Forgot your password?
typodupeerror
Privacy Advertising Firefox Mozilla Opera

Stanford, Mozilla, Opera Launch Web Privacy Initiative 65

Posted by samzenpus
from the going-private dept.
An anonymous reader writes "Stanford Law School has kicked off a 'Cookie Clearinghouse' web privacy initiative that brings together researchers and browsers. The project aims to provide a centralized and trusted repository for whitelist and blacklist data on web tracking, much like StopBadware does for malware. Mozilla and Opera are collaborating on the initiative, and Mozilla plans to integrate it into Firefox's new default third-party cookie blocking. The leader of an advertising trade group has, of course, denounced the participating browsers as 'oligopolies.'"
This discussion has been archived. No new comments can be posted.

Stanford, Mozilla, Opera Launch Web Privacy Initiative

Comments Filter:
  • by Jawnn (445279) on Thursday June 20, 2013 @08:21AM (#44059333)

    “There are billions and billions of dollars and tens of thousands of jobs at stake in this supply chain,” said Rothenberg, who called the browser makers “oligopolies” with excessive power to make decisions affecting the workings of the Internet. “It should be done with stakeholders’ input.”

    Mr. Rothenberg, you keep using that word. I do not think that it means what you think it means. The "stakeholders" in this are the users of the browsers, not the web site operators. Get that part right, at least. It is my browser, not the web site operators. If I don't want it to allow me to be tracked through the use of third-party cookies, I should have that choice, just like it's the web site operator's choice to deny me access if I don't allow such tracking. It's all about choice and when it comes to what my browser should or should not do, that choice is mine.

  • by MysteriousPreacher (702266) on Thursday June 20, 2013 @08:31AM (#44059387) Journal

    The group in question is the Interactive Advertising Bureau, which is paid to rail against pretty much anything that makes it harder for advertisers to track people online.

    I don't want these shitbags tracking my browsing history, which is why I block or otherwise restrict most cookies, and block web bugs. I'm fine though with adverts - just not Randall Rothenberg's view of spying being an acceptable price for free content. Bloody hell, even his name makes him sound like some 19th century mad industrialist, busy earning a fortune from grinding childrens' bones in to cosmetics.

    • by SJHillman (1966756) on Thursday June 20, 2013 @08:42AM (#44059449)

      I'm okay with most ads, as long as there's no music/video/flashing/excessive animation/pop-ups/pop-unders/scrolling/etc. I don't mind them tracking me within a site (IE: NewEgg displaying ads for stuff someone from my IP has previously looked at). However, when I see ads for something I looked at on NewEgg popping up on every site I visit, that just feels like stalking. I don't want the Walmart Greeter following me into Target, Sears and Big Lots just so he can keep trying to hand me the Flyer of the Week.

      • Good analogy, and these guys seem unwilling to acknowledge how creepy this is! Even though it's anonymised, it's still stalking and building up a little profile of my online activities.

        How far does one have to go before Rothenberg considers this to be stalking? Tying to real names? Rothenberg posting his semen soaked toenail clippings through the letterbox of that girl he one day follow on the bus until she reached her home?

  • An oligopoly that between them has around 20% of the market?

  • Tough ... (Score:5, Informative)

    by gstoddart (321705) on Thursday June 20, 2013 @08:56AM (#44059539) Homepage

    âoeThere are billions and billions of dollars and tens of thousands of jobs at stake in this supply chain,â

    You know what Mr Rothenberg, we don't give a shit.

    Because also at stake is our privacy, and our right to not have some douchebag advertising company know every detail of our lives.

    I don't want doubleclick, quantserve, google analytics, scorecard research, and all of these other assholes to get a phone-home beacon on every page I visit -- which is why between my firewall and various things like NoScript/ScriptSafe, these sites are blocked.

    I don't owe you marketing data, and I'm not interested in your product. Don't act like it's your right for me to provide you this data, because it isn't.

    The advertising companies who do this are the oligopolies, Mozilla is just putting some more freedom in the hands of their consumers ... or maybe you don't like it when consumers exercise their right to be not interested in what you're selling and your just a corporate mouthpiece who is only interested in corporate freedom?

