FTC Proposes Do Not Track List For the Web 173
An anonymous reader writes "The Federal Trade Commission proposed allowing consumers to opt out of having their online activities tracked on Wednesday as part of the agency's preliminary report on consumer privacy. FTC chairman Jon Leibowitz said he would prefer for the makers of popular web browsers to come up with a setting on their own that would allow consumers to opt out of having their browsing and search habits tracked."
Booooo!! (Score:5, Insightful)
Re: (Score:2)
It should be opt-in.
Yes, it should. But that doesn't matter, because:
1. It's unenforceable.
2. The Republicans would never allow it, since:
a. It's proposed by Obama's people, and
b. It might restrict some business' God-given right to make a profit.
Re: (Score:2)
And the worst problem is that even if the browser is "immune" to tracking features the plugins needed to view many web sites - like Flash, PDF or SilverLight also have to be "immunized".
And to make sure that the user are traceable many sites checks thoroughly that the data they write isn't easy to remove.
So if anything - go after the web sites that tracks users instead.
Re: (Score:2)
So if anything - go after the web sites that tracks users instead.
What if the site is being hosted in China? My guess is that if you are up to no good, or doing unethical things, you move offshore. Just like they route telemarketing calls through the Bahamas, etc. because the No Call List doesn't apply to foreign nations.
I think the real solution is to have government not get involved and individuals need to instead create methods to block being tracked, preferably open source. I don't want to depend on
Re: (Score:2)
Re: (Score:2, Insightful)
Tracking brings in BIG BUCKS.
[citation required]
Tracking certainly brings in BIG BUCKS for tracking companies, but is there any evidence that it actually brings in much money for anyone else?
Re: (Score:3)
...but is there any evidence that it actually brings in much money for anyone else?
I doesn't need to bring in tangible amounts of money to producers. It only needs to provide enough stats for marketers to convince producers to keep paying marketers. And that is how the web goes round.
Dirty little secret of advertising (Score:4, Interesting)
A while back I worked on what was going to be a local newspaper's first website, so I got to learn a bit about their business. Their 'dirty little secret' was that, while the newspaper could rightly say that their free paper reached over 95% of all households in the county, and that the actual readership was quite high (IIRC something like 70%), they _never_ publicized the probability that an ad on Page X would be seen by anybody. The probability was very close to zero, except for certain specialties like the front of the weekly car ads section, and parts of the classifieds. They actually had some numbers, such as what percentage of households actually opened the paper, actually looked at the first page of the sport section, etc. But none of that was given to the advertisers.
Web tracking has changed the old saying "I know I'm wasting 1/2 of my advertising money - I just don't know which half!", possibly forever.
Re: (Score:2)
[citation required]
It's "[citation needed]"... you can turn in your geek card at the door.
Also, tracking brings lots of revenue for advertising companies. Advertising companies are then hired by practically every company on the Fortune 500 list. (or done in-house, which essentially yields the same result) More advertising for the aforementioned companies leads to more revenue. Those Fortune 500 companies give jobs/paychecks to you and me. (because now that they have more revenue, they can branch out into other areas and c
Re: (Score:2)
Where did you think Google got all its money? Adsense, MAYBE?
I wonder how Adsense works...
If you read the second line of parent's post:
Tracking certainly brings in BIG BUCKS for tracking companies, but is there any evidence that it actually brings in much money for anyone else?
I think Google qualifies as a "tracking company." (although I would say "advertising company" would be a better choice of words)
Re: (Score:3)
Really? Most people don't care to be tracked? I can't imagine why.
Bill Hicks said it best. "Quit putting a god damn dollar sign on every fucking thing on this planet!"
www.youtube.com/watch?v=gDW_Hj2K0wo
Re: (Score:2)
Why? This would mean that American online companies would no longer be competitive with those in other countries.
Actually it means the tracking will all move overseas, just like the cold calling at dinner time.
But the tracking isn't done by the people you buy from. So the American online companies will continue to sell at the same rate, and the trackers will simply move.
After all, the chances of me (knowingly) buying my next computer or sweatshirt from some company in India is slim to none.
Re: (Score:2)
Re: (Score:2)
It should be opt-in.
Then let's start with the webservers.
Any slashdotters which have turned off access logging on their webservers? Or at least turned to anonymous access logging (like mod_removeip for Apache)?
Exactly. Further, if people would stop to think about "why" companies would want to track you, they would realize it's not such a bad thing. If you ask me, you lose the right to complain about sucky products when you let companies stop collecting data one what interests you. I mean, we've all read 1984, but this isn't about black helicopters, it's about market research and making products that people actually want to buy. People on /. are far too paranoid.
