Privacy Groups Mull 'Do Not Track' List for Internet

Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.

Do not spam?

[ACS+Solver]

So when will I be able to add my email to a "do not spam" list?

Re:Do not spam?

click [here] to accept 'sextracker' cookie

Re:Do not spam?

So when will I be able to add my email to a "do not spam" list?

Whenever you feel like exposing your e-mail address in an easily collectible format.

Whooosh!

Re:Do not spam?

[sm62704]

Mods, the GP was indeed humorous but its writer deserved mod points (you don't get points for "funny"; mod me however you want, my karma's excellent so "funny" is fine). His point in the admittedly humorous post was that these lists would be completely worthess, as there is no possible way to enforce them.

This is completely unlike the "do not call" lists; these are country-specific. If I spam your phone and you're on a do not call list, we're most likely to share the same government (at least so far) You can be prosecuted.

OTOH, the AC's post above this one should be modded funny. Oh, right, tough room...

This post void where prohibited by law

-mcgrew

Re:Do not spam?

[FlyByPC]

Right this way, sir. Our company has set up a database to help manage your email marketing experience. And it won't even cost you a thing! Just confirm your valid email address via a script, and...

The sad thing is, I know this would collect a LOT of valid emails. (Probably from folks who would buy things from spammers, too.) Unfortunately, I'm not quite evil enough to bring myself to do that. It's too bad, really.

Re:Do not spam?

Mod: +1 WTF?

Re:Do not spam?

Simple. Just leave your e-mail in a simple message titled 'I don't want spam' in alt.computers.nospam and I'll make sure it'll go to where it needs to go.

Re:Do not spam?

Is it just me or is this "whoosh" thing a particularly irritating Slashdot meme? It seems to be shorthand for "the original post was a joke, but you didn't get it, and I'm now pointing that out." This not an unusual occurrence, since I would think that Slashdot posters have a pretty high Aspberger quotient, and the associated trouble recognizing humor. This makes the "whoosh" posts come off as arrogant in an "I-have-a-better-developed-sense-of-humor-than-you" kind of way.

In fact, many of the places I see the "whoosh" reply or the joke-flying-over-head diagram seem to be inappropriate, because it's not at all clear that the original posts actually were intended humorously (as I think the case was here). Sometimes irony or sarcasm can be like this, especially in written form. In these cases I kind of want to issue a "meta-whoosh". (But maybe I just don't get the joke.)

Re:Do not spam?

Whoosh!

Re:Do not spam?

[cybermage]

I'm not entirely convinced that such a list would fail ... with the right precautions. Some ideas just off the top of my head:

One option:
===========
- Distribute the list only to marketers who's credentials and location you have verified.
- Require that distributed copies of the list not be redistributed.
- Fill the list with 10-20% honey-pot addresses. These addresses should vary from distribution to distribution so as to establish a "unique fingerprint" that would take the comparison of several distributions to identify even a part of.

Another option:
===============
- Establish a online service available only to marketers who's credentials and location you have verified.
- Require that they submit addresses to be compared to the database, and tell them which addresses have requested to opt-out from the list they submit.
- Record that they asked about a given address in association with that address.
- Allow the address holders access to review who has been told not to mail to them through the system for their own comparison to the spam they're receiving.

Will either system do anything about illicit email harvesting and other forms of blanket spamming? Of course not. Would either system keep legitimate operations from hassling you with a minimal risk of increasing your spam load. I think so.

At the risk of being modded a troll, I think the long-term solution to spam is to allow it and regulate it. If it were allowed, I believe people who are skirting the law to send spam would be rapidly marginalized by legitimate operations. The American way for most commercial endeavors is to allow it, regulate it, and tax it. Do those three things to commercial email, provide a centralized opt-out system, and I believe the illicit stuff will be marginalized and far easier for law enforcement to deal with. (Also, the loss of tax revenue would be an incentive for lawmakers to stiffen the penalties for the violators). BTW, when I say tax it, I mean the sending. Even a one cent fee per email would be an enormous tax windfall if even a small fraction of these operations went legit.

Re:Do not spam?

[cheater512]

The problem is that the organisations which would obey that system also have unsubscribe links.

Re:Do not spam?

!hsoohW (God has /. gotten brainless lately. Why do I even bother reading comments?)

