FTC Proposes Do Not Track List For the Web

An anonymous reader writes "The Federal Trade Commission proposed allowing consumers to opt out of having their online activities tracked on Wednesday as part of the agency's preliminary report on consumer privacy. FTC chairman Jon Leibowitz said he would prefer for the makers of popular web browsers to come up with a setting on their own that would allow consumers to opt out of having their browsing and search habits tracked."

Booooo!!

[mweather]

It should be opt-in.

Re:

[M. Baranczak]

It should be opt-in.

Yes, it should. But that doesn't matter, because:

1. It's unenforceable.
2. The Republicans would never allow it, since:
  a. It's proposed by Obama's people, and
  b. It might restrict some business' God-given right to make a profit.

Re:

[Z00L00K]

And the worst problem is that even if the browser is "immune" to tracking features the plugins needed to view many web sites - like Flash, PDF or SilverLight also have to be "immunized".

And to make sure that the user are traceable many sites checks thoroughly that the data they write isn't easy to remove.

So if anything - go after the web sites that tracks users instead.

Re:

[Pharmboy]

So if anything - go after the web sites that tracks users instead.

What if the site is being hosted in China? My guess is that if you are up to no good, or doing unethical things, you move offshore. Just like they route telemarketing calls through the Bahamas, etc. because the No Call List doesn't apply to foreign nations.

I think the real solution is to have government not get involved and individuals need to instead create methods to block being tracked, preferably open source. I don't want to depend on

Re:

[purpledinoz]

Isn't tracking done via cookies and those permanent flash cookies (LSO)? That's easily stopped with Better Privacy + No Script + Cookie Monster Firefox Plugins. No on can stop IP based tracking and whatever tracking each website does with its customers.

Re:

[0123456]

Tracking brings in BIG BUCKS.

[citation required]

Tracking certainly brings in BIG BUCKS for tracking companies, but is there any evidence that it actually brings in much money for anyone else?

Re:

[ArundelCastle]

...but is there any evidence that it actually brings in much money for anyone else?

I doesn't need to bring in tangible amounts of money to producers. It only needs to provide enough stats for marketers to convince producers to keep paying marketers. And that is how the web goes round.

Dirty little secret of advertising

[garyebickford]

A while back I worked on what was going to be a local newspaper's first website, so I got to learn a bit about their business. Their 'dirty little secret' was that, while the newspaper could rightly say that their free paper reached over 95% of all households in the county, and that the actual readership was quite high (IIRC something like 70%), they _never_ publicized the probability that an ad on Page X would be seen by anybody. The probability was very close to zero, except for certain specialties like the front of the weekly car ads section, and parts of the classifieds. They actually had some numbers, such as what percentage of households actually opened the paper, actually looked at the first page of the sport section, etc. But none of that was given to the advertisers.

Web tracking has changed the old saying "I know I'm wasting 1/2 of my advertising money - I just don't know which half!", possibly forever.

Re:

[adamdoyle]

[citation required]

It's "[citation needed]"... you can turn in your geek card at the door.

Also, tracking brings lots of revenue for advertising companies. Advertising companies are then hired by practically every company on the Fortune 500 list. (or done in-house, which essentially yields the same result) More advertising for the aforementioned companies leads to more revenue. Those Fortune 500 companies give jobs/paychecks to you and me. (because now that they have more revenue, they can branch out into other areas and c

Re:

[adamdoyle]

Where did you think Google got all its money? Adsense, MAYBE?

I wonder how Adsense works...

If you read the second line of parent's post:

Tracking certainly brings in BIG BUCKS for tracking companies, but is there any evidence that it actually brings in much money for anyone else?

I think Google qualifies as a "tracking company." (although I would say "advertising company" would be a better choice of words)

Re:

[GrumblyStuff]

Really? Most people don't care to be tracked? I can't imagine why.

Bill Hicks said it best. "Quit putting a god damn dollar sign on every fucking thing on this planet!"

www.youtube.com/watch?v=gDW_Hj2K0wo

Re:

[icebike]

Why? This would mean that American online companies would no longer be competitive with those in other countries.

Actually it means the tracking will all move overseas, just like the cold calling at dinner time.

But the tracking isn't done by the people you buy from. So the American online companies will continue to sell at the same rate, and the trackers will simply move.

