Privacy Groups Mull 'Do Not Track' List for Internet

Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.

Do not spam?

[ACS Solver]

So when will I be able to add my email to a "do not spam" list?

Re:

[FlyByPC]

Right this way, sir. Our company has set up a database to help manage your email marketing experience. And it won't even cost you a thing! Just confirm your valid email address via a script, and...

The sad thing is, I know this would collect a LOT of valid emails. (Probably from folks who would buy things from spammers, too.) Unfortunately, I'm not quite evil enough to bring myself to do that. It's too bad, really.

You can't help stupid

[fragmentate]

This isn't stupid enough by itself. It gets even stupider.

In order for a web site to know that a person has "opted out" of tracking, the site would have to set a cookie to track that user's preference to not be tracked.

While I realize there is a difference between a cookie like:

• Cookie: optout=yes;

...and...

• Cookie: trackmeforever=someWeIrD_unique_ID;

It's still tracking. Maybe I'm nitpicking...but, so are they, yes?

Re:

[cybermage]

I'm not entirely convinced that such a list would fail ... with the right precautions. Some ideas just off the top of my head:

One option:
===========
- Distribute the list only to marketers who's credentials and location you have verified.
- Require that distributed copies of the list not be redistributed.
- Fill the list with 10-20% honey-pot addresses. These addresses should vary from distribution to distribution so as to establish a "unique fingerprint" that would take the comparison of several distributions

Re:

[cheater512]

The problem is that the organisations which would obey that system also have unsubscribe links.

Don't forget to make list available to scammers!

[wsanders]

Well, out here at the Minsk Home for Deposed Nigerian Cabinet Ministers the first thing I must do is get hold of this list so I can stop scamming all you people.

Since most web usage is tracked anonymously it's much more likely that identifiable information will be hijacked from a copy of the the "no not track" list than from any of the web tracking itself. Seems like kind of a silly, tinfoil-hat-inspired idea!

Re:

[PatricianVet]

hey, I'm on the "Do Not Reply" list, so beware!

Re:

[sm62704]

Mods, the GP was indeed humorous but its writer deserved mod points (you don't get points for "funny"; mod me however you want, my karma's excellent so "funny" is fine). His point in the admittedly humorous post was that these lists would be completely worthess, as there is no possible way to enforce them.

This is completely unlike the "do not call" lists; these are country-specific. If I spam your phone and you're on a do not call list, we're most likely to share the same government (at least so far) You ca

unrealistic goals

[User 956]

Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said.

Also, they want world peace, and a pony.

Re:

[N3WBI3]

Ponies exist, they desire a unicorn..

Re:unrealistic goals

[morgan_greywolf]

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

• Download Firefox
• Install the Adblock Plus and NoScript extensions
• T
  
• Go to Edit | Preferences or Tools | Options (depending on platform) and go to the Privacy tab. Uncheck 'Accept cookies from sites'.
  
• Click Exceptions. Add in all the sites that you use that need cookies to work right (online banking, Slashdot, etc.)

Tada! You're done. Now you can't be tracked (unless you specifically want to be).

Re:

[walt-sjc]

This "do not track" group is a bunch of die-hard IE users. Since MS refuses to add reasonable privacy tools, they are looking for legislation. Idiots. This is a browser problem, not an advertiser problem. Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE, I don't know what the hell they are thinking Congress will do. Most likely we will end up with a law that outlaws privacy tools like Firefox / Adblock and inst

Re:

[m2bord]

the problem stems from congress writing legislation that will satisfy everyone and instead it satisfies no one. we have elected officials who have the backbone of a jellyfish (none).

what we need is for congress to say, consumers have an expectation, if not a right, of privacy. what they do in a legal environment should be there business and their business alone.

but what we get is, things like the ftc's do not call list where yea...your number is blocked unless of course if you send in a text message to a co

Re:

[RulerOf]

Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE

It's worth pointing out that even if spam was punishable by death, and also resulted in the execution of your friends and family before your eyes, we'd still get just as much spam. There are even tougher laws for a more illicit market: Drugs. You can go to jail for the better part of the rest of your life in some states, or at least long enough to ruin it, ju

Re:

[Kadin2048]

Huh?