Re:Do not spam?

[PatricianVet]

hey, I'm on the "Do Not Reply" list, so beware!

Re:Do not spam?

Is it just me or is this "whoosh" thing a particularly irritating Slashdot meme? In Soviet Russia, our new "whoosh" Slashdot meme overlords welcome YOU!

Re:Do not spam?

Actually, seriously, did you hear about Blue Frog? Same idea.

Basically, you signed up at Blue Frog with your e-mail address, and they maintained a list of everyone's e-mails. Then, they provided a few Perl scripts that spammers could run on their e-mail DB which would remove those who had signed up at Blue Frog. The e-mails weren't actually revealed to the spammer -- it was just run against a hash.

As punishment for those spammers that didn't comply, Blue Frog provided an e-mail client plugin (even one for Gmail that was a Firefox extension) and anybody who got spammed, the client would automatically DoS the spammers website's contact form.

It actually seemed to work well for a while -- I noticed about a 25% reduction in spam, but eventually one guy ("PharmaMaster") attacked the Blue Frog servers (actually the DNS, which was hosted by UltraDNS), and Blue Frog gave up mid-fight. PharmaMaster was quoted as saying "Blue found the right solution to stop spam, and I can't let this continue".

The Okopipi Project was an attempt to create an open source clone of this system, but it's pretty dead.

Re:Do not spam?

"At the risk of being modded a troll, I think the long-term solution to spam is to allow it and regulate it. If it were allowed, I believe people who are skirting the law to send spam would be rapidly marginalized by legitimate operations. The American way for most commercial endeavors is to allow it, regulate it, and tax it. Do those three things to commercial email, provide a centralized opt-out system, and I believe the illicit stuff will be marginalized and far easier for law enforcement to deal with. (Also, the loss of tax revenue would be an incentive for lawmakers to stiffen the penalties for the violators). BTW, when I say tax it, I mean the sending. Even a one cent fee per email would be an enormous tax windfall if even a small fraction of these operations went legit."

Commercial mailings and SPAM while lumped into the same basket are technically and legally two different things. Unsolicited commercial emails are what are typically defined as SPAM, and commercial mailings to lists that have been generated by users signing up for something and being notified that they are joining a mailing list or some similar method. Legal list management and collection methods include inclusion of terms in a privacy and/or data collection policy, single opt in on web forms, double opt in via web forms and some type of address verification follow up.

Unsolicited commercial mailings sent to addresses of individuals who did not sign up for any offer that notified the user in a legal manner is already illegal and there are penalties in place for companies and individuals that operate in that manner. Commercial mailers that mail to their lists while prominently displaying opt out information including a physical mailing address, that don't use deceptive subjects, from addresses, and honor opt out requests are operating within U.S. law. Certain states may have additional requirements, but most commercial mailers simply try to stay compliant with the Federal CAN-SPAM act. You can read the requirements here: http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm

I'll address this next point separately.

"BTW, when I say tax it, I mean the sending. Even a one cent fee per email would be an enormous tax windfall if even a small fraction of these operations went legit."

The DMA will will fight something like this tooth and nail, and unless you want all outgoing emails to be taxed, I would suggest that they would win. If something like this were to be put into place the vast majority of small companies that also send bulk email would go out of business immediately. The large bulk mailers, and those that send the majority of messages (large numbers to each address in their lists every day) would be the only ones left, and they would probably have problems paying these fees.

It's not uncommon for bulk emailers to send out 10 million or more messages in a day, of which they might have a 2% conversion ratio or less. $100,000 to make a few hundred dollars in sales would put a significant number of companies that are operating within the law out of business. It would also likely encourage those that are already operating outside the law to continue to do so as there would be no incentive for them to become legal mailers. This could cut into the amount of legitimate commercial emails that are sent while increasing the number of illegitimate commercial emails being sent. The economics simply don't support a tax of that nature. Another thing that would be problematic is tracking. How do you effectively track the number of outgoing emails, and if you can tax the companies that are sending bulk emails why can't you tax every one that is sending emails? If it's such a great method for bringing in tax revenue whey shouldn't all emails be taxed?

unrealistic goals

[User+956]

Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said.

Also, they want world peace, and a pony.