After all, the chances of me (knowingly) buying my next computer or sweatshirt from some company in India is slim to none.

Re:

[TrisexualPuppy]

What part of online companies do you not understand? I did not say "Internet-based merchants."

Re:

[adamdoyle]

It should be opt-in.

Then let's start with the webservers.

Any slashdotters which have turned off access logging on their webservers? Or at least turned to anonymous access logging (like mod_removeip for Apache)?

Exactly. Further, if people would stop to think about "why" companies would want to track you, they would realize it's not such a bad thing. If you ask me, you lose the right to complain about sucky products when you let companies stop collecting data one what interests you. I mean, we've all read 1984, but this isn't about black helicopters, it's about market research and making products that people actually want to buy. People on /. are far too paranoid.

Re:

[icebike]

I'm not convinced the ones doing the tracking are the ones manufacturing the products.

I mean, I've worked in manufacturing and the stiffs in those places are the same ones you go fishing or golfing with. They are just not all that awesome when it comes to knowing exactly what their customers want.

The tracking companies may be amassing a pile of data about you, but since all they do is sell data, (again to the pointy-haired bosses of the manufacturers) they aren't in a position to detect or service any majo

Re:

[adamdoyle]

Ok, so here's a hypothetical:

Grocery stores already have video cameras aimed at every register. They also have digital logs of what items were purchased at what register at any given time.

Would you be okay with grocery stores sending their footage to India (or wherever) to have cheap labor analyze the tapes and match race, age, and gender with a timestamp (in order to match it with products) and subsequently selling the statistics to manufacturers? The process could be automated fairly well with software

Re:

[camperdave]

They don't have any info on you that you do not provide to them.

Hahahahaha!! HeeHee! HaHaHa! *wipes tear.
Oh! That's a good one.

Re:

[Surt]

Exactly, the correct statement would have to be that they don't have any info on you that you don't provide to someone.

Re:

[Hatta]

OK, enlighten me. What information do they have about me that I have not chosen to give them?

Re:

[PopeRatzo]

They don't have any info on you that you do not provide to them.

That's like saying that a peeping tom who scales a water tower in order to look into the skylight of a woman's bedroom is only using the access that she provided to him.

I'm sorry, when someone is tracking your every move, following you and recording every place you visit, it's not exactly the same as you filling out a survey on which stores you prefer.

Re:

[gnapster]

Because stupidity is the opposite of wisdom, not knowledge.

Re:

[cskrat]

Technically the Earth, Sun and all other massive bodies in this solar system all orbit each other simultaneously. But the sun is the most massive so it gets to be close to the center of the system.

Ditto for our solar system and every other solar system in the Milky Way.

It might also hold true for the whole of the universe but I'm not sure how many times we'll circle the drain before we meet the big bang's evil twin, the big squeeze.

Standard GUI?

[ivucica]

I'm all for a standard GUI for doing so, but the "other side" (those who do the tracking) must also cooperate by actually observing the setting (no matter how it should be delivered to them; perhaps via HTTP header). If observing it would be mandatory, then hooray; otherwise, meh.

Re:

[ivucica]

If it were a law that they don't look at me, it would be a reasonable expectation, albeit questionably enforceable.

Re:

[neumayr]

You can reasonable expect people to follow unenforcable and not universally accepted laws? Seriously?

Re:

[cskrat]

What would they be enforcing specifically?

First off, let me remind everyone that cookies left in your browser's cookie cache can only be read by the domain that gave them to you. So maps.google.com can read cookies issued by mail.google.com but www.amazon.com cannot read or in any way know about cookies issued from www.newegg.com. Cookies were designed that way for the exact reason of protecting privacy. Additionally, cookies that you receive on sites that you have not logged in to are not linked to your na

Re:

[IBBoard]

Given the largest trackers are US companies (or companies the US could find someway to fine) like Google, Webtrends, Microsoft, and Facebook, I think it is totally enforceable.

I can see it now - just like the companies move to Ireland for low tax then they'll move to other nations (officially, at least) to run the tracking.

On top of that then all companies that already follow local but not American law (i.e. just about every European company) will get bitched at by some Americans who think that their laws s

A giant centralized list for...

[Anonymous Coward]

spammers! Brilliant, thank you FTC!