I'm not sure I understand your point. The drug market doesn't really respond very well to threats of punishment, because many of the substances involved are physically addictive. Thus there's always a demand, regardless of how hard the government cracks down on it. The drug dealers are probably motivated by threats of punishment (in that if the threat is higher, they'll demand more compensation to take the risks, thus driving the cost of drugs higher), but the consumers definitely aren't.

Spam-sending se

Re:

[walt-sjc]

First, spam isn't a drug. M'kay? Your analogy fails at many, many levels.
Drugs, unlike spam, doesn't have a direct victim - the users are willing. They do have indirect victims in terms of children, etc. however. Drugs are also addictive (either physically or psychologically.) Much spam is currently legal due to the "I CAN SPAM" act, and you have no proof to back up your hypothesis. The fact is, outside of a VERY few isolated cases, we haven't even tried to deal with spam criminally. I could go on and on he

Re:

[Wolfger]

Obviously we need a law mandating that these idiots fine people use Firefox with NoScript. :-)

Re:

[Wolfger]

Curse you, Slashdot, for not allowing the <strike> tag!

Re:

[Relic of the Future]

Alternate step one and two: Download Opera

Re:

[Chris Mattern]

I tried, but the Magic Flute was over 3 gigs!

Chris Mattern

Re:

[KingSkippus]

I'm sorry, you lost me around that third step.

Re:

[calebt3]

I'm confused. Where are the '?????' and 'Profit!' steps?

Re:

[Thaelon]

Permit Cookies [mozilla.org] is a more user friendly version of your last two steps.

Turn off cookies for all sites, then to permit a site (session or permanently) you just hit alt+c and choose one, then hit enter.

Re:

[Fred Ferrigno]

I prefer CookieSafe [mozilla.org]. It's got a simple UI that works almost identically to NoScript. I have it set to accept cookies globally per session since many sites won't work without them, with sites that require logins white listed.

Re:

[Otis2222222]

As much as I like Adblock Plus and Noscript, I tend not to recommend that people install Noscript or disable cookies. Adblock Plus and automatic filter downloads are nice. But it's a lot to ask someone to manually whitelist a bunch of Noscript stuff with every new website they visit. My current Firefox installation is going on 1 year now, and you'd think I would have a good whitelist built up. But it never fails that just about every day I there is a good chance I will visit 3 or 4 websites that won't r

Re:

[mdm-adph]

My friend, I had kinda the same problem as you did (having to maintain a huge whilelist with NoScript) -- that's why, on the first tab of the configuration window, you'll see an option for "Allow Top-Level Sites by Default." No more keeping track of a huge whitelist.

Now, any site you go to will automatically allow JavaScript from that domain (I mean, if you didn't want its JavaScript running on your machine, what are you going there for?). Any other domain's scripts that are present on that page will s

Re:

[John Hasler]

> Now, any site you go to will automatically allow JavaScript from that domain (I mean, if
> you didn't want its JavaScript running on your machine, what are you going there for?).

While most sites I visit push JavaScript at me, almost all of them work fine without it. Same goes for cookies.

Re:

[plover]

I don't encourage other people to install AdBlock and especially not to subscribe to other people's blocking lists, and I'd encourage you not to either.

The reason is simple: the more AdBlock is adopted, the more incentive advertisers will have to find ways to defeat it.

This happened to us with spam filters. Years ago, spammers were lazy and stupid. I was able to block almost all spam using regexps. Once regexp-based spam-blocking products became used by ISPs, however, spammers had to find new ways t

Re:

[badasscat]

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

This depends on what you mean by "being tracked". If you mean tracked from site to site, then sure. If you mean tracked within a particular site, then no. There's no way to stop this.

I have a basic stat tracker on my blogs that I use for my own amusement; I just like to see who visits my sites. I see plenty of people visit with javascript turned off, and I don't use cookies

Re:

[KevMar]

I think some people are going too far with there tin foil hats.