Re:unrealistic goals

[N3WBI3]

Ponies exist, they desire a unicorn..

Re:unrealistic goals

[morgan_greywolf]

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

• Download Firefox
• Install the Adblock Plus and NoScript extensions
• T
  
• Go to Edit | Preferences or Tools | Options (depending on platform) and go to the Privacy tab. Uncheck 'Accept cookies from sites'.
  
• Click Exceptions. Add in all the sites that you use that need cookies to work right (online banking, Slashdot, etc.)

Tada! You're done. Now you can't be tracked (unless you specifically want to be).

Re:unrealistic goals

[TheMeuge]

Exactly.

My first reaction to this story was to add the "futile" tag.

I think we all have to get used to the thought that if there is any information out there, that is publicly accessible in plaintext, it will be cataloged, author identified, and data-mined ad infinitum. Given the technological capability to collect, organize, and process data... as well as the prolific availability of said data, we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression.

The way I see it, the only way to ensure any real privacy, is to personally ensure anonymity at any point where it seems necessary. With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society... but this is a choice we're all making right now, and will certainly have to make in the future.

Re:unrealistic goals

[facon12]

Its unrealistic for sure, but at the very least the ideas seem to be headed in a good direction: Protecting the consumer. It is unfortunate though that it will never happen, its like wanting radio commercials to slowly and clearly state their disclaimers as well. At the very least though i do think we should get some sort of notification, not a popup but maybe a little icon in the lower corner of the screen to let us know.

Re:unrealistic goals

[walt-sjc]

This "do not track" group is a bunch of die-hard IE users. Since MS refuses to add reasonable privacy tools, they are looking for legislation. Idiots. This is a browser problem, not an advertiser problem. Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE, I don't know what the hell they are thinking Congress will do. Most likely we will end up with a law that outlaws privacy tools like Firefox / Adblock and instead mandates a stupid list that only US based companies are obliged to obey.

Re:unrealistic goals

[Relic+of+the+Future]

Alternate step one and two: Download Opera

Re:unrealistic goals

Nice to see you English adding a Tea Break for good measure!

Re:unrealistic goals

[KingSkippus]

I'm sorry, you lost me around that third step.

Re:unrealistic goals

Alertnate step: Your mom!

Re:unrealistic goals

[calebt3]

I'm confused. Where are the '?????' and 'Profit!' steps?

Re:unrealistic goals

[sm62704]

Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE

You don't understand, the CAN SPAM act does exactly what it is intended to do: it makes it so that you can spam with impunity.

See, what you're forgetting is that we have the best government money can buy. Vote? HA! What's one measly vote against a ten million dollar campaign contribution (ironically from an entity that is not allowed by law to vote).

"Your" representatives don't represent you, they represent fine American corporations like Sony, BP, Shell, etc. who now can spam without fear of the law. Who do you think paid for this law, anyway?

-mcgrew

Re:unrealistic goals

[Thaelon]

Permit Cookies is a more user friendly version of your last two steps.

Turn off cookies for all sites, then to permit a site (session or permanently) you just hit alt+c and choose one, then hit enter.

Re:unrealistic goals

[foniksonik]

The best way to ensure privacy is actually to charge for the use of said data.... ie: for the person whose data is being used to get a check in the mail.

When companies have to pay for this they will be more circumspect about what data they collect and how much.

This would work for spam as well.... opt in and get paid. Currently someone else is getting paid to collect your data, leaving you out of the equation except as the victim/volunteer.

Advertisers and market researchers should be paying us for the opportunity to sell us something that is hopefully targeted at our interests, in hopes that we will pay them back many times by purchasing that item/service.

Re:unrealistic goals

[Otis2222222]

As much as I like Adblock Plus and Noscript, I tend not to recommend that people install Noscript or disable cookies. Adblock Plus and automatic filter downloads are nice. But it's a lot to ask someone to manually whitelist a bunch of Noscript stuff with every new website they visit. My current Firefox installation is going on 1 year now, and you'd think I would have a good whitelist built up. But it never fails that just about every day I there is a good chance I will visit 3 or 4 websites that won't render correctly if I don't manually tell Noscript to allow between 3 and 5 more to the whitelist.

