Forgot your password?
typodupeerror
Privacy Your Rights Online

Do Not Track Ineffective and Dangerous, Says Researcher 207

Posted by samzenpus
from the best-intentions dept.
Seeteufel writes "Nadim Kobeissi, security researcher, describes the Do Not Track standard of the W3C as dangerous. 'In fact, Google's search engine, as well as Microsoft's (Bing), both ignore the Do Not Track header even though both companies helped implement this feature into their web browsers. Yahoo Search also ignored Do Not Track requests. Some websites will politely inform you, however, of the fact that your Do Not Track request has been ignored, and explain that this has been done in order to preserve their advertising revenue. But not all websites, by a long shot, do this.' The revelations come as Congress and European legislators consider to tighten privacy standards amid massive advertiser lobbying. 'Do not track' received strong support from the European Commission."
This discussion has been archived. No new comments can be posted.

Do Not Track Ineffective and Dangerous, Says Researcher

Comments Filter:
  • Re:Legislation (Score:5, Informative)

    by jazman_777 (44742) on Wednesday February 13, 2013 @09:11PM (#42890735) Homepage
    Most big companies see it in their best interest to use the government to crush their competitors, all while the government gives them a free hand.
  • by dririan (1131339) on Wednesday February 13, 2013 @10:09PM (#42891235)

    They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.

    AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you [eff.org] especially if you include your IP address (but that's not always reliable).

    I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.

    There's already a solution for that. [wikipedia.org] Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.

  • by alostpacket (1972110) on Wednesday February 13, 2013 @10:13PM (#42891265) Homepage

    Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.

    - Cookies
    - JavaScript
    - tracking pixels
    - HTML local DBs
    - Flash objects
    - fonts
    - screen size/colors
    - plugin config/versions
    - User agent
    - IP address
    - and now.... "DNT" toggle...

    It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".

    Anyways, some info:

    EFF tool to see how well you can be tracked (fingerprinted)
    https://panopticlick.eff.org/index.php?action=log [eff.org]

    NAI (Network Advertising Initiative)
    Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
    http://www.networkadvertising.org/choices/ [networkadvertising.org]

    Apple iAd opt out
    http://support.apple.com/kb/HT4228 [apple.com]

  • by Anonymous Coward on Wednesday February 13, 2013 @10:14PM (#42891269)
    You might want to think a bit more about the meaning of the word signature.
  • Re:No kidding (Score:4, Informative)

    by azalin (67640) on Thursday February 14, 2013 @04:55AM (#42893501)
    There is an "allow unobtrusive adds" feature in ABP which might provide a solution to this dilemma. It provides reasons and rewards for playing nice. Should this idea take hold in a big way (yeah, the day pigs learn to fly) companies might actually choose the static, boring but seen by everyone ad over the fancy, super tracking, animated attention whore add seen only by the few slobs who don't have blocking yet.
    Of course the whole thing will be gamed and I have no idea, if it will ever take off.
  • Re:Legislation (Score:4, Informative)

    by hairyfeet (841228) <bassbeast1968@NOsPAM.gmail.com> on Thursday February 14, 2013 @07:33AM (#42894133) Journal

    I hate to break the news to ya sparky but in case you ain't kept up on current events the courts ruled "money equals speech" so your ballot box is worth jack and squat.

    You honestly think the best candidates anybody could come up with were Obama and Romney? Even though I don't believe in libertarianism you might want to look up "Jon Stewart Ron Paul" to see how badly the media is rigged, they treated Paul as "he who shall not be named" and the video ends with a reporter talking to an anchor and the reporter says "Here we are talking about Palin and Christie, who aren't even running, and not saying anything about paul who is doing good in the polls here" and the anchor gets a douchebag smirk and says "if you get any footage of Christie or Ppalin send it in, you can keep the Paul stuff"

    And THAT, that right there, is why your vote isn't worth used toilet paper. the media chooses which two shills you get, its coke in a can VS Coke in a bottle, because only pre-bought shills need apply. if you think voting would ever do anything ask yourself these questions: How many protested against the wars? How many sat out there in the cold during occupy? Think those people don't vote? of course they do but when your choice is Coke in a can VS in a bottle it don't really matter who you choose, its just different corporate masters. Obama is owned by the media cartels and his VP is the biggest media shill in DC, Romney was owned by Wall Street, 6 of one, half dozen of the other, either way you are fucked.

  • by Anonymous Coward on Thursday February 14, 2013 @08:08AM (#42894295)

    "Sadly, I have "real intelligence" when a large enough to be profitable portion of the words population don't" - by Omestes (471991) on Thursday February 14, @02:21AM (#42893107) Homepage

    Sadly, you're wrong (per my subject-line above) since AdBlock doesn't block all ads anymore, by default (& can't do 10++ things custom hosts files can, listed below) - same goes for Ghostery & even DNS servers!

    Additionally: I hate doing this too, but it's "doesn't" in that case per your quoted words above, not "don't" in that turn of a phrase (grammar picking yes, sorry - ordinarily I don't do that, as it is off-topic, but it fits here!).

    THIS creates that custom hosts file I note from 10++ reputable & reliable sources, "automagically":

    ---

    APK Hosts File Engine 5.0++ 32/64-bit:

    http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

    Which, if you read the list of what it can do for you as an end user of the resulting output it produces listed in the link above, you'll understand how/why...

    "It's as strong as steel, & a 3rd of the weight" - Howard Stark from the film "Captain America"

    ---

    Especially vs. competing alternate 'solutions', noted below in AdBlock/Ghostery & yes even DNS servers, next, as 'examples thereof'...

    Solutions that used to be good & I even recommended them in security guides I wrote up over the decades now -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=ka3yUKzxB-6_0QHLroCQCA [google.com]

    That did extremely well for myself (and users of them), for Windows users, for "layered-security"/"defense-in-depth" purposes - the BEST THING WE HAVE GOING vs. threats of all kinds, currently!

    (Not anymore though, & certainly NOT far as AdBlock's concerned especially, not after this):

    ---

    Adblock Plus To Offer 'Acceptable Ads' Option:

    http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org]

    (Meaning by default, which MOST USERS WON'T CHANGE, it doesn't block ALL ads - they "souled-out"... talk about "foxes guarding the henhouse")!

    ---

    Plus, Adblock CAN'T DO AS MUCH & not from a single file solution that runs in Ring 0/RPL 0/kernelmode via tcpip.sys, a driver (since it's part of the IP stack & tightly integrated into it) which is far, Far, FAR FASTER than ring 3/rpl 3/usermode apps like browsers, & addons slow them down (known issue in FireFox).

    To wit, 10++ things AdBlock can't do, hosts can:

    ---

    1.) Blocking rogue DNS servers malware makers use

    2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

    3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

    4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

    5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

    6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

    7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

    8.) AdBlock can't

In order to dial out, it is necessary to broaden one's dimension.

Working...