Do Not Track Ineffective and Dangerous, Says Researcher 207
Seeteufel writes "Nadim Kobeissi, security researcher, describes the Do Not Track standard of the W3C as dangerous. 'In fact, Google's search engine, as well as Microsoft's (Bing), both ignore the Do Not Track header even though both companies helped implement this feature into their web browsers. Yahoo Search also ignored Do Not Track requests. Some websites will politely inform you, however, of the fact that your Do Not Track request has been ignored, and explain that this has been done in order to preserve their advertising revenue. But not all websites, by a long shot, do this.' The revelations come as Congress and European legislators consider to tighten privacy standards amid massive advertiser lobbying. 'Do not track' received strong support from the European Commission."
So, what he's saying is... (Score:1)
Do Not Do Not Track?
Re: (Score:2)
Google's search engine, as well as Microsoft's (Bing), both ignore the Do Not Track header . . . . . Yahoo Search also ignored Do Not Track requests . . . . . . this has been done in order to preserve their advertising revenue.
File this under: Well, DUH!!!
Thank you Captain Obvious (Score:2)
No seriously. Thank you, Nadim Kobeissi, for using your media clout to bring the obvious to attention.
The world needs real Captain Obviouses. Chisel-jawed men with flashy capes and booming voices to land out of the sky and say what masses of experts already know but nobody has been listening to.
Legislation (Score:5, Insightful)
The days of the wild west on the net are gone...If the big boys in the industry cant get their shit together soon, we will get legislation, and that will be bad for everyone!
Just once I wish these companies could see that it is in the best interest of everyone to keep the government out and work together to reach a policy that will be adopted as a general standard without a law mandating it...
Most advertisers are still stuck in the 1970's. (Score:4, Insightful)
Re: (Score:1)
I don't know about the tag line thing for the examples you give: Milk is a staple, been around long before modern advertising...and Think Mink? I never heard of it and cant really tell what they want me to buy with a quick google search for that term...
Re:Most advertisers are still stuck in the 1970's. (Score:4, Interesting)
Re:Legislation (Score:5, Informative)
Re: (Score:1)
How about we leave the government out of the fucking internet and people can vote with their visits? The fact that these sites are still popular shows that people overwhelmingly don't care about targeted advertisement. (and they shouldn't, as anyone with real intelligence already knows)
Just like with companies off the internet, if you don't want to deal with them, then don't use them! Blacklist facebook, bing, yahoo, etc in your hosts file.
Re:Legislation (Score:4, Insightful)
It's 2013. Anyone who still thinks "vote with your wallet" works is a fucking idiot.
"Vote with the ballot box" is and will always be the fairest way: one person, one vote.
"Vote with your wallet" is similar but with the number of votes you get weighted by the size of your wallet.
DNT fails because large corporations are a bunch of lying, two-faced bastards. Abandoning DNT is no more sensible than repealing any law or policy "because rich people don't feel like following it".
Regulation works, except when regulatory capture happens. And regulatory capture happens when regulation is weak.
It's time to end Free Market As Religion. The balance that was social democracy represented the pinnacle of human civilisation, and it's time that America moved forwards to pre-Reaganite progress, and Europe to pre-Thatcherite progress.
Re: (Score:3)
"Vote with the ballot box" is and will always be the fairest way: one person, one vote.
hahahaha..hah.. ha.... You say wallet-voting fails then defend voting? What planet are you from? Neither works in systems where consensus and feelings matter more than truth and facts. It's hard to manipulate people who stick with the latter two, leaving corporates and government without much power, thus they work to maintain an impulsive, emotional buyer/voter base..
DNT fails because it leaves the fox guarding the henhouse.. The only way to get rid of web tracking is to kill the scriptable browser.
Re: (Score:2)
I do.
one is democracy, the other is essentially rule by those with enough money to vote.
Re: (Score:2)
"DNT fails because it leaves the fox guarding the henhouse.. The only way to get rid of web tracking is to kill the scriptable browser."
Scriptable browsers are what makes most ad-blocking features work - and all online "apps", like Gmail etc. Advertisers would love it if you killed scriptable browsers, but online services would hate it. Kill cookies (other than session cookies), sure, but not scripting.