Re:

[ivucica]

Didn't read TFA, but maybe it's not a list. An HTTP header announcing the preference for not being tracked would do the trick, as long as the other party were obliged to actually listen to your setting.

Re:

[The Archon V2.0]

Didn't read TFA, but maybe it's not a list. An HTTP header announcing the preference for not being tracked would do the trick, as long as the other party were obliged to actually listen to your setting.

Setting the evil bit, huh?

Re:

[Black Gold Alchemist]

More like the "don't be evil bit".

Re:

[0123456]

An HTTP header announcing the preference for not being tracked would do the trick, as long as the other party were obliged to actually listen to your setting.

But in the real world such a header would just become another bit to go into your 'unique fingerprint' for the advertisers. And it would mean that advertisers would be even more eager to send you crap.

Re:

[blueg3]

As long as the real world consists only of companies that don't mind lawsuits and FTC investigations and fines.

Sure, there are plenty of such companies, mostly not in the U.S. But the only thing enforcing the Do Not Call list is the legal repercussions for ignoring it, and it's pretty effective.

Re:

[vux984]

But in the real world such a header would just become another bit to go into your 'unique fingerprint' for the advertisers.

In the real world, the big fish such as Google/Microsoft/Facebook etc would generally honor it, because they will get investigated, caught, and fined heavily if they don't.

The law is effective at restricting law abiding citizens and organizations. And that's precisely what we need here.

Re:

[Belial6]

Exactly, right now tracking is ubiquitus. The value/destructiveness of tracking does not increase linearly with added trackers. One site tracking you is just running it's own site. Two sites sharing tracking are not much of a problem. As the number of sites increase, it becomes a real problem. If cross site tracking were illegal, you would still get a few sites doing it, but the would be few and far between, and thus not a problem. As with any conspiracy, the bigger it is the harder it is to keep con

Re:

[Spazmania]

Right... So as a guy running a web server I'm supposed to "forget" about you probing my server trying to break in because you have the "Don't track me" header set.

We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.

Re:

[vux984]

We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.

Its pretty trivial to track you even if you have cookies unchecked.

Re:

[adamdoyle]

We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.

Its pretty trivial to track you even if you have cookies unchecked.

You'd also have to disable:
-Javascript: (which can retrieve typing cadence via AJAX)
-Images
-Plugins: (like Flash, Java, et al.)

Sounds like a pretty exciting internet at that point. You might as well be browsing in a text-only browser like Lynx. And even if you follow all of the steps above, you can still be tracked pretty effectively by the specific configuration of your browser.

Now, that being said, I'm still in favor of tracking (to an extent). It's an important part of product development (amongst o

Re:

[Spazmania]

Canadian pharmacies looking to sell sudafed?

Re:

[Spazmania]

Barring plugins with cookie-like features and actual tracking software you've elected to install, it's actually pretty hard to separate out your traffic from everybody else's.

You can keep track of a linear session by passing state in the URL but you lose it as soon as the guy goes somewhere else and comes back. You can do some fuzzy matching based on behavioral patterns but it takes a lot of computing power and the confidence drops off quickly.

Worked in the biz for a little while. The core data came from fo

Re:

[ivucica]

A lot of legit apps would not work. Logging in would not work on a lot of the web, for example. I really care about my email.

And your straw man argument sucks. Having a log that is cleaned after 24h, after establishing that a user at some IP is not doing anything suspicious, is one thing. Tracking the user in order to identify behavioral patterns is another.

Re:

[cskrat]

Would adding a drop rule in iptables count as not honoring this 24h cleaning time that you speak of? Technically that would be a permanent record of someone that "opted out" of leaving any kind of record.

Re:

[Spazmania]

Make that 30 days if you want network security folk not to laugh at you. 365 if you want any support from law enforcement. Better yet, change your focus to a "do not sell list" where passing a standardized header serves as legal notice that the receiving server is forbidden from sharing any information about the transaction with a third party, specifically or in aggregate. You won't get that either, but at least your only opposition would be from marketing folk.

*sigh*

[Marc Desrochers]

Because all those "remove me from your mailing list" options have worked so well...

Re:*sigh*

[TheRealFixer]

In my personal experience, the FTC's Do Not Call list has actually worked pretty well. I used to get considerable numbers of telemarketing calls every night, but about 6 months after adding all my numbers to the list, they've almost completely stopped. And on the very, very rare occasion that I do get one, a quick mention that this number is on the Federal Do Not Call list sends them into a near panic state, scrambling to hang up.

