertising Alliance, because I didn't expect anyone to honor such a less-than-worthless piece of shit that is embarrassingly considered a standard. Fuck, even Apache only honors it purely at their own discretion and completely disregards certain OS and browser configurations. However, I bought and own my own computers, and they will obey their master and honor my rights and privacy that you disregard. I have my own little "self-regulatory approach" already implemented for you, no ne

The number of arguments is unimportant unless some of them are correct. -- Ralph Hartley

Working...