Re: (Score:2)
Last time I checked "Vote with the wallet" worked for the ballot box just fine. Of course, provided your wallet is big enough to buy the right politicians.
Comment removed (Score:4, Informative)
Re: (Score:2)
Jon Stewart is a comedian. It is a comedy routine. The Daily Show is aired on "Comedy Central".
WTF? How did this guy get modded "+4 Informative" for an insane diatribe like this?
Re: (Score:2)
Re: (Score:2)
Not only do I think it works in many situations, I see that it has a good track record, confirmed again and again to be devastatingly effective strategy for dealing with many different kinds of shit. I'm talking about the exact opposite [xkcd.com] of Free Market As Religion. I have evidence, and it's repeatable so that you can recreate it whenever you want to.
For example, there was a computer company that sold a truly piece-of-shi
Re: (Score:3, Insightful)
"As you can tell by the total absence of murder now that murder is illegal."
"As you can tell by the total absence of rape now that rape is illegal."
"As you can tell by the total absence of theft now that theft is illegal."
See, that sophomoric black-and-white "X is not 100% effective therefore it is 0% effective" argument is shit. And it always will be shit.
As for spam:
1) There would be way more spam if spam were entirely legal;
2) Anyway, spam is very poorly regulated, thanks partly to regulatory capture: i)
Re: (Score:3)
Spam isn't much of a problem because of reasonably good technical solutions, not because of law written by ivy league lawyer techno-weenies who think they know what it is they do to/for the rest of us.
Actually (Score:3)
Re: (Score:2)
And now try to convince some government in a country the name of which ends in -stan that prosecuting spammers is a worthwhile endeavour. Hint: It's likely a big part of their GDP.
Please lemme be there, I promise I try not to laugh. Can't promise I won't laugh, but I'll try.
Another hint: Spam doesn't give a fuck about your local laws, and neither does it care for petty things like national borders.
Re: (Score:2)
you're implying, there would be more murder, if it were legal.
No, it would not. But it needs to be illegal, so you can (legally) punish the murderer. You cannot do this, while its still legal.
Re: (Score:2)
You bet, just as easily as they forgot pre-New-Deal America.
Re: (Score:2)
Advertisers? Big boys? More like little bitches.
Laws or no laws to keep these assholes in line, no one is going to stop me from using Adblock, NoScript, DoNotTrackMe, etc. or similar tools. I don't trust these crooked fucks to even follow the law, so privacy extensions aren't going anywhere.
Re: (Score:3)
Oppression is oppression, whether it's corporatocratic tyranny, or abuse by ivy league lawyers in governments who think what's best for them is best for everyone else...Oh wait, both have basically the same attitude. The real fun begins when each side helps the other out, as is happening more and more these days.
Re: (Score:2)
And by "bad for everyone", you mean "bad for companies' bottom line and easy earnings". Consumers benefit. But consumers are rarely if ever part of that "everyone" when used by corporate shills.
Re: (Score:3)
The big boys in the industry ARE getting their shit together. That is exactly WHY we get legislation.
What did you expect, invention? Lobbying is where you spend your money these days as a company, not innovation. It's not the better product that makes the race, it's the better lobbying.
Re: (Score:2)
The days of the wild west on the net are gone...
No they've just been pushed outside the view of the popular perception of the internet.
The wild west is still there and if the pirate sites rising and falling, or the sharing sites being brought up under the same name as they were previously despite actual current ongoing legal battles are any indication we're a long way from any kind of enforcement by governments or corporations.
Re: (Score:2)
Tragedy of the commons. While many companies aren't playing fair when tracking their costumers, it's unrealistic to expect them to abandon that profit. I would say that the real blame lies with the W3C who have been completely ignoring all security concerns during standard design. If we want to make a safer web, we should make a safer web standard instead of handing control to the lawyers.
Re: (Score:2)
I'm really, really glad that we are in the EU. Corporations don't rule us like they rule the US. Look at how much of a stink the "right to be forgotten" has caused.
People say the EU is undemocratic, but it seems to act in the interests of its citizens far more than out national parliament.
Re: (Score:2)
... ignored by organisations based outside whichever jurisdiction has passed the laws you're talking about. So, companies will re-structure themselves.