Re: (Score:2)
I'm not convinced the ones doing the tracking are the ones manufacturing the products.
I mean, I've worked in manufacturing and the stiffs in those places are the same ones you go fishing or golfing with. They are just not all that awesome when it comes to knowing exactly what their customers want.
The tracking companies may be amassing a pile of data about you, but since all they do is sell data, (again to the pointy-haired bosses of the manufacturers) they aren't in a position to detect or service any majo
Re: (Score:2)
Ok, so here's a hypothetical:
Grocery stores already have video cameras aimed at every register. They also have digital logs of what items were purchased at what register at any given time.
Would you be okay with grocery stores sending their footage to India (or wherever) to have cheap labor analyze the tapes and match race, age, and gender with a timestamp (in order to match it with products) and subsequently selling the statistics to manufacturers? The process could be automated fairly well with software
Re: (Score:2)
They don't have any info on you that you do not provide to them.
Hahahahaha!! HeeHee! HaHaHa! *wipes tear.
Oh! That's a good one.
Re: (Score:2)
Exactly, the correct statement would have to be that they don't have any info on you that you don't provide to someone.
Re: (Score:2)
OK, enlighten me. What information do they have about me that I have not chosen to give them?
Re: (Score:2)
That's like saying that a peeping tom who scales a water tower in order to look into the skylight of a woman's bedroom is only using the access that she provided to him.
I'm sorry, when someone is tracking your every move, following you and recording every place you visit, it's not exactly the same as you filling out a survey on which stores you prefer.
Re: (Score:2)
Re: (Score:2)
Technically the Earth, Sun and all other massive bodies in this solar system all orbit each other simultaneously. But the sun is the most massive so it gets to be close to the center of the system.
Ditto for our solar system and every other solar system in the Milky Way.
It might also hold true for the whole of the universe but I'm not sure how many times we'll circle the drain before we meet the big bang's evil twin, the big squeeze.
Standard GUI? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What would they be enforcing specifically?
First off, let me remind everyone that cookies left in your browser's cookie cache can only be read by the domain that gave them to you. So maps.google.com can read cookies issued by mail.google.com but www.amazon.com cannot read or in any way know about cookies issued from www.newegg.com. Cookies were designed that way for the exact reason of protecting privacy. Additionally, cookies that you receive on sites that you have not logged in to are not linked to your na
Re: (Score:2)
I can see it now - just like the companies move to Ireland for low tax then they'll move to other nations (officially, at least) to run the tracking.
On top of that then all companies that already follow local but not American law (i.e. just about every European company) will get bitched at by some Americans who think that their laws s
A giant centralized list for... (Score:3, Funny)
Re: (Score:3)
Re: (Score:2)
Didn't read TFA, but maybe it's not a list. An HTTP header announcing the preference for not being tracked would do the trick, as long as the other party were obliged to actually listen to your setting.
Setting the evil bit, huh?
Re: (Score:2)
Re: (Score:2)
An HTTP header announcing the preference for not being tracked would do the trick, as long as the other party were obliged to actually listen to your setting.
But in the real world such a header would just become another bit to go into your 'unique fingerprint' for the advertisers. And it would mean that advertisers would be even more eager to send you crap.
Re: (Score:2)
As long as the real world consists only of companies that don't mind lawsuits and FTC investigations and fines.
Sure, there are plenty of such companies, mostly not in the U.S. But the only thing enforcing the Do Not Call list is the legal repercussions for ignoring it, and it's pretty effective.
Re: (Score:2)
But in the real world such a header would just become another bit to go into your 'unique fingerprint' for the advertisers.
In the real world, the big fish such as Google/Microsoft/Facebook etc would generally honor it, because they will get investigated, caught, and fined heavily if they don't.
The law is effective at restricting law abiding citizens and organizations. And that's precisely what we need here.
Re: (Score:2)
Re: (Score:3)
Right... So as a guy running a web server I'm supposed to "forget" about you probing my server trying to break in because you have the "Don't track me" header set.
We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.
Re: (Score:2)
We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.
Its pretty trivial to track you even if you have cookies unchecked.
Re: (Score:2)
We already have such a setting. Tools->Options->Privacy->Uncheck "Accept cookies." Some web sites work with it unchecked. Some don't. Make your choice whether you want their content.
Its pretty trivial to track you even if you have cookies unchecked.