I think we should be able to prevent a company from selling personal information to others. But if one company knows every thing about me, what harm is there. So what if I look at porn in the evening and watch barny in the morning. Its not like I will see more advertising than I already am, it will just be more targeted. If they realy knew me, they would not advertise to me at all. That would be a good thing.

I wish they could figure out who

Re:

[HeadlessNotAHorseman]

If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

• Download instructions for making cement boots
• Install cement boots
• T
• Go to Pools (of water) | Cliff or Wharf (depending on platform) and go to edge. Check that you've eaten your last cookie :-P
• Begin execution. Add yourself into the site that you are using to end your life (river, ocean etc.)

Tada! You're dead. Now you can't be tracked (unless you specified where you were going to be).

Re:unrealistic goals

[TheMeuge]

Exactly.

My first reaction to this story was to add the "futile" tag.

I think we all have to get used to the thought that if there is any information out there, that is publicly accessible in plaintext, it will be cataloged, author identified, and data-mined ad infinitum. Given the technological capability to collect, organize, and process data... as well as the prolific availability of said data, we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression.

The way I see it, the only way to ensure any real privacy, is to personally ensure anonymity at any point where it seems necessary. With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society... but this is a choice we're all making right now, and will certainly have to make in the future.

Re:

[foniksonik]

The best way to ensure privacy is actually to charge for the use of said data.... ie: for the person whose data is being used to get a check in the mail.

When companies have to pay for this they will be more circumspect about what data they collect and how much.

This would work for spam as well.... opt in and get paid. Currently someone else is getting paid to collect your data, leaving you out of the equation except as the victim/volunteer.

Advertisers and market researchers should be paying us for the opport

Re:

[KudyardRipling]

we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression...With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society...

This makes the government's job that much easier as to whom shall appear on the 'no-fly' and 'no foreign travel' lists.

~|.$*#
NO FEDDERS

Re:

[facon12]

Its unrealistic for sure, but at the very least the ideas seem to be headed in a good direction: Protecting the consumer. It is unfortunate though that it will never happen, its like wanting radio commercials to slowly and clearly state their disclaimers as well. At the very least though i do think we should get some sort of notification, not a popup but maybe a little icon in the lower corner of the screen to let us know.

you still are using word "mull" in wrong contect

[unity100]

mull, from what i remember means scuttle, bar, make harder, oust. these people are not trying to prevent a do not track list, they are trying to establish one.

Re:you still are using word "mull" in wrong contec

[N3WBI3]

Unless of course they are using Mull as in Mull Over which means 'Reflect deeply on a subject'

No, "mull" is appropriate

[Kelson]

When applied to an idea, "mull" generally means to think about it in detail.

Re:you still are using word "mull" in wrong contec

[RandoX]

You're incorrect. As in; not correct; not in conformity with fact or truth; "an incorrect calculation"; "the report in the paper is wrong"; "your information is wrong ...

Never heard that usage.

[Nursie]

As far as I'm concerned it either means to fortify, heat and spice (mulled wine, cider etc), or to think over/consider an idea or range of options.

Usage here is just fine.

Re:you still are using word "mull" in wrong contec

[Chris Mattern]

You are a special, unique individual, and that's a great thing. Unfortunately, you also have a special, unique definition of "mull", and that's not working out so well.

Chris Mattern

it means

[unity100]

a subjekt that is being discused at the particucar moment.

Anyone else see the problem here?

[Kelson]

Anyone else see the problem here?

OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list.

Oops.

A better idea would be a standardized opt-out system where your browser tells every server, "Do not track me," then set up web applications to honor that choice.

Maybe set up an X-DontTrackMe header for HTTP requests. Or a standardized DontTrack=true cookie not linked to a domain. Something that has no unique information and gets sent to every website. Then turn it on and off in the browser with a checkbox.

Something like that could be tested as a Firefox extension or IE browser helper (if I'm remembering the terminology correctly) to start with, then added to browsers themselves.

