Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
The Internet Facebook Google Your Rights Online

Google and Apple Weaseling Out of "Do Not Track" 145

An anonymous reader writes "Per an op-ed in today's New York Times, Google, Apple, and others would be effectively exempt from "Do not track": "[T]he rules would allow the largest Internet giants to continue scooping up data about users on their own sites and on other sites that include their plug-ins, such as Facebook's 'Like' button or an embedded YouTube video. This giant loophole would make 'Do Not Track' meaningless."
This discussion has been archived. No new comments can be posted.

Google and Apple Weaseling Out of "Do Not Track"

Comments Filter:
  • by Anonymous Coward

    DNT is and always was optional, why bother?

    • Re:Not new (Score:4, Insightful)

      by Anonymous Coward on Saturday December 27, 2014 @03:42PM (#48681219)

      This matters because if two of the biggest tracking companies have openly decided that they will not listen to users who ask not to be tracked, then there is no longer any wiggle-room left where they can claim any moral arguments in this war, even to the layperson. They have effectively just doubled-down and escalated the arms race between them and ad blockers/anonymizing services by not even making a token empty promise to honor their user's desires.

    • by kolbe ( 320366 )

      After Edward Snowden and others came out showing that neither Apple nor Google give 2 shits about their customer's privacy, I've switched to using TOR. Not only that, I limit what my Android phone can see on my PC by ONLY allowing it to connect to a VM running from VirtualBox and of course using a custom Android build.

      It's time people give these fuckers the middle finger... They make enough off of us already.

      • TOR is only as private as the entering and exit TOR server your session uses. If either is compromised, or say owned and operated by one of these companies, your data is no longer private.
        • That's why it's a good idea to encrypt data over Tor whenever possible - it's really only there to anonymize. If you're careful and stick to SSL-capable sites for things like email and banking, you should be fine. Otherwise, yes, assume someone will sniff your password.

        • A single group would need to own over 50% of Tor nodes for that type of attack to be effective. There are other attacks using (for example) traffic analysis that can be effective without controlling any nodes, but that's a different attack vector.
      • Now we have that story of more than half of all TOR nodes being owned by some hacker group.

        The Internet has been weaponized against us.

        • After the hype it seems that story was overblown -- looked like less than 1% were compromised. See: https://twitter.com/torproject... [twitter.com]

          Still.... I, for one welcome our new Weaponized Internet Ov...LOADING....

          • After the hype it seems that story was overblown -- looked like less than 1% were compromised

            That's good. I haven't been able to keep up on the story with the holidays and all.

            I'm thinking that services like TOR (and others) are the one hope for having an internet in the future that is worth having.

      • So I guess you've given up on all the web sites that require logins and/or use cookies and JavaScript that don't work if you use TOR in the proper way that prevents tracking. Because TOR is doesn't work on many sites if you set it up to properly actually protect your identity. Add-ons like Disconnect, Privacy Badger, Self-Destructing Cookies, Adblock, and Flashblock provide reasonable mis-direction to tracking with an added VPN that randomizes your visible IP address.

        And NoScript is fantastic except for

        • by CBravo ( 35450 )
          Technically, maybe. Another route to change this is to have regulation prohibiting this (on a large scale like US or EU).

          To aid in this, one has to make it more visible to the end user. Then maybe they will start requiring more strict rules.
    • I always understood that the point of DNT was simply to advertise intent, so that in any future discussions, in or out of court, the tracking companies would not be able to claim any form of implicit consent. It doesn't matter that it's optional or unenforceable on a technical level, it matters that you can't track people who set the DNT header and then say 'well, they didn't object at the time...' when hit by a class-action lawsuit.
  • Weasle (Score:5, Insightful)

    by Cowclops ( 630818 ) on Saturday December 27, 2014 @03:34PM (#48681163)
    Weaseling out of things is what separates us from the animals! Except the weasel...
  • by twitnutttt ( 2958183 ) on Saturday December 27, 2014 @03:41PM (#48681213)
    "A study commissioned by the Interactive Advertising Bureau with researchers from Harvard Business School underscores the point: at least half of the Internet’s economic value is based on the collection of individual user data, and nearly all commercial content on the Internet relies on advertising to some extent. Digital advertising grew to a $42.8 billion business last year, a sum that already exceeds spending on broadcast television advertising."