You'd also have to disable:
-Javascript: (which can retrieve typing cadence via AJAX)
-Images
-Plugins: (like Flash, Java, et al.)
Sounds like a pretty exciting internet at that point. You might as well be browsing in a text-only browser like Lynx. And even if you follow all of the steps above, you can still be tracked pretty effectively by the specific configuration of your browser.
Now, that being said, I'm still in favor of tracking (to an extent). It's an important part of product development (amongst o
Re: (Score:2)
Canadian pharmacies looking to sell sudafed?
Re: (Score:2)
Barring plugins with cookie-like features and actual tracking software you've elected to install, it's actually pretty hard to separate out your traffic from everybody else's.
You can keep track of a linear session by passing state in the URL but you lose it as soon as the guy goes somewhere else and comes back. You can do some fuzzy matching based on behavioral patterns but it takes a lot of computing power and the confidence drops off quickly.
Worked in the biz for a little while. The core data came from fo
Re: (Score:2)
And your straw man argument sucks. Having a log that is cleaned after 24h, after establishing that a user at some IP is not doing anything suspicious, is one thing. Tracking the user in order to identify behavioral patterns is another.
Re: (Score:2)
Would adding a drop rule in iptables count as not honoring this 24h cleaning time that you speak of? Technically that would be a permanent record of someone that "opted out" of leaving any kind of record.
Re: (Score:2)
Make that 30 days if you want network security folk not to laugh at you. 365 if you want any support from law enforcement. Better yet, change your focus to a "do not sell list" where passing a standardized header serves as legal notice that the receiving server is forbidden from sharing any information about the transaction with a third party, specifically or in aggregate. You won't get that either, but at least your only opposition would be from marketing folk.
*sigh* (Score:2)
Re:*sigh* (Score:5, Informative)
Re: (Score:3)
Re: (Score:3)
In my personal experience, the FTC's Do Not Call list has actually worked pretty well.
That's because a personal phone call from a live human costs alot and anyone who uses this method must target it's customer base very well to be cost-effective. In turn, it's almost certainly a US business, operating on US soil, and care about the FTC. If they violate the DNC list, you incur a high cost, and are likely to do something about it, like report them.
No so on the Internets. Tracking is 100% automatic, and non-intrusive. Only a minority of the sites doing the tracking are from your country (this i
Re: (Score:2)
Have you read what it's about?
It's about tracking mechanisms getting smarter, if it only depended on our IP it would only be a simple problem, the newer tracking systems use a lot more variables to follow you across different IP's and even different appliances.
And where I'm from all have static IP.
Re: (Score:2)
What's different about this is that telemarketers who call you already know who you are: they have your phone number. The only way a web site would be able to comply with a Do No Track database is for you to identify yourself unambiguously to them, information they do not have, and which would not be safe to hand over, unsecured, to any web site that asks for it.
Re: (Score:2)
All these problems were solved when I switched to a ce
Re: (Score:2)
Allow me to just "me too" on your comment.
What happens is that once a person does an "opt-out" there are some teeth in the recourse that an individual can take.
The trouble I have is that you would first have to make yourself trackable in order to opt out. We also need to stipulate what things can and cannot be used in tracking to make such a law workable. As we know, there are a LOT of sneaky ways to track users. We need to also limit how people are tracked. Also, we need to have proof positive that we
Re: (Score:2)
"a quick mention that this number is on the Federal Do Not Call list sends them into a near panic state, scrambling to hang up"
Really? I've telemarketed before in my dark past. When people told me they were on the do not call list I would say 'I don't care' and would go into the pitch. Then they'd hang up on me. It was just fun when people thought they could thwart me by being smarmy or clever. I hated my job and all those who I had to deal with on the phone. So anybody who tried stuff like the 'do not call
Re: (Score:2)
Actually, the FTC 's Do Not Call list made things much worse for me. I never got calls even before because I was on the Direct Mail Association's do not call list. Ever since the FTC Do Not Call low was passed, I've been getting calls from politicians, pollsters, charities, etc. Namely all the groups that were exempted from the law and just use it as a Please Call Me Repeatedly list.
better idea: (Score:2)
Exceptions? (Score:2)
Re: (Score:2)
It's called P3P (Score:5, Informative)
P3P [w3.org]
Awesome idea for a perfect world (Score:2)
Re: (Score:2)
I'm all for this, I think it would be wonderful and beautiful to just change a setting in my browser and never have to question whether I'm being surveiled or not.
You mean like the "block third-party cookies" option that's been in every browser for almost a decade? That setting?