Re:

[walt-sjc]

I don't allow cookies. Your method won't work. How about a "X-I-want-to-be-tracked" cookie and a "X-my-SSN#-is" for the 3 idiots on the planet that WANT to be tracked?

Re:

[aethogamous]

From the proposal...

To help ensure that these principles are followed, the FTC should:

Create a national Do Not Track List similar to the national Do Not Call List:

o Any advertising entity that sets a persistent identifier on a user device should be required to provide to the FTC the domain names of the servers or other devices used to place the identifier.

o Companies providing web, video, and other forms of browser applications should provide functionality (i.e., a browser feature, plugin, or extensio

Re:

[DCTooTall]

I thought of the SAME thing.

On the Wired [wired.com] article with the story they have a diagram which shows how the whole proposed list is SUPPOSED to work. One of the notes included in it is that "Consumers may have to download a browser upgrade, Plug-in, or extension to get the Do-Not-Track list to work for them"

So.... lemme get this straight.... a Fed Maintained list....which required you to install a special application onto your computer...In order to keep private companies and websites from tracking you.

opt-out lists are the work of satan

[CarpetShark]

Why "opt-out" at all? If there's potential for abuse, it should be opt-in. That's already been accepted with bulk commercial email. Now, it just needs to be enforced.

Hash..

[msimm]

Using a hash would work, but the number of problems with the list far out weight any good reason to have a sensible debate on the top.

Re:

[neoform]

So if I'm running a website and someone says "don't track me" I'm supposed to not log any of the user's actions on my server?

Golly, I wish I could do that while robbing a bank with my "don't videotape or look at me" tshirt on.

Re:

[noidentity]

Exactly. Unlike telemarketing calls, this issue can be solved with a simple technical measure. Well, at least the problem of letting the server know of your preference to not be tracked. Enforcing it is an entirely different matter, and very difficult since you have no way of knowing that it's tracking you (it doesn't need to send your browser any cookies, for example). And this points to a fundamental difference: this kind of tracking doesn't directly impose on someone like a telemarketing call does.

A bit like caller ID blocking

[EmbeddedJanitor]

As parent says, using a list to "do not track" is self contradictory.

The only way to do it is via some sort of "don't track me" token. But what do we really mean by "don't track me". Some services need cookies etc. Are cookies tracking? What about the context used to set up a secure connection for transactions?

Re:

[groschke]

"OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list. Oops."

It looks like it works the other way. People who want to do the tracking are the ones that are registered. And those that don't want to be tracked download that list of tracking servers. So we are tracking the trackers, not those who dont want to be tracked

Internet != Telephone

[One Childish N00b]

The 'Do Not Call' list works - to a degree - because people who ignore it run the risk of legal action, due to all being inside the country they're calling. I can't see many companies going to the extent of running offshore telemarketing companies due to the high cost of international calls.

This problem obviously does not exist on the internet - the cost of serving up those banners to millions of people clearly doesn't eat into the profits of these companies, so there's no reason for them to stop, and if laws are passed forcing them to stop, they'll simply be replaced by foreign companies advertising either on behalf of the same companies serving up the ads now, or set up by the advertising companies to circumvent the laws.

This won't work.

Re:

[querist]

Your reasoning on the telephone situation is sound, but you have overlooked something: VOIP. I have received telemarketing calls from overseas, and it was obvious by the sound quality that it was a VOIP call. The caller even confirmed that he was calling from India.

Unfortunately, they have already figured a way around that law if they want to do it.

Re:

[neoform]

You obviously don't realize how many telemarketting firms are located in Montreal (90% of which call the US, since they don't have to follow US do not call lists)..

How?

[saterdaies]

The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

Am I missing something?

Re:

[FranTaylor]

Doubleclick and others put tiny images on many web pages so they see your cookie no matter where you go.

Re:

[saterdaies]

They see your DoubleClick cookie. There isn't a way to do this cross-adnetwork. So, I can opt out with DoubleClick, AdSense, Microsoft, Yahoo, TextLinkAds. . . individually. But I can't get a cookie from the FTC or someone that will be readable by all the advertizers.