    One way or another, you pay for your free Internet services.
    • One way or another, you pay for your free Internet services.

      It's not "one way or another". It's ONE WAY.

      Where do I sign up to pay for Google and Twitter and other internet services directly instead of via my private data? I've been to Google thousands of times, and I've never seen a "subscribe" button.

      No, there is no "one way or another". You can ONLY pay for your internet services by letting companies upskirt your private communications and personal data. That gives you some idea of just how valuable y

      • Google Contributor (contributor.google.com) strives to come close by letting you pay a small amount for each ad it replaces. (Still in a limited invite-only preview and only white lists a few sites for now)
        • Google Contributor (contributor.google.com) strives to come close by letting you pay a small amount for each ad it replaces.

          It doesn't stop Google from collecting your information, though. They just don't serve you ads. Instead, they serve you to other corporations.

          • It doesn't stop Google from collecting your information, though. They just don't serve you ads. Instead, they serve you to other corporations.

            Thanks for moving the goal post. I never said anything about information collection as it's impossible for a micro-payment system to work and have anyone trust it without some sort of information exchange and logging.

    • by MrL0G1C ( 867445 )

      How about ads without tracking.

    • Considering more than 80% of the "content" seems to be on the intellectual level of "How many inches has Kim Kardashian's ass grown today?" ask me how many fucks I would give if all this "content" were to dry up and blow away along with the malware ridden shitstains they call ads which I have to clean up after when they trash my beautiful creations....answer? ZERO, absolute zero fucks would I give.

      The simple fact is you get rid of ads and POOF! Malware be gone, in fact I can't even remember the last malwa

      • I'm confused. If every content page where these oh-so-terrible ads are being displayed is full of such obvious crap why are you visiting them in the first place? Or, if you're not visiting those pages, why do you give a $#%^@ what ads they do or don't show? Seems to me that it shouldn't be effecting you at all.
        • Because its all the creepy sex laden ads for this "content" that ends up getting people infected which I end up having to clean? I swear if you removed the Kardashians and Miley "look at my goodies!" Cyrus from the Internet? BOOM virus infections down by over 35%, its a fucking miracle.
          • Ah, so it's just your friends and / or loved ones that spend on their time on the internet looking at stuff with absolutely no intellectual, cultural or artistic merit. Feel free to carry on being smug then.
      • THIS My brother used to bring me his computer every few months and there would always be hundreds of instances of malware crap on there. His personal record was over 700! I installed ad blockers and freeware programs like spybot & spyware blaster... and taught him to keep them all up to date. His computer stopped getting infected with malware and slowing to a crawl. I wonder how many people simply don't understand how easy it is for ads... particularly FLASH ads to fuck up their computer.
  • by Pope Hagbard ( 3897945 ) on Saturday December 27, 2014 @03:41PM (#48681217) Journal

    Firstly because of the hysterical tone, secondly because it's an op-ed, and thirdly because it's on Slashdot.

    Can someone who knows what's going on analyze this and give a reasonable non-hysterical interpretation? I don't necessarily /trust/ the companies mentioned, but again the submission stinks.

    • by Anonymous Coward on Saturday December 27, 2014 @03:48PM (#48681251)

      For one thing, "Do Not Track" has never meant the same thing to the Big Data companies as it has to the layman. In practice Do Not Track really means "do not remind me you are tracking me by showing me obvious clues like ads for shit I already bought last week." But they still track people and build up profiles that they sell/rent to other companies who use it more subtley like estimating your income, race, age, politics, family relations, arrest records, etc and that all goes into thinks like background/credit reports etc. Plus they also wait for the second you accidentally do give them permission and then all those years worth of tracking data in a "ghost profile" gets officially attached to your profile and they start showing you ads for shit you already own.

      • by beakerMeep ( 716990 ) on Saturday December 27, 2014 @04:21PM (#48681379)

        "Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.

        We need technical solutions to make fingerprinting harder/impossible. Especially the canvas/font techniques.

        • by CODiNE ( 27417 ) on Saturday December 27, 2014 @06:39PM (#48681941) Homepage

          It's the tracking quivalent of the "evil bit" in TCP.