Countries that think that they're the only country in the world are in for a nasty shock, as multi-national corporations learn to "route around" the "damage" that legislation and taxes represent.
Re: (Score:1)
Democracy is continuously messy and aggravating, but it's a fuck of a lot better than being sheeple inside corporate dictatorships.
There's less and less of a difference between corporate dictatorships and the smothering oppression coming from neo-socialists passing themselves off as leaders of 'democratic republics'. Both pass off actions that preserve/grow their power bases as caring for the citizen/customer. This results in the latter having sheeple status. They're both full of shit.
Re: (Score:2)
I guess you're right. Maybe I should move.
Do you know a country that's not ruled by corporate dictatorships but by that "democracy" you talk about?
meanwhile... (Score:2, Interesting)
Many of us here have been saying DNT is a bad idea since it first appeared (and often, on slashdot, we've been downmodded for it). The right way to do this is NOT to depend on the good will of the remote side. Even you passed laws that demand compliance, the data collection will just move out of the jurisdiction of those laws, and anyway, the companies involved will buy themselves exceptions and find creative loopholes. You can't win, that way.
You CAN avoid giving them much data in the first place. You
Re:meanwhile... (Score:4, Insightful)
Someone will say, "I shouldn't have to do that!", and they're right, they shouldn't. But the simple reality is that you do have to do all that, and some others in that ilk (only whitelist javascripts you trust). It's your computer which loads those trackers. You are free to tell it not to do that, but don't fool yourself into thinking businesses built around tracking your every move will ever have your best interests at heart.
Re: (Score:2)
So what's the problem with blocking all the garbage with the many tools we have and also having a DNT flag on top as a clear statement that the fact my browser didn't load any of the tracking crap was entirely intentional?
Re: (Score:2)
This would actually not work too well in this case. Sure, you yourself can move out of jurisdiction, but where does your advertisement revenue comes from? Most likely vast majority of it comes from EU companies or companies with legal presence in EU..
So let us imagine that getting dinged by this legislation bans EU based advertisers from selling advertisements to you under penalty of significant fine if caught. Suddenly all large advertisers face a clear cut choice: continue ignoring the law and lose vast m
Re: (Score:2)
Many of us here have been saying DNT is a bad idea since it first appeared (and often, on slashdot, we've been downmodded for it). The right way to do this is NOT to depend on the good will of the remote side....
What do you mean by 'us', Kemo Sabe?
Okay, seriously: It's almost axiomatic in programming that you never trust your inputs, and you never assume that just because the external party (be it a function, another object, or a completely separate system) says it's going to X, that X will actually happen. So I'm good with the principle so far....
You CAN avoid giving them much data in the first place. You don't have to load their web bugs, their trackers, accept their cookies, or flash objects, and you can obscure your user agent string, and if you're really paranoid, even your IP address.
That's all well and good, but sometimes part of protecting yourself consists of telling someone else to stop doing what they're doing. Instead of just avoiding a particul
Re: (Score:2)
It is indeed unfortunate that people see it in such an unrealistic way. School bullies initiate action; they come to you, telling you to give them your lunch money. And if you refuse, then they do something bad to hurt you.
Web tracking is where you make the decision to talk to someone else, and they decide to remember the conversation happened (and a lot of other details, like where the
Re: (Score:2)
The question is, HOW does someone go about doing that without their wife/parents getting annoyed when their school/office website chokes due to a blocked script. My general course of action is to install noscript and adblock, but the fine tuning involved makes the whole thing a hassle.
For me, it's not hard to slowly add/deny portions of sites since I'm marginally familiar with how the web works, but I'm at a loss as to how to make it transparent for the SO.
Poisoning the well (Score:5, Insightful)
For a long time, advertisement didn't bother me. I refused to use ad blocking addons, and considered ads just part of a trade. Sites give me content, I look at the ads.
Then came pop-ups. Pop-unders. Flash adds. Ads with music. Ads that would make my cockatiel go into convulsion, and start to drool and chase the neighbor's cat. And I have to tell you, my neighbor really loves her cat. And being chased by a drooling cockatiel will really humiliate a cat, and all dogs will start making fun of it. Not an idea situation.
So, back to the issue at hand. What MOST sites did was poison the well: no one can drink front it. It got so bad that I eventually had to start using ad blocking addons.