Correct me if I'm wrong

[techpawn]

Won't this damage a lot of adSense technology already in place by non-evil companies? Also, would this apply to browsers keeping history of where you've been?

Re:

[WK2]

They are working on an amendment that says that non-evil companies do not have to follow these rules.

on a "do not spam" list

[khallow]

The largest lesson in emal spamming has been that they'll send spam to anything resembling an email. They don't care where it came from or how and why they got it. So as I see it the only value of a "do not spam" list is that it will contain a lot of active email addresses. That is gold to spammers and I think anyone who believes such a list will reduce spamming (rather than have the opposite effect) is sorely deluded.

Re:on a "do not spam" list

[kinko]

Obviously such a list would not contain the actual addresses, but some type of checksum for each address. Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

Re:

[cybermage]

Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

Of course, it doesn't need to be that complicated. The server takes an address from the spammer and either tells it yes or no. There's no need to hash it if the server never sends out addresses. I would take this idea a bit further. See my Option #2 here [slashdot.org].

Re:

[khallow]

Oh, that's not too bad. Still I can't see what changes from current methods of filtering spam. After all, if you receive an email and you're on the list, does that mean the email bounces or not? As far as I can see, either the source email address needs to get on some sort of white list or the email needs to pass a spam test. Both approaches are used today.

Finally, there's also the problem of legal-side attacks with a checksum based approach. Spammer ally gets email that checksums to something on the list

(yawn) Yet another pre-defeated proposal

[Arrogant-Bastard]

Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

Re:

[Eskarel]

Opt in filters work great if the number of people you want to talk to is small, fixed, and well known. Which is to say opt in filters work great if you're anti-social and have no friends. For regular people, if they have to jump through hoops every time they change their contact details they just won't talk to you.

Nice idea but!

[Anon-Admin]

This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

Kick me

[FranTaylor]

This is the Internet equivalent of having a 'Kick Me' sign stuck to your back.

I do this already.

[sherriw]

I already 'opt out' of website advertising - I add the advertiser to my do not advertise list. It's called adblock. It's gold.

Re:

[sootman]

I'm more of an /etc/hosts [mvps.org] kind of guy, myself.

They'll track the denied tracking.

[IMarvinTPA]

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

U

Re:

[smussman]

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

User: "Hi, I don't want you to track the places I've visted."
Marketer: "Ok."
User: "Remember, I don't want you to track me, and I have just visted XYZ site."
Marketer: "Ok, I'll forget."

IMarv

I think this could easily be overcome by everyone using the same cookie (e.g. "doNotTrack=true"). While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

Re:

[UbuntuDupe]

While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

On the contrary, it will give us aggregate web surfing statistics for paranoid privacy loons ;-)

And how do they propose . . .

[gambolt]

that website owners pay for bandwidth since this would kill adsense, pretty much?

The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online, there is no way to link a name to the observed browsing habits of a person unless ISPs get involved and connect IPs to names.

Re:

[Cajun Hell]

[And how do they propose] that website owners pay for bandwidth since this would kill adsense, pretty much?

They're not proposing anything. Paying for bandwidth is somebody else's problem. They're just (ostensibly) trying to protect rights, not plan the economy.

Of course, a paranoid person could read something interesting into this. Perhaps it is a "good thing" if the government can make web publishing more economically hard. It would help shut up troublemakers. There's too much independent media; s

How do they know it's you?

[argent]

Cookies don't work, they'd have to be set for each site. IP address doesn't work, they change and are shared. And what exactly is it people are worried about in the first place? That's what I don't get here... how is your privacy being violated if they don't know who you are?

If this is limited to advertising to people who are customers... that is, people who have some kind of relationship that would allow them to be identified... that would work. But it doesn't sound like that's what people are concerned about...