        • by Anonymous Coward

          > We need technical solutions to make fingerprinting harder/impossible. Especially the canvas/font techniques.

          That's a losing proposition. You think anything a dedicated band of freedom coders can dream up will have a chance against an industry that does billions of dollars a year? Not fucking likely.

          The only hope we have of "winning" in the long run is to obsolete the business model where trafficking in our privacy has replaced money. Back in the late 90s micropayments were the hot thing. But adver

        • I think we might see some improvements to some browser extensions and will get some control over the font situation.

          One possibility that could be enabled today with a UserScript even:

          Choose which fonts to allow the browser to see/use, make it an array, filter the page's HTML, replace any fonts that don't match with Arial.

          Beyond that you would probably want an extension that has functionality like RequestPolicy [github.io], so you could allow some sites access to "all fonts", or one could get even more finely grained

        • by Tom ( 822 )

          "Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.

          DNT was a brilliant display of the advertisement industries unwillingness to regulate itself and respect such wishes. Now they cannot make those claims anymore, and there is evidence on record that actual regulation is required.

          Without DNT, they would always have claimed they're good guys. Now the mask is off.

          • Cross site tracking wasn't some secret. DNT just put some hand-wavey PR fluff at the forefront of the privacy debate, and it's not protecting anyone. This plays wonderfully for companies that make money from products and want to stick it to companies that make money off of ads.

            I don't know about you, but I would like a real solution. A client HTTP header that asks to the server to please behave is a waste of everyone's time. From a technical perspective this should have been laughed out of the room befo

            • by Tom ( 822 )

              and it's not protecting anyone

              Of course not. Did you even read the message you are replying to?

              I don't know about you, but I would like a real solution.

              Me to. Now the way that politics and law generally work is that less intrusive solutions are tried first. That is what DNT was. Now the road is clear for some real regulations.

              You don't understand politics I see. I was like you 10 years ago. I learnt the hard way that nifty tech solutions are cute, but to get them actually working in the real world, some politics can be extraordinarily useful.

              A lot of ideas died in the halls of parliament not

              • Of course I read your post, please don't be condescending and spare me the piecemeal quoting. Not everything in my post was supposed to be a refutation of yours.

                Suggesting we protect privacy through politics just sounds ridiculous to me. It was never even clear what was defined as tracking by DNT. DNT wasn't less intrusive, it was empty and symbolic. So, here's my question: why did we need an empty, symbolic regulation to show that ad companies are tracking people?

                Back to your original point though, the

                • by Tom ( 822 )

                  why did we need an empty, symbolic regulation to show that ad companies are tracking people?

                  until MS made the default setting on

                  Which gave them a welcome excuse and that's it. Please, understand PR a little.

                  Additionally, the NAI has long had an opt out system:

                  Which does squat. The first thing the page tells you is that it only works if you allow 3rd party cookies - the very first thing anyone with any brain cells disables.

                • by Tom ( 822 )

                  (first reply mangled because of a bad tag)

                  why did we need an empty, symbolic regulation to show that ad companies are tracking people?

                  Because without it, they would say: "[bogus study] shows that most people actually want to be tracked, believe it or not, because of [bogus reason]. The minority that doesn't want - they'll just have to tell us, we'll stop doing it because we're good people."

                  Been there, done that, they are liars and we have evidence now.

                  until MS made the default setting on

                  Which gave them a welcome excuse and that's it. Please, understand PR a little.

                  Additionally, the NAI has long had an opt out system:

                  Which does squat. The first thing the page tells you is that it only

                  • I agree MS gave them a good excuse to get out of a system they didn't want to deal with, but it's a reasonable argument that defaulting DNT to on makes it not a user expression of intent. Even one of the Apache devs thought so and submitted a patch to ignore specifically IE10's DNT flag. Although the powers that be eventually rolled that patch back.

                    In a way, MS poisoned the well, no? Either by (as you state) providing a convenient excuse (possibly intentionally or unintentionally), or by using the flag

                    • by Tom ( 822 )

                      but it's a reasonable argument that defaulting DNT to on makes it not a user expression of intent.

                      Neither is defaulting it to off.

                      MS did the right thing by making the default that option that, in case of doubt, is better for their customers.