Now people want to implement VOLUNTARY sensitive advertisement and privacy practices. Obviously, they are trying to convince people we no longer need our ad blocking addons. By saying they will do something that is exactly the opposite of what they have done so far, ostensibly.
Sure, some sites will do the would Do Not Track dance. But those are the same sites that already respect our privacy and my neighbor's cat. Exactly the ones that don't need it.
The ones that need it the most, will just ignore it.
Fun, isn't it?
Fuck Do No Track. I will keep my Javascript and Ad blocking addons.
Re:Poisoning the well (Score:5, Insightful)
Then came pop-ups. Pop-unders. Flash adds. Ads with music. Ads that would make my cockatiel go into convulsion, and start to drool and chase the neighbor's cat. And I have to tell you, my neighbor really loves her cat. And being chased by a drooling cockatiel will really humiliate a cat, and all dogs will start making fun of it. Not an idea situation.
What you left out of that extensive list was malware served up through ad networks. It's not enough to go to "trusted sites" but you have to trust their ad servers too. On one site I still frequent, there was an ad serving up malware for an exploit in Windows. They have since clamped down on who their ad server is, but after that people installed adblock plus as a security measure.
--
BMO
Re:Poisoning the well (Score:4, Funny)
My filesystem is case-sensitive, you insensitive clod.
Re: (Score:2, Informative)
Re: (Score:2)
a good reason to sign the post manually
No kidding (Score:5, Insightful)
Advertisers need to STFU as they are the reason all this happened. Most people really don't mind non-invasive ads that much. They'll let them happen and likely not even complain. However the advertisers seem to think that more obnoxious, more invasive, etc is the way to get attention. Eventually, it pushes people over the edge and they will block it.
Happened to me. I was fine with ads, I understand the need. However I really hated popups. No problem, popup blocker. Then game the fucking flash ads, ok fine so a flash blocker with click to pay for the stuff I want. Then, HTML 5 ads that take over a page. Ok, fuck you, all ads are blocked, I've had enough.
Happens with more people I know too. They'll ask me if there's a way to deal with it and I'll point them to Adblock.
Advertisers really need to understand that if you don't want your market to go away, you have to stop being dicks about it. Keep the ads low key and not fraudulent, and people will probably be ok with it by and large. Some won't, but most won't mind, at least not enough to do something. However the more invasive you are, the more people will block it out.
Re: (Score:1)
How much are you willing to pay to view your favorite sites?
Unfortunately, the reality is that running websites costs money, and people do not want to pay to access them. You pay to access them by viewing advertising. When you block ads, you are effectively stealing from the sites you visit. If you were shopping for cars and the seller was asking too much for one you really liked, you wouldn't steal it. You would buy a different one. If you don't like how the sites you visit advertise, go to different ones.
Re: (Score:3)
And if they aren't worth my money... I don't care. I don't need your content. Mostly I don't care about it, it is a distraction, nothing more. Perhaps a pleasurable one, but no more pleasurable than my hobbies, books, or friends. Something will fill the gap, we lived for hundred of thousands of years without your blog, and we can live a couple hundred thousand more without it again.
Adapt or die. And the second you try to exploit me, is the second where I shop giving a shit about exploiting you.
Re: (Score:2)
No, I am not stealing. The web sites are provided free and I'm just viewing some of the content they provide. Maybe I'm not viewing it the way they would like me to view it, but that is not the same as stealing and it is not immoral or unethical. This is little different from my throwing away my junk mail unopened.
Do not blame the viewers of the web sites for this. Blame the the advertisers who came up with abusive ads and the companies that continue to buy the abusive ads. If the companies would behav
Re: (Score:1)
Re:No kidding (Score:4, Informative)
Of course the whole thing will be gamed and I have no idea, if it will ever take off.
Re: (Score:2)
I'm surprised advertisers have not started deploying counter-measures already, but I suppose the number of users is too low. For example text ads can only be blocked easily if they come in a nice DIV you can name. Image ads are easier but again only if they have a file name or come in a named DIV that gives them away. The ad images could even be overlaid onto content images dynamically, making them virtually impossible to filter without making the site unusable.