Re:

[fahrbot-bot]

I'll second this. In addition, the Direct Marketing Association and pre-approved credit card opt-outs have worked very well. I get almost zero junk mail. See this for details: World Privacy Forum's Top Ten Opt Outs [worldprivacyforum.org]

Re:

[Stellian]

In my personal experience, the FTC's Do Not Call list has actually worked pretty well.

That's because a personal phone call from a live human costs alot and anyone who uses this method must target it's customer base very well to be cost-effective. In turn, it's almost certainly a US business, operating on US soil, and care about the FTC. If they violate the DNC list, you incur a high cost, and are likely to do something about it, like report them.

No so on the Internets. Tracking is 100% automatic, and non-intrusive. Only a minority of the sites doing the tracking are from your country (this i

Re:

[Teun]

Yeah *sigh*.

Have you read what it's about?
It's about tracking mechanisms getting smarter, if it only depended on our IP it would only be a simple problem, the newer tracking systems use a lot more variables to follow you across different IP's and even different appliances.

And where I'm from all have static IP.

Re:

[tverbeek]

What's different about this is that telemarketers who call you already know who you are: they have your phone number. The only way a web site would be able to comply with a Do No Track database is for you to identify yourself unambiguously to them, information they do not have, and which would not be safe to hand over, unsecured, to any web site that asks for it.

Re:

[Quirkz]

I have a last name that's a common woman's first name (I'm male) and my first name is a common last name. Telemarketers invariably tripped over the name and asked for "last first" or Mrs. "firstname" instead, emphasizing they didn't know me. I also had one telemarketer insist "I'm a concerned neighbor just down the street in, um ..." and then completely mangled the pronunciation of the 5-letter name of my town. It made it abundantly clear he was lying.

All these problems were solved when I switched to a ce

Re:

[erroneus]

Allow me to just "me too" on your comment.

What happens is that once a person does an "opt-out" there are some teeth in the recourse that an individual can take.

The trouble I have is that you would first have to make yourself trackable in order to opt out. We also need to stipulate what things can and cannot be used in tracking to make such a law workable. As we know, there are a LOT of sneaky ways to track users. We need to also limit how people are tracked. Also, we need to have proof positive that we

Re:

[Cathoderoytube]

"a quick mention that this number is on the Federal Do Not Call list sends them into a near panic state, scrambling to hang up"

Really? I've telemarketed before in my dark past. When people told me they were on the do not call list I would say 'I don't care' and would go into the pitch. Then they'd hang up on me. It was just fun when people thought they could thwart me by being smarmy or clever. I hated my job and all those who I had to deal with on the phone. So anybody who tried stuff like the 'do not call

Re:

[Stormy Dragon]

Actually, the FTC 's Do Not Call list made things much worse for me. I never got calls even before because I was on the Direct Mail Association's do not call list. Ever since the FTC Do Not Call low was passed, I've been getting calls from politicians, pollsters, charities, etc. Namely all the groups that were exempted from the law and just use it as a Please Call Me Repeatedly list.

better idea:

[larry bagina]

the TSA should implement a "do not molest" list.

Exceptions?

[Nidi62]

The Do-not-call list provided exceptions for politicians and non profits. Will we just see currently existing unscrupulous entities just create associated 501c3's to get around the tracking block? Just like there is a loophole for the do not call list, there will be one for this. Assuming, of course, it ever comes into being.

Re:

[DeadPixels]

Of course. It also seems to me that in order to know who not to track, some tracking has to be done...perhaps better protections for anonymity is the trick, rather than a regulated list.

It's called P3P

[mysidia]

P3P [w3.org]

The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.

Awesome idea for a perfect world

[kheldan]

I'm all for this, I think it would be wonderful and beautiful to just change a setting in my browser and never have to question whether I'm being surveiled or not. It'll never work though. Corporations want what they want, and they'll find a way to track you regardless. I don't even think that making it illegal to track people's online habits would really stop them. The federal "Do not call" list only works up to a point, if someone doesn't give a shit about the law and thinks they can get away with it, the

Re:

[Blakey Rat]

I'm all for this, I think it would be wonderful and beautiful to just change a setting in my browser and never have to question whether I'm being surveiled or not.