                      Anyways, cheers for the debate.

                      ditto.

        • The purpose of DNT was to demonstrate, in a measurable way, that people did not wish to be tracked. It was not intended as an enforcement mechanism, but as a statement of intent. It makes it very hard to argue in court that your click-through ToS permits tracking (or constitutes a meeting of minds at all), when the user has explicitly requested not to be tracked.
          • I get what you are saying but I dont think it actually makes it any harder to argue ToS in court, especially if it is enabled by default in IE.

            If you can agree to contractual terms by clicking through some agreement, you can agree to "waive" your DNT setting. Think about it this way, would it stand up in court if we put a "I don't agree to any DRM in the video I watch online" header in HTTP?

            Either way, I am not sure what court is going to protect you from malicious actors that would not follow DNT. We sh

            • If you can agree to contractual terms by clicking through some agreement, you can agree to "waive" your DNT setting

              In the US and UK, the requirement for a contract to be enforceable in court is that the side wishing to enforce it must demonstrate that a meeting of minds has occurred. It's far from a binary decision. Some things, such as witnessed signatures at the bottom with each page initialed, have large amounts of case law backing them up, so you need a very strong argument if you want to discount them. For click-through licenses, there's a lot less case law and everything on the opposing side helps. If you can

    • Re: (Score:2, Interesting)

      by Frosty Piss ( 770223 ) *

      Quite right. In summary: none of us here in the peanut gallery have any real way to know who did what. Most of the opinions I've seen here seem to reflect whatever biases each opiner may have. The known facts are few and far between. Of course, I have my own opinions but I won't share them because they reflect my own biases.

      This thing is a bit like an Agatha Christie mystery. You may be certain who did it, but you don't really know until Christie tells you. Then you invariably find out you were wrong. Even

  • Of Course (Score:4, Interesting)

    by Anonymous Coward on Saturday December 27, 2014 @03:42PM (#48681221)

    I don't mean to sound glib but, of course they are!

    Both company's entire business models are 100% predicated on tracking people. Facebook has a $200B market valuation based on nothing but tracking the ever-living-shit out of as many people as they possibly can. Two hundred billion fucking dollars! There is simply no way these companies will ever agree to not track anyone when there is that kind of money on the line. For that kind of money they will murder people before they give up tracking. That is "invade a foreign country" levels of money on the line. All those people who thought GM conspired to kill the electric car 20 years ago, this is easily 10x more than that.

    • Re:Of Course (Score:5, Insightful)

      by Bogtha ( 906264 ) on Saturday December 27, 2014 @11:14PM (#48682669)

      Both company's entire business models are 100% predicated on tracking people.

      What are you talking about? Apple's business model revolves around selling people hardware. They've just launched a digital payment scheme with privacy being a major differentiator. If you think that Apple's business model is "100% predicated on tracking people", you don't know the first thing about their business model.

      There is simply no way these companies will ever agree to not track anyone when there is that kind of money on the line.

      Apple are positioning themselves to use privacy as a selling point. Their business model is entirely different to Google's and they can make more money by going in the opposite direction.

  • No problem. (Score:2, Informative)

    by Frosty Piss ( 770223 ) *

    You go to a Google site, expect to be tracked. If it's an issue to you, don't do to a Google site.

    • Re:No problem. (Score:4, Informative)

      by bmimatt ( 1021295 ) on Saturday December 27, 2014 @03:49PM (#48681253)

      You are obviously clueless. The issue is cross-domain tracking, as in where someone uses one of the FB, Goog, or other 'widgets' or advertising integrations on their own site. Could be something as 'unrelated' as using Goog Analytics. You visit site X, the analytics code collects information about your visit and stores it on Goog servers. Then you visit site Y and code used to embed youtube video does the same. Rinse, Repeat.

      • Re:No problem. (Score:5, Insightful)

        by Frosty Piss ( 770223 ) * on Saturday December 27, 2014 @03:56PM (#48681291)

        You are obviously clueless. The issue is cross-domain tracking, as in where someone uses one of the FB, Goog, or other 'widgets' or advertising integrations on their own site...

        Don't go to sites that use FB widgets. Use Ghostery or a number of other tools. If you are being tracked, it's because you *allow* it.