Sites help ad-blocking a lot with named HTML e
Re: (Score:2)
Advertisers really need to understand that if you don't want your market to go away, you have to stop being dicks about it. Keep the ads low key and not fraudulent, and people will probably be ok with it by and large.
Making ads low-key only really works for sites where the ads are almost as compelling as the content — sites like search engines and content farms. Sites with top-quality content have a greater need for intrusive ads to pull people's attention away from that content. So I don't think the promotion of non-intrusive advertising is a solution to funding the media.
Re: (Score:2)
Why fund the media? Find a job or source of income that isn't about pretending to be a journalist. This stuff is turning the net into a low-tech venture where it's about content instead of actually doing something new and interesting and advancing the state of the art.
Re: (Score:2)
Why fund the media? Find a job or source of income that isn't about pretending to be a journalist. This stuff is turning the net into a low-tech venture where it's about content instead of actually doing something new and interesting and advancing the state of the art.
If you find some content useful, either because it's informative or entertaining, it's worth finding ways to encourage the producer of that content to make some more. I think the common view that there will always be an unlimited supply of free or cheaper just-as-good alternatives to any piece of quality content doesn't hold water.
Quality doesn't have to be new and interesting. It's usually mundane. Most work is like that, but it keeps the world turning.
Re: (Score:2)
Sites require funding and advertisement provides funding. But advertisements does not "require" animati
Re: (Score:3)
Advertisers need to STFU as they are the reason all this happened.
+100
Anyone who listens to the people who brought all this about is either stupid or corrupt or both. The entire discussion should happen with the advertisers excluded.
I want DNT. I want it to be enabled by default on all browsers. And I want ignoring DNT to carry a fine large enough that intentionally doing it large-scale will bancrupt your company. And I want that kind of intentionally ignoring it carry criminal penalties for the C-level executives.
Because that's the only way short of shooting them that th
Re: (Score:2)
Adblock also greatly improves the performance of browsing the web, especially if you're on a slow network or dialup.
Re: (Score:1)
Then came pop-ups. Pop-unders. Flash adds. Ads with music. Ads that would make my cockatiel go into convulsion, and start to drool and chase the neighbor's cat.
...
Fuck Do No Track. I will keep my Javascript and Ad blocking addons.
FYI: You're a fool, but not for the reason you think. DNT:1 isn't going to stop any of that crap you're railing against. DNT:1 doesn't prevent you from using an ad-blocker. The Do Not Track header is a key piece of technology that legislation can be built around to limit the unwanted aggregation of data that even your precious Ad blocking addons are leaking by your mere visiting of the page. Hell run WireShark with ABP enabled and watch it leak like a damned sieve. Fucking moron. Protip: Try to actual
Re: (Score:2)
Do Not Track was the only current way in which advertisers would have me stop black-holing their networks at the border. As it is, I guess I'll just keep it as it is. More fool you, advertising networks. I'll just be sure to let the sites which ignore Do Not Track know that I'm blocking advertisements on their site.
Re: (Score:2)
you do not support sites by allowing ads, without buying the products.
A ad costs the advertiser money: money for the space at the homepage (the money you want the homepage owner to have) and hosting cost (traffic, server rent). If the advertiser shows you the ad, its costly for him. If you buy something, its profitable. But if you do not buy something, the sum is negative, so he will lower the pay for the homepage owner in the long run. So only unblock ads, if you plan buying stuff from them.
Most intelligen
Not a technical solution (Score:3, Insightful)
The poster asserts that DNT is a (not very good) technical solution to a technical problem, and proposes other technical solutions.
The problem is that DNT is neither a technical solution, nor is it trying to solve a technical problem.
DNT is the first step in a legal solution to a social problem.
You may argue whether legal or technical solutions (or both, or neither) are more effective against this social problem. However, put DNT into the right bucket first!
Re: (Score:2, Redundant)
Wrong.
Tracking is not a technical problem in the first place. It's an economic and social problem where people choose to track visitors on purpose for the sake of advertising revenue.
It's not a technical problem because it's working exactly as intended.
Killer 'Do Not Track' App? (Score:2)
Re:Killer 'Do Not Track' App? (Score:4, Informative)
Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.
- Cookies
- JavaScript
- tracking pixels
- HTML local DBs
- Flash objects
- fonts
- screen size/colors
- plugin config/versions
- User agent
- IP address
- and now.... "DNT" toggle...