You mean like the "block third-party cookies" option that's been in every browser for almost a decade? That setting?

Koreans to comply with the FTC?

[thegarbz]

Lets face it, the local do not call registers barely work. I manage to report about 8 companies a year to our Telecommunications Industry Ombudsman and the Australian Competition and Consumer Commission about calls I get to our number. The fines are usually quite hefty especially for repeat offenders. Somehow I doubt that companies will bow down and obey instructions from an international company who's laws don't govern them.

Re:

[FooAtWFU]

Koreans typically don't tend to care quite as much about tracking Americans' browsing to advertise at them. Most websites most Americans visit are owned and operated by American companies, as it turns out.

Re:

[drinkypoo]

The do not call list works GREAT, but only if you block all calls without caller ID information. Most of the people who will spam you with valid caller ID info will make an effort not to call you back if you are on the list and you tell them so, especially if you announce to them that you are reporting them for the call, and then DO SO. There's a webform, it's not tricky.

how would it work

[penguinbroker]

My brain's a little slow today... how would this work? How would this be enforced? Since when can websites tell exactly who we are (which I am assuming will be required to verify that the user is or is not on the list)?

Re:

[vlm]

My brain's a little slow today... how would this work?

There are two answers, work as in successfully meet objectives, and work as in good enough for govt work.

The work as in meet objectives, would be package a browser addon basically privoxy aka www.privoxy.org, or mandate the installation of something like privoxy with all browser installations. If the EU can demand winders not ship with "X" maybe the FTC can demand winders ship with a working privoxy install.

The work as in good enough for govt work, would be add a line to the browser string, "please dont tr

Re:

[penguinbroker]

I understand the concept of browsing without being tracked. My question is how to enforce a 'do not track' list. Which is distinctly different from a 'do not track' browser feature.

Re:

[penguinbroker]

Thanks for the explanation anyway though.

Re:

[blair1q]

More to the point, how am I supposed to know when someone is violating it?

I can tell when someone fails to use the do-not-call registry or ignores a do-not-email checkbox setting, but tracking me as I browse is a passive activity. Am I supposed to search through my cookies? And how will I know the tracking cookies from the session and configuration persistence cookies?

Take the person who proposed this and send them to Pakistan to look for the tallest man there. Doesn't seem like there are enough people do

How about we finish the DNC List first?

[garcia]

I have a land line (it comes over my cable connection) because we only have one mobile phone and use the 400 minutes as our long distance service thus it's cheaper for us to have family call us on the land line. Aside from the handful of calls we get from family the rest of the time it's from scammers "trying to lower your interest rate on your credit card," who hang up when you press them for who they are or companies who do not follow the DNC list.

These companies know they have little chance of being prosecuted under the law so I end up with numerous phone calls and fights with supervisors of these companies to not call me again. Yet they keep trying to sell newspaper subscriptions and rug cleanings to me.

So after three phone calls from one company I finally get enough information to file a complaint with the FCC. I submit that complaint and it's rejected three different times for lack of information. While the FCC agent attempts to be helpful the entire process is cumbersome and difficult. I lack any confidence the calls will stop or the company will pay and even if they do the fine will be minimal and they'll just consider it the cost of doing business.

---

So back to this particular new trend. Yeah, great, no more tracking online. It's a lot easier for me to block that stuff online while still enjoying a relatively easy browsing experience than it is for me to stop calls from ringing my phone which would include turning the ringer off (no, I'm not paying for call block or caller ID).

If the government wants to do this, and I'd love them to, they need to ensure that the laws, policies and enforcement are viable and actually benefit people rather than creating a whole new useless bureaucracy which spends money and doesn't accomplish a damn thing.

Re:

[UID30]

I signed up for the nat'l do not call list when i canceled my land line service from at&t. :P

Re:

[garcia]

RTFP. No, I don't have it because I'm not paying for it. And being that this law exists I shouldn't have to screen my calls through caller ID or any other method now should I?

Good Luck With That

[CaptainPatent]

Besides the simple fact that there currently isn't a good way to implement an opt-out database (yet) and doing so on a national level between several websites would be a nearly impossible nightmare, you also have to consider the fact that:

1) There is no good way to enforce this as the legal boundaries end at our borders. There wouldn't be much to stop offshore data collection.