For me, that's just fine. But Grandma ain't gonna go for that. Oh, and for that matter you run into the same problem disabling cookies on a lot of sites. Go ahead and blame lazy web developers or whatever, but cookies and javascript are unfortunately a way of life when getting online if you want a good browsing experience.

Re:unrealistic goals

[zgregoryg]

A better way of preventing cookie tracking in FF: View cookies set from time-to-time and remove those which are obviously related to ads and tracking domains, you can tell by the domain name, ad.yieldmanager.com for example. By doing this you will automatically add domains you do not wish to set cookies to the exclusions list while at the same time ensuring any site you visit will work properly upon first visit. After a few runs though this process you will have caught most of them. ;-)

Re:unrealistic goals

[m2bord]

the problem stems from congress writing legislation that will satisfy everyone and instead it satisfies no one. we have elected officials who have the backbone of a jellyfish (none).

what we need is for congress to say, consumers have an expectation, if not a right, of privacy. what they do in a legal environment should be there business and their business alone.

but what we get is, things like the ftc's do not call list where yea...your number is blocked unless of course if you send in a text message to a contest, or your give your phone number to a merchant, or you do anything else that would give the allusion of an existing business relationship.

do not call means just that but business lobbyists have convinced our elected leaders that their right to seek a profit is more important than our right to be left alone.

Re:unrealistic goals

[mdm-adph]

My friend, I had kinda the same problem as you did (having to maintain a huge whilelist with NoScript) -- that's why, on the first tab of the configuration window, you'll see an option for "Allow Top-Level Sites by Default." No more keeping track of a huge whitelist.

Now, any site you go to will automatically allow JavaScript from that domain (I mean, if you didn't want its JavaScript running on your machine, what are you going there for?). Any other domain's scripts that are present on that page will still not run, and I'm sure that you'll find that 90-95% of the time those extra scripts are ads and tracker scripts.

Doing the whitelist thing (having to manually allow every domain's JavaScript every time you go to a new site) will eventually bite you in the ass -- after about a year of using NoScript, my whitelist had grown so large that every site I visited had a noticable 4-5 second pause, which was literally just NoScript checking through the huge whitelist!

Re:unrealistic goals

[RulerOf]

Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE

It's worth pointing out that even if spam was punishable by death, and also resulted in the execution of your friends and family before your eyes, we'd still get just as much spam. There are even tougher laws for a more illicit market: Drugs. You can go to jail for the better part of the rest of your life in some states, or at least long enough to ruin it, just for falling victim to a crack or heroin addiction (and of course, getting caught).

Last time I checked, draconian laws enacted by lawmakers who are incapable of understanding the problem in both situations STILL haven't helped either one.

Re:unrealistic goals

data-mined ad infinitum I just checked, and I can't believe "Ad Infinitum" isn't already the name of a data mining company. Ohhhh the irony!

Re:unrealistic goals

Futile as it may appear, how many legitimate companies would knowingly violate such a law if they risked being caught ? I think the answer is close to none, and having a law like this would provide an avenue to seek justice against the few who did. Less than reputable concerns wouldn't likely conform to privacy laws much less other laws anyway but they don't appear to be the target.

I think the target is the ten pages of legalese in "privacy statements" and "terms of use" that bury in the details how big company X will have rights to your firstborn if you use their site/product/whatever. This gives a clear way for the consumer to say no and have recourse if it's not obeyed.

Re:unrealistic goals

[Chris+Mattern]

I tried, but the Magic Flute was over 3 gigs!

Chris Mattern

Re:unrealistic goals

[Fred+Ferrigno]

I prefer CookieSafe. It's got a simple UI that works almost identically to NoScript. I have it set to accept cookies globally per session since many sites won't work without them, with sites that require logins white listed.

Re:unrealistic goals

[KudyardRipling]

we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression...With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society...

This makes the government's job that much easier as to whom shall appear on the 'no-fly' and 'no foreign travel' lists.

~|.$*#
NO FEDDERS

Re:unrealistic goals

[badasscat]

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

This depends on what you mean by "being tracked". If you mean tracked from site to site, then sure. If you mean tracked within a particular site, then no. There's no way to stop this.

I have a basic stat tracker on my blogs that I use for my own amusement; I just like to see who visits my sites. I see plenty of people visit with javascript turned off, and I don't use cookies (it's just a blog, for crying out loud). I can still track them as they browse around the site and I can see them if and when they come back. All I don't see is their OS and screen resolution.

