Do Not Track Ineffective and Dangerous, Says Researcher

Seeteufel writes "Nadim Kobeissi, security researcher, describes the Do Not Track standard of the W3C as dangerous. 'In fact, Google's search engine, as well as Microsoft's (Bing), both ignore the Do Not Track header even though both companies helped implement this feature into their web browsers. Yahoo Search also ignored Do Not Track requests. Some websites will politely inform you, however, of the fact that your Do Not Track request has been ignored, and explain that this has been done in order to preserve their advertising revenue. But not all websites, by a long shot, do this.' The revelations come as Congress and European legislators consider to tighten privacy standards amid massive advertiser lobbying. 'Do not track' received strong support from the European Commission."

Re:Legislation

[jazman_777]

Most big companies see it in their best interest to use the government to crush their competitors, all while the government gives them a free hand.

Re:trivial, 99% effective fix

[dririan]

They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.

AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you [eff.org] especially if you include your IP address (but that's not always reliable).

I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.

There's already a solution for that. [wikipedia.org] Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.

Re:Killer 'Do Not Track' App?

[alostpacket]

Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.

- Cookies
- JavaScript
- tracking pixels
- HTML local DBs
- Flash objects
- fonts
- screen size/colors
- plugin config/versions
- User agent
- IP address
- and now.... "DNT" toggle...

It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".

Anyways, some info:

EFF tool to see how well you can be tracked (fingerprinted)
https://panopticlick.eff.org/index.php?action=log [eff.org]

NAI (Network Advertising Initiative)
Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
http://www.networkadvertising.org/choices/ [networkadvertising.org]

Apple iAd opt out
http://support.apple.com/kb/HT4228 [apple.com]

Re:Poisoning the well

[Anonymous Coward]

You might want to think a bit more about the meaning of the word signature.

Re:No kidding

[azalin]

There is an "allow unobtrusive adds" feature in ABP which might provide a solution to this dilemma. It provides reasons and rewards for playing nice. Should this idea take hold in a big way (yeah, the day pigs learn to fly) companies might actually choose the static, boring but seen by everyone ad over the fancy, super tracking, animated attention whore add seen only by the few slobs who don't have blocking yet.
Of course the whole thing will be gamed and I have no idea, if it will ever take off.

Comment removed

[account_deleted]

Comment removed based on user account deletion

AdBlock = inferior to custom hosts

[Anonymous Coward]

"Sadly, I have "real intelligence" when a large enough to be profitable portion of the words population don't" - by Omestes (471991) on Thursday February 14, @02:21AM (#42893107) Homepage

Sadly, you're wrong (per my subject-line above) since AdBlock doesn't block all ads anymore, by default (& can't do 10++ things custom hosts files can, listed below) - same goes for Ghostery & even DNS servers!

Additionally: I hate doing this too, but it's "doesn't" in that case per your quoted words above, not "don't" in that turn of a phrase (grammar picking yes, sorry - ordinarily I don't do that, as it is off-topic, but it fits here!).

THIS creates that custom hosts file I note from 10++ reputable & reliable sources, "automagically":

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

Which, if you read the list of what it can do for you as an end user of the resulting output it produces listed in the link above, you'll understand how/why...

"It's as strong as steel, & a 3rd of the weight" - Howard Stark from the film "Captain America"

---

Especially vs. competing alternate 'solutions', noted below in AdBlock/Ghostery & yes even DNS servers, next, as 'examples thereof'...

Solutions that used to be good & I even recommended them in security guides I wrote up over the decades now -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=ka3yUKzxB-6_0QHLroCQCA [google.com]

That did extremely well for myself (and users of them), for Windows users, for "layered-security"/"defense-in-depth" purposes - the BEST THING WE HAVE GOING vs. threats of all kinds, currently!

(Not anymore though, & certainly NOT far as AdBlock's concerned especially, not after this):

---

Adblock Plus To Offer 'Acceptable Ads' Option:

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org]

(Meaning by default, which MOST USERS WON'T CHANGE, it doesn't block ALL ads - they "souled-out"... talk about "foxes guarding the henhouse")!

---

Plus, Adblock CAN'T DO AS MUCH & not from a single file solution that runs in Ring 0/RPL 0/kernelmode via tcpip.sys, a driver (since it's part of the IP stack & tightly integrated into it) which is far, Far, FAR FASTER than ring 3/rpl 3/usermode apps like browsers, & addons slow them down (known issue in FireFox).

To wit, 10++ things AdBlock can't do, hosts can:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't