2) The most harmful types of data collection are those people that do it for malicious purposes like phishing. I really don't think a US law is going to stop them anyways.

-also-
3) What constitutes "tracking?" There are web aps and addons that track your usage of a page for simple things like counting the number of visitors, or much more complex things like demographic account collection to tune web ads to best suit you. There are also versions that do this that don't permanently record your information and just go on a session-by-session basis. If you even have the capability of differentiating what tracking is occurring (which is nearly impossible in the first place) where does the line get drawn?

Re:

[CaptainPatent]

P.S. - the short version of this story should be:

"Politicians with little knowledge of computers are talking about the internet again."

Re:

[Floody]

P.S. - the short version of this story should be:

"Politicians with little knowledge of computers are talking about the internet again."

I don't expect the FTC chairman to be tech savvy, but there isn't anyone at the FTC that can tell him what is and isn't technically feasible?

Re:

[ArundelCastle]

I've never had a mod point to give, but I wish I could for you.

Canada's Do Not Call list has already proven to be a treasure trove for data mining by the U.S. and others. For $50 you can get more reliable information than on a $3000 e-mail address list. http://en.wikipedia.org/wiki/National_Do_Not_Call_List#Criticism [wikipedia.org]

The one thing a government can do is provide a framework for people to complain when other people don't do what they're supposed to.
How's that been working out, historically? Anyone with an o

...thought your cunning plan all the way through?

[spazdor]

So how exactly are websites going to keep track of who has opted out of being tracked?

"To affirm that you do not consent to appearing in a list, please add your name to this list."

Re:

[Nevo]

I came here to say this. Me: "Don't track me." Them: "Thanks for visiting our website! In order to know whether or not we should track you, please tell us who you are." In order for this to work, the web would have to abandon any pretense of anonymity. Which do you think is the lesser of two evils? I know where my vote goes.

Re:

[spazdor]

Yeah. I can't think of a way to make this system work, except using a database which would constitute the kind of personally-identified tracking system that it seeks to prevent. In order to get website maintainers to comply with these rules, the government would have to provide them with exactly that data which they're being forbidden to collect, and then, I don't know - put them on the honour system, make them pinky-swear not to use it for anything but the intended purpose? Is that the plan?

Isn't this self-contradicting?

[GodfatherofSoul]

You have to register yourself on a big public list in order to prevent websites from tracking you.

Re:

[Yvan256]

If you have to register yourself via a website, then the joke circle will be complete.

so...

[Charliemopps]

So I get to trade being tracked by people that want to sell me cookware for being tracked by the federal government?

Not the same as a do not call list

[noidentity]

A do not track list is quite different than a do not call list. The latter is about companies calling you, wasting your time and phone minutes when you're not interested. Gathering demographics doesn't waste your time. Put another way, you have no way of knowing whether the no track list is even being followed, whereas you can easily tell if the do not call list is being followed, because you get annoying calls.

I'm not saying that tracking you on the web isn't offensive, just that it's fundamentally diffe

Tech & market driven options better

[DaveGod]

So basically we can opt not to be tracked by the companies who actually decide to follow an optional opt-out list? Doesn't that mean I'm only opting out of the companies I'm least bothered about? Worse, make being a (relative) good-guy even less profitable?

Without legislative backing it's at best toothless and at worst counter-productive.

Even legislative backing may be prone to unintended consequences as companies leave for less regulated shores. However I'd expect there would be more of a positive influen

AKA the "I have something to hide list"

[RichMan]

I suspect this list would also be used be used by various agencies to flag people who are engaged in "undesireable" activity. "Only those with something to hide will be using the Do Not Track" feature.

*sigh*

This all at the same time that they are requiring ISP's to keep 2 year records of IP logs.

So how does this new "Do Not Track" bill merge with the other bill. I presume that everyone will just sign up under the 2 year bill and say "we need to keep records" and are thus exempt from the DoNotTrack feature.

The Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act of 2009 also known as H.R. 1076 and S.436 would require providers of "electronic communication or remote computing services" to "retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."[22]

I don't know what to think

[shadowrat]

I don't want to be tracked. Unfortunately i don't like where this is going either. This isn't like a do not call list where you can register a distinct end point and prove that someone called you when you were clearly on the list. The tracking isn't based on a hard identification. It's a fuzzy id. They are trying to aggregate actions made by some checksum built out of whatever info you can get from a client of a web app. How can either side prove that you are or are not that checksum?