        • Re:No problem. (Score:5, Informative)

          by Pope Hagbard ( 3897945 ) on Saturday December 27, 2014 @04:07PM (#48681329) Journal

          I'm a big fan of Privacy Badger, mainly because it can automatically block trackers based on behavior rather than having to rely on someone's premade block list.

          https://www.eff.org/privacybad... [eff.org]

          The same folks provide HTTPS Everywhere, another must-have.

          https://www.eff.org/HTTPS-EVER... [eff.org]

          • Looks interesting. I installed it and turned off Ad-Block Plus and Ghostery to let the badger do its thing. The first issue I see is that it requires a training period to identify what's tracking you. I'm not sure I can survive the sewer that is the unfiltered Internet long enough for it to identify trackers....
        • by Anonymous Coward

          That's like saying if the NSA is recording your phone calls it is because you *allow* it.

          That randian uberman shit is just a teenage wet dream, the real world is significantly more complex than you are able to handle.

        • Your reasoning is very simplistic and flawed. Let me iterate over a few key issues with it.
          I cannot predict what third party integrations a given site uses prior to visiting it. Even though I use a myriad of plugins that block third party origins, such as RequestPolicy, when I visit websites using googleapis and other $google_widgets, the content is not available, as it relies on Goog serving the content. There are multitude of other origins, such as *.amazonaws.com, without anything clearly identifying

        • Re:No problem. (Score:5, Insightful)

          by Tom ( 822 ) on Sunday December 28, 2014 @04:49AM (#48683413) Homepage Journal

          If you are being tracked, it's because you *allow* it.

          Wrong.

          It is because you don't prevent it. At least legally, that is a very big difference. If I allow you to hit me in the face, e.g. by participating in a boxing match, then I can't later sue you for bodily harm. If you do it without my permission and I just fail to prevent it, then all the guilt falls on you anyway and I can sue you, plus you have committed a crime. That's quite a big difference there between those two words.

      • Ghostery turns that shit off. With rare exceptions, the only add-on I allow to remain is new relic, since that helps my counterparts actually improve the service.

        • :) I'm aware of the conflict of interest in play. However I'm more interested in a seamless experience than being pedantic about who aggregates my history since I have no possibility of clicking through ads that are never displayed because of Adblock, and even if they're displayed, by policy I ignore and never click through ever ever ever. Ghostery and Adblock+ in combination do well enough, where Privacy Badger doesn't play nicely with Pale Moon and I'm quite over downloading and manually installing zips a

  • by BarbaraHudson ( 3785311 ) <`moc.liamg' `ta' `nosduharabrab'> on Saturday December 27, 2014 @04:11PM (#48681341) Journal

    "Do not do anything that you don't want to see on the front page of the New York Times", has included "or Google searches" for quite some time.

    Assume there are no secrets on the Internet; any other expectation is unrealistically optimistic.

    • by Anonymous Coward

      "Do not do anything that you don't want to see on the front page of the New York Times", has included "or Google searches" for quite some time.

      Assume there are no secrets on the Internet; any other expectation is unrealistically optimistic.

      You are a CUNT.

      You see, you were correct that there are no secrets on the internet.

  • There is nothing to weasel out of. There is absolutely nothing that requires anyone comply with "Do Not Track."

    • by Bob_Who ( 926234 )

      But the word WEASEL is just so RIGHT that the rest doesn't really matter. Weasel, weasel, weasel. They are a bunch of weasels and the whole world knows it.

  • by janoc ( 699997 ) on Saturday December 27, 2014 @04:58PM (#48681559)

    Did anyone actually believe that the do-not-track flag was effective? There is pretty much no way it can be enforced and the companies can do whatever they want in most cases. E.g. Facebook does not honor it outright, most advertising networks ignore it as well. It was only a silly boondoggle to quickly placate the regulator/lawmakers by showing that the self-regulation in the advertising industry actually "works" and thus no heavy-handed regulation is necessary. That flag is completely useless otherwise.

    If you want some semblance of privacy from the pervasive tracking, you must use a solution that is completely under your control - i.e. ad blockers, NoScript, Ghostery, block Flash, etc. and not something that relies on the good will of the advertiser that they will obey some silly flag.