Re:

[stud9920]

1)Google Mail on day1 = cookie1 = ip address 1 --> your name, and mail secrets
2)Google Search on day1 = cookie2 = ip address 1 --> your benign search pattern
3)Google Search on day2 = cookie2 = ip address 2 --> your guilty pleasure search pattern
---------------
cookie2 --> ip address 2 at day2 and ip address 1 at day 1 are the same guy
ip address 1 --> cookie 1 and cookie 2 are the same guy
Therefore Google has the name, no longer content with your mail secrets, also know what your guilty pleasur

Re:

[John Hasler]

> Therefore Google has the name...

Which you gave them. Why did you do that?

Re:

[argent]

[scenario]

If you're using Google Mail, then you fall under the "you're a customer" side of things.

Your only chance is that Google staff members also like midget porn.

Insert Google-vs-Second-Life joke here.

Advertising is too entrenched now

[erroneus]

I recall when commercialism was just beginning on our early utopian internet. Now the net is largely garbage and advertising leaving people to assume that the net wouldn't exist without it... kinda like cable TV without commercials. I don't like it and we don't need it. But it isn't going away.

But there should be some kind of W3C standard for web browsers and commercial web sites that could offer up a simple "dash board" that identifies a variety of characteristics about the sites users are browsing and

List of terrorists?

[prxp]

Any excuse is being used these days to label people as terrorists, imagine if you are in a 'do not track' list for online activities!
I believe people in this "do not track" list would most certainly make their way into some other NSA terrorist tracking list as well. People would protest against that, they would say that this violates their privacy,their civil liberties, but The US government would simply cite the Patriot Act and some other national security excuse like "not all people on the 'do not trac

Let me get this straight ...

[fayd]

They want to keep track of the people who don't want to be tracked ... *blink*

Bad Analogy With Do Not Call...

[Beetle B.]

The Do Not Call list was to prevent unsolicited calls.

This, however, is saying, "Look, I want to go to your Web site and have you not track me." To which I think the valid response should be, "Well then, don't come to my Web site."

The user is entirely in control. He initiates the actions, not the Web site. It's not as if he's running a program and the Web site suddenly shows up. And if it does, that's spyware/malware, not cookie tracking.

I second the CookieSafe, Adblock and NoScript extensions. Once a user

Re:

[chainLynx]

Exactly. It's a flawed analogy.

Another solution is to block ads via /etc/hosts http://ubuntuforums.org/showthread.php?t=110440 [ubuntuforums.org]

P3P Privacy policy cookies

[mpcooke3]

I don't really see the point in this. For sites willing to obey the rules they can publish a P3P privacy policy for their site. This allows users to reject their cookies based on what the site owner plans to do with the data. Or alternatively a user can set his browser to accept 1st party cookies but reject 3rd party cookies.

I believe IE (and possibly firefox) actually requires a valid P3P policy to serve 3rd party cookies at all.

There is an argument that the browsers should be more aggressive at explaining

Do Not Track Request Form

[kalirion]

Please fill in all of the following required fields:

First Name:
Last Name:
Birth Date:
Gender:
Marital Status:
Social Security Number:
Personal Email Addresses you do not wish tracked:

Personal Computer / Home Network IP addresses you do not wish tracked:

Web sites that you do not wish to be tracked to:

The change needs to happen in the browser

[AmiMoJo]

Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

Re:

[El_Oscuro]

Deleting cookies is a standard option for Firefox. Edit/Preferences/Privacy, check "Always clear private data when I close Firefox".

One Opt Out To Rule Them All

[WillAffleckUW]

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

Three levels of security for the paranoid King
Useless and a waste of time

Five cookies for the hapless sap
Who clicked on Track Me For All Time

Seven credit checks for the customer
Whose identity has been stolen

Nine illegal agreements for the click thru license
Soon to be voided

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

Tried and failed

[uigrad_2000]

There is already a policy like this, called P3P [wikipedia.org] (Platform for Privacy Preferences Project).

P3P lets a create a all-encompassing privacy plan for their browser, and only websites that comply with particular levels of user privacy, and sign their sites as doing so, are able to set and read cookies in the way that the user specifies. The standard was created by W3C, and even had support initially from IE and Mozilla.