What exactly are we

I don't trust the government.

[Lilith's Heart-shape]

How do we know that some reasonably intelligent marketing pusbag won't find a way to use the FTC's "Do Not Track" list in a manner contrary to its stated intent?

hmm

[ZenDragon]

I cant see this ever working, in fact the very act of opting out of tracking makes you more easily trackable.

Foreign Servers

[MBCook]

While it's entirely possible for something like this to happen and the FTC to use large fines to make US companies avoid some tracking, tracking provides LARGE benefits to businesses.

I'd immediately expect many ad networks to host their ads from oversees so they could claim not to be under the jurisdiction of this law. How will the FTC stop that? And what if Google Ireland decides to host all the Google ads? Are you going to go after the parent company?

This is a nice idea that seems completely unenforceab

Can we enforce it against the NSA? [eom]

[molo]

Can we enforce it against the NSA?

-molo

FTC wants to help people evade tracking?

[Kaz Kylheku]

Riiiiiight. Sure.

This feigned concern about online privacy is just a political chain that policitians and government bodies yank in order to appear to care about individual rights.

There is nothing that the State craves more than to track every move of every citizen.

Don't like it

[bjdevil66]

To make this work, wouldn't people have to be on a system where they'd lose their anonymity online? How else could they guarantee who's on a "do not track me" list without knowing who you were when you were online?

While they're at it...

[Lord Grey]

The Feds should allow us to sign up for a few more lists:

• The Do Not Grope List
• The Do Not Erode My Civil Liberties List
• The Do Not Remove My Constitutional Rights List
• The Do Not Assume I Believe Your Security Theater List
• The Do Not Think I'm Unamerican For Signing Up For Those Lists List

We could all then, of course, profit!

How does this play against logs?

[IBBoard]

Okay, so it probably isn't quite as accurate, but how would this play against the things that webmasters need but which can also be used for tracking - i.e. Apache log files and the like? I can do all sorts of path following and user tracking with logs if I wanted, just by analysing the log files from a normal server. It won't be quite as accurate as something tracked with a cookie, but then even cookies aren't bullet-proof.

Either they've overlooked log files, or they're going to need some really weird stan

Re:

[ivucica]

It's not possible unless you limit valid uses of technologies such as cookies, too. But if some sort of a law were introduced requiring those who do the tracking to observe your setting, then it'd be possible; they'd simply have to ignore your request for their "tracking service" if you supply a header such as "X-DNT: True".

Re:

[Bucky24]

As someone else has already noted, this only works if the website you are visiting is willing to abide by those policies. Do Not Call list is one thing-those calls usually originate from companies that are based in the US (even if the call center is not), and it is also fairly easy to realize if someone has called you in violation of this list. It is more difficult for a website. How do they expect to enforce this on a website owned by a company that is not US? In addition, its a lot harder to tell if a w

Re:

[just_another_sean]

I'd be interested to see if this is even possible. From what I understand, which is somewhat limited, it is virtually impossible to completely wipe browser information as it is sometimes required to act a certain way when interfacing with a website.

Using HTTP headers and browser data during a session to support features, degrade gracefully, etc, is not really a problem.
The "store, collate, correlate and share with others" cycle is the real problem.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[vlm]

Anyone who cares can already opt out of being tracked.

ORLY? Try not to be tracked by Facebook. The Facebook and twitter icons on http://slashdot.org/ [slashdot.org] come from a.fsdn.com
You could try and block that URL, but then slashdot looks pretty messy as there are some CSS files as well.

Perhaps you were just trolling for the LOLs, but I looked at the source and the icon pix are served up by fsdn not FB and the href doesn't seem to contain any user info.

Remember how spam used to mean unsolicited commercial email, but AOL users called any email that they didn't want, "spam", essentially equating the delete button with the report spam button, and all the trouble that caused? I think we might be seeing the meaning of "tracking" change from recording your online activities toward something mor

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[HTH NE1]

And don't think that the government wouldn't use the same mandated mechanism to keep its agents from being tracked when they are investigating you. Then if you notice them doing it, they can arrest you for noticing them.

Re:

[poopdeville]

Dare I say it?

slashdot = stagnated