    I don't have any more sympathy for advertisers than I do for telemarketers. They can both go eat shit and die.

    • by Ash-Fox (726320)

      and our right to not have some douchebag advertising company know every detail of our lives.

      So what you're saying is, every detail of your life is pretty much visiting websites where their advertisements exist. I feel for you.

      Regarding this universal right you mentioned, can you quote something relevant to back this right up, such as from 'The declaration of human rights' or such?

      • Regarding this universal right you mentioned, can you quote something relevant to back this right up, such as from 'The declaration of human rights' or such?

        Oddly enough, article 12 of the UDHR.

        • by Ash-Fox (726320)

          Article 12 says:

          No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

          The definition of "arbitrary interference" is:

          arbitrary inference is a type of cognitive bias in which a person quickly draws a conclusion without the requisite evidence.

          The definition of "cognitive bias" is:

          A cognitive bias is a pattern of deviation in judg

      • by gstoddart (321705)

        Well, since it involves transmission from MY computer, or pulling down from their servers (again, from MY computer)... until someone tells me I'm legally obliged to allow this to happen, I'm perfectly free to block it. So, I am well within my rights to not participate. It's also my right to tell a telemarketer to fuck off, and to set my phone to block calls with unknown caller id (because if I was supposed to care who you are, you should identify yourself to me).

        I'm not interested in their marketing crap,

        • by Ash-Fox (726320)

          Can you cite some 'declaration of corporate rights' which says I'm required by law to allow all of these web beacons and cookies?

          In theory, they could use this in their Terms of Service and deny you service on those grounds. Additionally, depending on the country, this could be seen as unauthorized access to a system (civil and/or criminal law), because you did stick to the conditions of the terms of service.

          • Re:Tough ... (Score:5, Insightful)

            by gstoddart (321705) on Thursday June 20, 2013 @10:00AM (#44060099) Homepage

            In theory, they could use this in their Terms of Service and deny you service on those grounds.

            In theory, they can shove it up their asses.

            Until I see a legally binding court decision which compels me to allow this, I'm going to assume my right to tune them out and not listen still holds true.

            If a website wants to sue me for blocking their ads, and 3rd party advertiser thinks I'm breaking some kind of law by blocking this, then I will refer them to Arkell v Pressdram [wikipedia.org].

            Even if we call advertising 'speech', your right to free speech in no way compels me to listen or enable you to speak to me. I consider advertising to be in the same class the Jehova's Witnesses who come to my door -- your desire to tell me something is trumped by the fact that I Don't Give A Fucking Shit. And like I will shoo these people from my front door, I will continue to block the advertisers and other crap in my browser.

            Their desire to be heard doesn't mean I'm required to listen or allow them onto my property.

            • by Ash-Fox (726320)

              I was actually referring to website owners rather than advertisers setting the terms of service where you agree to the delivery and tracking of advertisement. In theory, advertisers could require that website owners require a ToS on their website that requires this and permit the advertisers to go after people.

              The violations I spoke of were of access to the service, couple that with western society laws on unauthorized access and you have some interesting criminal/civil charges on top. I'm not calling adver

              • by mrbester (200927)

                Unless those terms are prominently displayed on every page (not just tucked away behind a link no one visits) then contract law in UK clearly states that this is an unenforceable extension to the contract as the terms were not made available at the time of accepting it (navigating to a page on the site; i.e. *before* you've even loaded the site)

                Not that a Terms of Service page on a web site is a contract in the first place in UK...

              • IANAL, but while I'm sure such a ToS would probably be considered valid, I don't think that the advertisers could "go after" users. It would, however, be within the rights of the hosting website to refuse access to anyone using an ad blocking browser, plugin, hosts file, etc., and within the rights of the advertiser to refuse to pay to have their ads hosted on any website that doesn't do that.
  • As an experiment, I recently tried setting Chrome to keep cookies only for each session (ie delete everything when I close the browser). So far I have not noticed any substantial difference to my browsing experience - all the sites I go to still seem to work normally. It seems like a good compromise - if cookies are disabled completely, lots of sites do not work properly, and do not report why they are not working, and maintaining a manual exception list is a pain.