Advertisers honestly don't much care about tracking people from site to site. I handle ad trafficking for my company, and I'm not even sure where I'd find this information in DART, doubleclick's ad trafficking software. That's not to say nobody cares about it, but I've never worked for a company that did. They care a lot more about tracking people navigating through their own sites, and there's no way to prevent this.

I don't really think there should be, either. If you're running a B&M store, you have a right to look at your customers and see what they're doing on your property. You have a right to determine, for example, that 60% of your customers are women, and that 80% of your customers never even look at the shelves on the back wall. This is not an invasion of privacy; these people are on your property. It's your store; you have a right to know these things. It's no different with a web site.

Re:unrealistic goals

[Kadin2048]

Huh?

I'm not sure I understand your point. The drug market doesn't really respond very well to threats of punishment, because many of the substances involved are physically addictive. Thus there's always a demand, regardless of how hard the government cracks down on it. The drug dealers are probably motivated by threats of punishment (in that if the threat is higher, they'll demand more compensation to take the risks, thus driving the cost of drugs higher), but the consumers definitely aren't.

Spam-sending seems like it would be far more sensitive to cost. If you executed everyone who sent spam, and you had an apparatus that was fairly good at catching people who sent it (you got a non-trivial percentage, anyway), the remaining people sending spam would have to be pretty desperate for the money. That would mean they'd charge more, and that would mean that the firms paying for the spam in the first place would have a disincentive to purchase their services.

An online pharmacy isn't addicted to spam in the same way that a junkie is addicted to smack; if there's a method of advertising that's more effective for the price than spam, the online pharmacy is going to do it. (Or, put differently, if spamming is no longer cost-effective, they're not going to pay for it any longer.)

Spam has a very low response rate anyway; if you pushed the cost to send it above what generally comes back from a mailing, it would stop. There's nothing really magical or biologically addictive about it -- it's just an obnoxious economic practice.

Re:unrealistic goals

[John+Hasler]

> Now, any site you go to will automatically allow JavaScript from that domain (I mean, if
> you didn't want its JavaScript running on your machine, what are you going there for?).

While most sites I visit push JavaScript at me, almost all of them work fine without it. Same goes for cookies.

Re:unrealistic goals

[KevMar]

I think some people are going too far with there tin foil hats.

I think we should be able to prevent a company from selling personal information to others. But if one company knows every thing about me, what harm is there. So what if I look at porn in the evening and watch barny in the morning. Its not like I will see more advertising than I already am, it will just be more targeted. If they realy knew me, they would not advertise to me at all. That would be a good thing.

I wish they could figure out who the idiots are that click on every pop up and generate revenu and the ones that dont click anything and adjust advertising accordingly.

Re:unrealistic goals

[plover]

I don't encourage other people to install AdBlock and especially not to subscribe to other people's blocking lists, and I'd encourage you not to either.

The reason is simple: the more AdBlock is adopted, the more incentive advertisers will have to find ways to defeat it.

This happened to us with spam filters. Years ago, spammers were lazy and stupid. I was able to block almost all spam using regexps. Once regexp-based spam-blocking products became used by ISPs, however, spammers had to find new ways to defeat them. They used alternate spellings, alternate Unicode encodings, well-formed forged headers, embedded images with literary quotes for message bodies, etc. They became almost impossible to block using the simple tools, and the more complex tools (Bayesian filters) are now throwing away ham with the spam.

If you help "spread AdBlock" you're hastening its demise as a useful tool for the rest of us. Be selfish. Enjoy the benefits of ad blocking for as long as possible.

Re:unrealistic goals

[HeadlessNotAHorseman]

If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

• Download instructions for making cement boots
• Install cement boots
• T
• Go to Pools (of water) | Cliff or Wharf (depending on platform) and go to edge. Check that you've eaten your last cookie :-P
• Begin execution. Add yourself into the site that you are using to end your life (river, ocean etc.)

Tada! You're dead. Now you can't be tracked (unless you specified where you were going to be).