The code for P3P in Mozilla sat untouched from 2003 until 2007, so they turned it off for a few releases to see if anyone would notice. When no one complained, they finally yanked it out [mozilla.org] of the firefox and seamonkey trunks.

The vast majority of websites are never going to file one of these documents, since it is just a bunch of paperwork, and a setup for a lawsuit against yourself.

My questions not answered by this article are:

1. What does this new system have that P3P does not?
2. Why is the FTC involved? Does the government have to control every aspect of our lives?
3. Who is actually going to trust every website out there to abide by these controls? A company that signs and promises not to abuse your data, and then asks for extra privileges are the most likely to abuse it.
4. If a website does abuse data that they promised not to, how will they be caught? Will they be tried in court as criminals? Copyright infringers are tried as criminals and we all know how that turned out.

The Do not call registry works because it is tied phone numbers, which are static for users, and are the only gateway for phone communication between a user and a solicitor. There is no such vehicle for the internet. If the U.S. government wants to assign web browsing IDs for all users, then it could work. If that ever happens, I'm moving to Cambodia.

Re:

[octaene]

Great post regarding the P3P. In answer to #2, the FTC's job is the promotion of consumer protection and the elimination and prevention of what regulators perceive to be `anticompetitive` business practices. They also levy fines and prosecute violators of GLBA, FCRA, and COPPA. So no, the Gubment doesn't have full control of our lives, but the FTC is looking out for your privacy (somewhat).

Tracking can be a Good Thing too

[Anonymous Coward]

isn't tracking a useful thing?

- cookies are used to maintain the session of web applications - this isn't going anywhere

- tracking user actions within a site lets us get great statistics, work out where our web apps need improving

how do you prevent malicious tracking without damaging the above?

who says what is malicious and what is good? who polices the police?

and what's wrong with being tracked anyhow?

Why bother?

[ajs318]

All you need is a local HTTP proxy server set to block known advertising servers, and a local DNS server set to point the target URLs of tracking scripts somewhere benign. If your proxy server strips out __utm* cookies, so much the better.

Actually, screw local -- if you were an ISP with your own servers and the wherewithal to (re)sell ADSL, you could offer something like this as a paid-for service; and even give out CDs with a customised Firefox, preconfigured to use your proxy and DNS. I know people would gladly pay a premium for advert-free surfing -- after all, Sky Plus users pay for (what is effectively) advert-free television.

Adblocking is stealing.

[Kaenneth]

Adblocking is stealing, Just like skipping TV commercials. the Ads are the price they put on their content, and is what pays to keep them running, providing the service. If you don't like it you should, visit other sites, and watch PBS (and donate), or pay Cable/Sat. channels and pay sites. Or just eyeball past the ads if they arn't interesting to you.

By blocking ads, you are preventing them from getting paid, while taking up thier bandwidth and other resources.

Personally, I support the adding of something

Re:

[Khaed]

We have this discussion every time adblock comes up:

If ads weren't invasive and annoying (javascript that slows a site, flash, sound), they wouldn't get blocked -- and those things existed long before AdBlock or even Firefox.

Re:

[salesgeek]

Adblocking is stealing, Just like skipping TV commercials.

Where did you make the idea up that commercial skipping is the same as putting the five finger discount on hard property? Is someone using a text mode browser like elinks stealing since they can't see those javascript and rich media ads? No. Reality is that if a visitor to a site blocks ads, they are using the web as it was designed. That a business model fails to account for the fact that http and html make it a snap for people to selectively load

and how would they do this?

[aldousd666]

By giving you a tracking number that identifies you as someone not to be tracked? Duh. Someone has been smoking a little too much of what comes off the tubes.

DNC List is unconstitutional

[SonicSpike]

The DNC list is unconstitutional. Nowhere in the Constitution do the States delegate the authority to the Federal government to regulate communications.

BISS lists?

[Fuzzypig]

1. Download moblock/peerguardian
2. Download BISS lists

Alright, not entirely foolproof, but a start in the right direction to keeping the AD tracker dirtbags off your "front-lawn"!

Re:

[N3WBI3]

You can still count web hits and referrals via links..