It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".
Anyways, some info:
EFF tool to see how well you can be tracked (fingerprinted)
https://panopticlick.eff.org/index.php?action=log [eff.org]
NAI (Network Advertising Initiative)
Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
http://www.networkadvertising.org/choices/ [networkadvertising.org]
Apple iAd opt out
http://support.apple.com/kb/HT4228 [apple.com]
Re: (Score:2)
I seem to remember the impetus for this stupid technology was that a Mozilla researcher was about to make available some technology that either blocked tracking cookies or made them relatively anonymous, but then Google and others stepped in and stopped it, and came up with this easily ignorable solution instead. Has anyone else heard of this or am I making it up?
Interesting, but I am pretty sure DNT was Mozilla's Idea.
Hmm... From Mozilla Foundation [wikipedia.org]:
The Mozilla Foundation was founded by the Netscape-affiliated Mozilla Organization, and is funded almost exclusively by Google Inc.
Re: (Score:2)
It sets a cookie with an ID of 0 (or -1, or the like) -- As far as I understand it this is the only way they can "know" not to track you.
"Good will" (Score:3, Interesting)
Anything that leaves your privacy on the "good will" of the companies is inefficient to protect my privacy.
If I do want to protect it, I'll use tools like Ghostery and DNT+ where I can choose *myself* what info I send, and not rely on them honoring the DNT.
I know I will be flagged "flame" but honestly the DNT looks a lot like the "evil bit" to me.
Re: (Score:2)
"Anything that leaves your privacy on the 'good will' of the companies is inefficient to protect my privacy.
If I do want to protect it, I'll use tools like Ghostery [snip]"
So you're relying on the "good will" of a company that provides marketing data to the DMA? That seems kind of odd given your stated position on privacy.
Re: (Score:2)
DNT was never designed to be a replacement for ad blocking, Ghostery and the like. It was to create a way of applying pressure to advertisers, via laws enforcing it if necessary, without creating an undue burden on the user.
Instead of clicking "opt out of tracking" on every web site and every ad the user ticks one box in the browser. Self respecting companies with a reputation will hopefully honour it. It's like the telephone preference list / do not call list.
evil bit (Score:5, Funny)
Next up, being unarmed and begging pretty please shown not to prevent robberies.
This is just like the evil bit. Anything requiring cooperation from assholes is doomed to failure.
Google, MS etc. do not ignore DNT (Score:5, Insightful)
Re: (Score:2)
[citation needed]
Use Ghostery (Score:3)
Relying on the people who want to track you to honor your "Please don't" request is just guaranteeing disappointment.
Now there are plenty of ways you can clamp down on the tracking and cross-site leakage, from NoScript to RefControl, but the single easiest cross-browser cross-platform way to do it is Ghostery: https://www.ghostery.com/ [ghostery.com]
Most importantly, unlike the other methods (NoScript in particular) it only very rarely breaks a page. So it's just set up and forget.
I'm sure it's not as effective as some other tactics, but the 'works on everything' and 'just works' is really key to just using it all the time everywhere.
trivial, 99% effective fix (Score:3)
There is a trivial, 99% effective fix for this problem. In firefox, go to Edit:Preferences:Privacy and tell it to forget all cookies when you end a browser session. There is also a facility for whitelisting cookies from certain sites so that, for example, you don't have to log in to slashdot every time. Cookies from the whitelisted sites are remembered across browser sessions.
Re: (Score:1)
They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.
I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.
The only real solution is to use adblock,
Re:trivial, 99% effective fix (Score:4, Informative)
They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.
AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you [eff.org] especially if you include your IP address (but that's not always reliable).
I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.
There's already a solution for that. [wikipedia.org] Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.
Re: (Score:2)
How dare people chop of the trailing bits of an IPv6 address, thus rendering IPv6 privacy extensions ineffective.
Re: (Score:2)
Re: (Score:2)
Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you especially if you include your IP address (but that's not always reliable).
What we need is an extension that doesn't delete cookies, it alters them to randomize unique ID numbers and other valuable data. As well as cookies it would randomize the browser user agent string and referrer when sending requests to known ad servers. The "proxy-for" header is also fun to play with and might help combat IP addressed based tracking.