    • by Tom ( 822 )

      Did anyone actually believe that the do-not-track flag was effective?

      Yes, but not in the way you think.

      DNT is useless technologically. But it is a gem when it comes to providing evidence that actual regulations and penalties are required, because the industry is unwilling to regulate itself and respect customer requests.

      There's a tradition in law and law-making that you need to at least try the less intrusive choices first. Now we satisfy that, and we can move on to really stop the parasites.

    • I expect the EU to sooner or later begin enforcing it under the data protection legislation.

  • by ohnocitizen ( 1951674 ) on Saturday December 27, 2014 @05:58PM (#48681769)
    Because if we do, we need to help more people use technical solutions (like the excellent ghostery) and work to put regulations on an industry that will do everything it can to weasel out of them. What we do not need is to blame users for not knowing enough to install tech solutions, say "this surprises no one", or "companies can do whatever they want" or "everything on the internet is public" or "if you are being tracked it is because you choose to be". Here's a thought - if you let companies get away with whatever they want it is because you are choosing not to be part of the solution. So change that. We can work to subvert tracking online and campaign against tracking (and for regulation) at the same time. Unless we don't really want privacy. But I hope that is not the case.
    • by gnupun ( 752725 )

      So change that. We can work to subvert tracking online and campaign against tracking (and for regulation) at the same time.

      If the solution meant changing the Internet Protocol, can that be accomplished without a huge cost?

      Unless we don't really want privacy. But I hope that is not the case.

      Yes, the subservient sheeple, the boot-lickers of authority figures, have no problem sharing their data to big authority. The remaining people will not agree this bullshit.

  • by Anonymous Coward on Saturday December 27, 2014 @06:32PM (#48681903)

    Is there any excuse beyond "Apple is better link bait than Facebook"?

  • If true - how is this not a flagrant antitrust violation?

    Company X provides a device that collects personal data.

    Company X announces a standard that prevents anyone from using such data for purposes such as advertising without the user's consent.

    Company X exempts its own services from this restriction, such that its services - which otherwise compete on par with third-party services - can utilize such data notwithstanding, or even contrary to, the user's explicit withholding of consent.

    Company X's

  • "'Do Not Track' meaningless"

    FFS did anyone think they would honor that?

  • Do Not Track was always useless.

    Why the fuck are we still talking about it years later? And why the fuck have browsers taken it even semi-seriously?

    It's the "evil bit" for the Internet - nothing more than a joke. Let's treat it like that.

  • Of course Do Not Track is meaningless.

    It has always been meaningless. It's a voluntary thing which says nothing at all, and isn't legally binding. It's complete drivel. It's something the industry put out to give the illusion of giving a shit about what we want.

    Want to prevent tracking? Don't let the packets happen in the first place. Use things like NoScript, Request Policy and HTTP Switchboard to deny the access entirely.

    Treat this stuff like the shit that it is ... intrusive advertising and tracking

  • As long as its not enforceable by law the DNT option is 100% untrustworthy. Do you think our government officials will make it a law?? HAHAH look how long it took for them to put the hammer down on telemarketers. They allow them to spy on us, collecting the very same data the cops would need a warrant for. Nope our Government is bought and paid for by theses corporations we are screwed.
  • Looking at the actual text of the W3C doc, I think the author of the Times article got it wrong. The language defining "first party" does allow for multiple first parties on a page, but evaluation of "first partiness" is on an interaction-by-interaction basis. The idea is that if the user visiting slashdot, which happens to host Google ads, is actually intending to interact with Google on the slashdot page, then Google is a first party and can track the user. But clearly the user is not intending to interac

    • Oops, I forgot to include the disclosure/disclaimer: I work for Google, but I don't speak for Google. They pay me to write code, not comment on privacy issues, and in fact they discourage me from making public comments about such things (though they stop short of telling me I can't, in most cases).

  • disable 3rd party cookies. problem solved.
    • If you think cookies are the only, or even primary, method of cross-site tracking these days, you have some serious catching up to do. Install the RequestPolicy extension for Firefox and take a look at how many companies are getting their shit loaded on a HUGE percentage of unrelated websites. Javascript, flash objects, images, chat systems, like buttons, the list goes on.

Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Working...