    • I've browsed this way for a long time, and as you said, it works well. I only allow longer-term cookies for sites on which I have an account of some type.

      The thing with targeted advertising is that it's still possible, just not as easy. We know that on a Counterstrike website there's little point in advertising training bras, while on an angel healing website there's a burgeoning population of naive marks waiting to buy the next mystical wonder. The biggest loser here would be content mills that are so unfo

  • Already exists (Score:2, Interesting)

    by Anonymous Coward

    Firefox with ABP (load up the subscriptions, uncheck 'allow some advertising), NoScript (take out all the whitelisted URLs which are there by default) and Ghostery. Add in an extension which forces HTTPS.

    Stop visiting sites that make you add any of their shitware scripts to the whitelists in NoScript or Ghostery.

    There's a reason advertisers hate, hate, HATE those three plugins. It's because they are like holy water being poured on the foreheads of obese, slovenly vampires which want to devour your persona

  • From http://cch.law.stanford.edu/our-projects/ [stanford.edu]

    If Stanford hosted all of their images on www.stanford-images.edu, but users only visit www.stanford.edu, then cookies would set from www.stanford.edu (presumption 1) but not from www.stanford-images.edu (presumption 2.) This does not make any logical sense, since both websites are part of Stanford.

    Not according to the whole way the Internet works. These are two completely unrelated domains. If you wanted the system to work for you, call your images server ima

  • Can I have... (Score:3, Interesting)

    by Anonymous Coward on Thursday June 20, 2013 @09:47AM (#44059977)

    a) A general end to end encryption mechanism, as opposed to the current end to server mechanism. If I send a message to Bob using FaceBook, that is between me and bob, not Bob, Facebook, NSA, CIA, or any other law breaking faction of government that might have the technical means to grab it.
    So it should be encrypted with Bob's certs, not Facebooks certs.

    b) Thunderbird to support public key exchanges like SSH does. So a public key is attached to outgoing mail, a client that supports it, records that key the first time it sees it, and from then on send to my email are encrypted with that key. i.e. removing the public certificate authority, and relying on the first key exchange to encrypt mail end to end.

    c) A HTML extension, declaring an encrypted edit field, with a second extension declaring the recipient. The browser only allows javascript and send to see the encrypted edit text, encrypted with the public key of the recipient (which you obtained on the first key exchange, see a). The edit field needs a visual indicator so we know its encrypted. So webmail can support end to end encryption.

    d) An add on to force sites like Yahoo, Hotmail and Gmail into encrypted mode. So we can webmail encrypted even if the site refuses to cooperate.

    e) Better control of certificates, I'd like to remove all the cert authorities that have a US base as untrusted (untrustable), but I'm reduced to going through them one by one. Also SSH has warned me in the past of attempts to substitute a certificate, does Firefox do the same?

    f) File send data encrypted. People upload zip files with their banking passwords, and other details, thinking they're trusting Google or Yahoo or Dropbox or whatever with a backup copy of their data, not realizing they're handing it to a Dr Strangelove. They should have an easy way to upload it encrypted with their own key.

    g) ISPs, can I have the old Deutsch Telekom trick of renewing an IP address every 2am. Making tracking more difficult.

    h) ISP's if you're putting in Super NATs can we have them using a session id, and not some constant mechanism that reveals the end point after the NAT.

  • But how do you get more privacy out of a centralized repository? Centralization and privacy don't mix. And that word... trusted... please...

  • Tough tits, toots.

    Advertisers are of course, free to create their own extra-spiffy browsers, just chock full of advertising.

  • Stories of doom and gloom were also spewed by the Phone telemarketers and they are doing just fine.
  • What happens next?
    See what we have planned ( click link )

    404 — Fancy meeting you here!
    Don't panic, we'll get through this together. Let's explore our options here.

    Nothing changes LOL

  • Hi. I'm running the Cookie Clearinghouse [stanford.edu]. I'd like to do a good job with it. From prior experience with Do Not Track, I notice two things: (1) it's impossible to actually get anything *done* with too many people in the room, yet (2) users are basically not part of the discussions, yet alone decisions. How, if at all, would you like to be involved? What's a good way to get more smart voices into the discussion without it being a DDOS on my time?

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...