Don't just block tracking, screw it up and poison the databases with fake nonsense data.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
That's no good for for those of us who put our computers to sleep instead of shutting down.
The cookies go away when you restart your browser, not just when you shut down your computer.
Re: (Score:2)
Blocking thirdparty cookies is also worth a crack, although as Google demonstrated, that can be worked around.
Re: (Score:2)
they can only work around flawed implementations of blocking third-party cookies (i.e. generating exceptions on the fly)
It's not tracking that is the problem (Score:1)
Evil bit? (Score:2)
It sounds like a serious comittee and companies got an inspiration from the Evil Bit proposal, even though that one was an april fools joke.
Lack Of Trust (Score:2)
Both in terms of the idea and design. There is no level of Trust in the design of "Do Not Track". The server on the other end has no real obligation to honor the flag. The client has no real way to check if it is honoring the flag.
Also something people miss: You can't legislate trust. How do you prove violations? Random audits on paper sound like the way to tackle conformance but again who is building that tool? Google, Microsoft, Amazon, etc? Again we have a lack of trust....
It's not about whether the site honors it or not (Score:4, Interesting)
For me, I don't care whether the site honors that header or not. If they're going to abuse tracking, they're not likely to suddenly come over all ethical and change their servers to not track. What the DNT header does is give a standard, recognized signal present in every single browser request that I do not consent to tracking. It's like the fence with the locked gates and "Private Property - No Trespassing" signs around a property: it's not going to keep trespassers out, but it's a clear and more importantly legally-recognized demarcation. If they jump over the fence onto my land and get in trouble because of being there, the court's going to look at the fact the land was clearly posted and tell them "Sorry, we don't accept your claim that you didn't know it was private property.". With the DNT header, no Web site can claim they didn't know I didn't consent to tracking. They can't claim implicit consent, because there's explicit non-consent in the very request they serviced. And this is why the advertisers are making such a play to get the DNT header dismissed and abandoned. Up to now they've taken the position of "You must consent as a condition of access, you accessed so we can assume your consent.". As long as there's no standard way of saying "I do not consent.", they can get away with that. But with a standard DNT header they can't argue that it's infeasible to check every possible way of not consenting. There's just one, and it's not ambiguous. The counter-argument of "If they don't want to allow access to those who don't consent, why did they not simply return an HTTP error when they saw the DNT header?" becomes rather more convincing.
The secret the advertisers don't want to state up front is that they don't want to require consent to tracking. They just want to track everybody whether they consent or not. Anything that provides a clear, unambiguous message to them about consent or lack thereof is a threat to that position, because it makes it harder for them to argue a basis for their assuming consent.
And a message to every Web-site and ad-network operator out there: if you're serious, stop whining and configure your servers to return 403 Forbidden to every request with the DNT header set. It's not that hard.
Re: (Score:2)
I'm surprised that this is a minority view. This is a legal issue. There are no technical means to utterly prevent tracking, but this provides a legal means for punishing people who do it. Anyone who says DNT is harmful is selling something, or bought something stupid from someone who is.
Re: (Score:3)
Hmm... if someone comes illegally onto my property after I clearly marked it, I may shoot him in defense. Say... does that work on that DNT too?
Please, oh please say yes...
Great (Score:2)
We've created a completely, utterly useless specification that every single (mainstream) browser now implements as a feature. In all, countless megabytes (gigabytes?) and countless manhours and processing-hours have been wasted, all for the sake of doing nothing.
Of course, anyone with half a brain saw this coming.
They can track me, I just don't want to see ads. (Score:2)
DNT by Default (Score:2)
Well, now I'm beginning to question the efficacy (Score:3)
Tracking and Advertising (Score:2)
Two totally different things. No need to track me, to present ads to me.
Re: (Score:2)
Ya know, last time I checked it was still illegal.
And I bet it's been lobbied into existence by some manager who wanted to make sure we can't get rid of 'em... sneaky bastards...
Re: (Score:2)
Could you please be quiet? I can already see some pencil pusher go "hey, good idea!"
Re: (Score:2)
Google was sued because Google are the ones who breached privacy in that instance, obviously. Do you really believe that it should only be possible to prosecute a crime if you can round up every single person who has committed a particular offense?