Koreans to comply with the FTC? (Score:2)
Re: (Score:3)
Re: (Score:2)
The do not call list works GREAT, but only if you block all calls without caller ID information. Most of the people who will spam you with valid caller ID info will make an effort not to call you back if you are on the list and you tell them so, especially if you announce to them that you are reporting them for the call, and then DO SO. There's a webform, it's not tricky.
how would it work (Score:5, Insightful)
Re: (Score:2)
My brain's a little slow today... how would this work?
There are two answers, work as in successfully meet objectives, and work as in good enough for govt work.
The work as in meet objectives, would be package a browser addon basically privoxy aka www.privoxy.org, or mandate the installation of something like privoxy with all browser installations. If the EU can demand winders not ship with "X" maybe the FTC can demand winders ship with a working privoxy install.
The work as in good enough for govt work, would be add a line to the browser string, "please dont tr
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
More to the point, how am I supposed to know when someone is violating it?
I can tell when someone fails to use the do-not-call registry or ignores a do-not-email checkbox setting, but tracking me as I browse is a passive activity. Am I supposed to search through my cookies? And how will I know the tracking cookies from the session and configuration persistence cookies?
Take the person who proposed this and send them to Pakistan to look for the tallest man there. Doesn't seem like there are enough people do
How about we finish the DNC List first? (Score:4, Insightful)
I have a land line (it comes over my cable connection) because we only have one mobile phone and use the 400 minutes as our long distance service thus it's cheaper for us to have family call us on the land line. Aside from the handful of calls we get from family the rest of the time it's from scammers "trying to lower your interest rate on your credit card," who hang up when you press them for who they are or companies who do not follow the DNC list.
These companies know they have little chance of being prosecuted under the law so I end up with numerous phone calls and fights with supervisors of these companies to not call me again. Yet they keep trying to sell newspaper subscriptions and rug cleanings to me.
So after three phone calls from one company I finally get enough information to file a complaint with the FCC. I submit that complaint and it's rejected three different times for lack of information. While the FCC agent attempts to be helpful the entire process is cumbersome and difficult. I lack any confidence the calls will stop or the company will pay and even if they do the fine will be minimal and they'll just consider it the cost of doing business.
---
So back to this particular new trend. Yeah, great, no more tracking online. It's a lot easier for me to block that stuff online while still enjoying a relatively easy browsing experience than it is for me to stop calls from ringing my phone which would include turning the ringer off (no, I'm not paying for call block or caller ID).
If the government wants to do this, and I'd love them to, they need to ensure that the laws, policies and enforcement are viable and actually benefit people rather than creating a whole new useless bureaucracy which spends money and doesn't accomplish a damn thing.
Re: (Score:2)
Re: (Score:2)
RTFP. No, I don't have it because I'm not paying for it. And being that this law exists I shouldn't have to screen my calls through caller ID or any other method now should I?
Good Luck With That (Score:3)
1) There is no good way to enforce this as the legal boundaries end at our borders. There wouldn't be much to stop offshore data collection.
2) The most harmful types of data collection are those people that do it for malicious purposes like phishing. I really don't think a US law is going to stop them anyways.
-also-
3) What constitutes "tracking?" There are web aps and addons that track your usage of a page for simple things like counting the number of visitors, or much more complex things like demographic account collection to tune web ads to best suit you. There are also versions that do this that don't permanently record your information and just go on a session-by-session basis. If you even have the capability of differentiating what tracking is occurring (which is nearly impossible in the first place) where does the line get drawn?
Re: (Score:2)
"Politicians with little knowledge of computers are talking about the internet again."
Re: (Score:2)
I don't expect the FTC chairman to be tech savvy, but there isn't anyone at the FTC that can tell him what is and isn't technically feasible?
Re: (Score:2)
I've never had a mod point to give, but I wish I could for you.
Canada's Do Not Call list has already proven to be a treasure trove for data mining by the U.S. and others. For $50 you can get more reliable information than on a $3000 e-mail address list. http://en.wikipedia.org/wiki/National_Do_Not_Call_List#Criticism [wikipedia.org]
The one thing a government can do is provide a framework for people to complain when other people don't do what they're supposed to.
How's that been working out, historically? Anyone with an o
...thought your cunning plan all the way through? (Score:2)
So how exactly are websites going to keep track of who has opted out of being tracked?
"To affirm that you do not consent to appearing in a list, please add your name to this list."
Re: (Score:3)
Re: (Score:2)
Yeah. I can't think of a way to make this system work, except using a database which would constitute the kind of personally-identified tracking system that it seeks to prevent. In order to get website maintainers to comply with these rules, the government would have to provide them with exactly that data which they're being forbidden to collect, and then, I don't know - put them on the honour system, make them pinky-swear not to use it for anything but the intended purpose? Is that the plan?
Isn't this self-contradicting? (Score:2)
You have to register yourself on a big public list in order to prevent websites from tracking you.
Re: (Score:2)
If you have to register yourself via a website, then the joke circle will be complete.
so... (Score:2)
Not the same as a do not call list (Score:2)
I'm not saying that tracking you on the web isn't offensive, just that it's fundamentally diffe
Tech & market driven options better (Score:2)
So basically we can opt not to be tracked by the companies who actually decide to follow an optional opt-out list? Doesn't that mean I'm only opting out of the companies I'm least bothered about? Worse, make being a (relative) good-guy even less profitable?
Without legislative backing it's at best toothless and at worst counter-productive.
Even legislative backing may be prone to unintended consequences as companies leave for less regulated shores. However I'd expect there would be more of a positive influen
AKA the "I have something to hide list" (Score:4, Interesting)
I suspect this list would also be used be used by various agencies to flag people who are engaged in "undesireable" activity. "Only those with something to hide will be using the Do Not Track" feature.
*sigh*
This all at the same time that they are requiring ISP's to keep 2 year records of IP logs.
So how does this new "Do Not Track" bill merge with the other bill. I presume that everyone will just sign up under the 2 year bill and say "we need to keep records" and are thus exempt from the DoNotTrack feature.
The Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act of 2009 also known as H.R. 1076 and S.436 would require providers of "electronic communication or remote computing services" to "retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."[22]
I don't know what to think (Score:2)
What exactly are we
I don't trust the government. (Score:2)
hmm (Score:2)
Foreign Servers (Score:2)
While it's entirely possible for something like this to happen and the FTC to use large fines to make US companies avoid some tracking, tracking provides LARGE benefits to businesses.
I'd immediately expect many ad networks to host their ads from oversees so they could claim not to be under the jurisdiction of this law. How will the FTC stop that? And what if Google Ireland decides to host all the Google ads? Are you going to go after the parent company?
This is a nice idea that seems completely unenforceab
Can we enforce it against the NSA? [eom] (Score:2)
Can we enforce it against the NSA?
-molo
FTC wants to help people evade tracking? (Score:2)
Riiiiiight. Sure.
This feigned concern about online privacy is just a political chain that policitians and government bodies yank in order to appear to care about individual rights.
There is nothing that the State craves more than to track every move of every citizen.
Don't like it (Score:2)
While they're at it... (Score:2)
The Feds should allow us to sign up for a few more lists:
We could all then, of course, profit!
How does this play against logs? (Score:2)
Okay, so it probably isn't quite as accurate, but how would this play against the things that webmasters need but which can also be used for tracking - i.e. Apache log files and the like? I can do all sorts of path following and user tracking with logs if I wanted, just by analysing the log files from a normal server. It won't be quite as accurate as something tracked with a cookie, but then even cookies aren't bullet-proof.
Either they've overlooked log files, or they're going to need some really weird stan
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I'd be interested to see if this is even possible. From what I understand, which is somewhat limited, it is virtually impossible to completely wipe browser information as it is sometimes required to act a certain way when interfacing with a website.
Using HTTP headers and browser data during a session to support features, degrade gracefully, etc, is not really a problem.
The "store, collate, correlate and share with others" cycle is the real problem.
Re: (Score:2)
Re: (Score:2)
ORLY? Try not to be tracked by Facebook. The Facebook and twitter icons on http://slashdot.org/ [slashdot.org] come from a.fsdn.com
You could try and block that URL, but then slashdot looks pretty messy as there are some CSS files as well.
Perhaps you were just trolling for the LOLs, but I looked at the source and the icon pix are served up by fsdn not FB and the href doesn't seem to contain any user info.
Remember how spam used to mean unsolicited commercial email, but AOL users called any email that they didn't want, "spam", essentially equating the delete button with the report spam button, and all the trouble that caused? I think we might be seeing the meaning of "tracking" change from recording your online activities toward something mor
Re: (Score:2)
Re: (Score:2)
And don't think that the government wouldn't use the same mandated mechanism to keep its agents from being tracked when they are investigating you. Then if you notice them doing it, they can arrest you for noticing them.
Re: (Score:2)
Dare I say it?
slashdot = stagnated