Re:unrealistic goals

[walt-sjc]

First, spam isn't a drug. M'kay? Your analogy fails at many, many levels.
Drugs, unlike spam, doesn't have a direct victim - the users are willing. They do have indirect victims in terms of children, etc. however. Drugs are also addictive (either physically or psychologically.) Much spam is currently legal due to the "I CAN SPAM" act, and you have no proof to back up your hypothesis. The fact is, outside of a VERY few isolated cases, we haven't even tried to deal with spam criminally. I could go on and on here.

In the case of spam, we can go after the people that hire the spammers, the spammers themselves, and the ISP's that protect them (or enable them by failing to take action or secure their networks,) and finally the owners of compromised machines (at a slap on the wrist level) for failing to secure their machines (that includes all those damn hosting companies too.)

There are many technological and legal tools we could use (or create) - but haven't - that would all-but eliminate spam and spambot networks. It can't be done unless ISPs work together (including the major webmail companies,) and congress and other governments around the world to create a total framework to solve it. Any one solution alone won't work.

As a technological / social solution, imagine what would happen if Google, Microsoft, and Yahoo got together and started issuing an "internet death penalty" to ISP's that refuse to cleanup / deal with spambots on their networks... Spam would drop to 5% of today's volume in a month from that one act alone...

Re:unrealistic goals

[Wolfger]

Obviously we need a law mandating that these idiots fine people use Firefox with NoScript. :-)

Re:unrealistic goals

[Wolfger]

Curse you, Slashdot, for not allowing the tag!

Re:unrealistic goals

[Bee1zebub]

Even IE 6 had a cookie blocker, under privacy settings. IIRC, that slider also would block scripts as well, and then there was a whitelist.

you still are using word "mull" in wrong contect

[unity100]

mull, from what i remember means scuttle, bar, make harder, oust. these people are not trying to prevent a do not track list, they are trying to establish one.

A stupid idea.

This is going to be very hard to enforce. Besides, privacy doesn't exist these days.
"The only ones fighting for privacy are the ones who have something to hide" - Rupert Murdoch
--
Madonna is the only talented content creator!

Re:A stupid idea.

"The only ones fighting for privacy are the ones who have something to hide" - Rupert Murdoch

After which Murdoch immediately put his wallet where his mouth was and gave out his credit card # to everyone.

Anyone else see the problem here?

[Kelson]

Anyone else see the problem here?

OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list.

Oops.

A better idea would be a standardized opt-out system where your browser tells every server, "Do not track me," then set up web applications to honor that choice.

Maybe set up an X-DontTrackMe header for HTTP requests. Or a standardized DontTrack=true cookie not linked to a domain. Something that has no unique information and gets sent to every website. Then turn it on and off in the browser with a checkbox.

Something like that could be tested as a Firefox extension or IE browser helper (if I'm remembering the terminology correctly) to start with, then added to browsers themselves.

Re:Anyone else see the problem here?

[walt-sjc]

I don't allow cookies. Your method won't work. How about a "X-I-want-to-be-tracked" cookie and a "X-my-SSN#-is" for the 3 idiots on the planet that WANT to be tracked?

Re:Anyone else see the problem here?

[aethogamous]

From the proposal...

To help ensure that these principles are followed, the FTC should:

Create a national Do Not Track List similar to the national Do Not Call List:

o Any advertising entity that sets a persistent identifier on a user device should be required to provide to the FTC the domain names of the servers or other devices used to place the identifier.

o Companies providing web, video, and other forms of browser applications should provide functionality (i.e., a browser feature, plugin, or extension) that allows users to import or otherwise use the Do Not Track List of domain names, keep the list up-to-date, and block domains on the list from tracking their Internet activity.

o Advertisements from servers or other technologies that do not employ persistent identifiers may still be displayed on consumers' computers. Thus, consumers who sign up for the Do Not Track List would still receive advertising.

o The Do Not Track List should be available on the FTC Web site for download by consumers who wish to use the list to limit tracking.

o The FTC should engage in public education to disseminate the Do Not Track List information broadly to consumers, along with instructions for its use. The FTC should actively encourage all creators of browsing and other relevant technology to incorporate a facility that will enable consumers to use the list.

The proposal can be found at http://www.worldprivacyforum.org/pdf/ConsumerProtections_FTC_ConsensusDoc_Final_s.pdf

Re:Anyone else see the problem here?

[DCTooTall]

I thought of the SAME thing.

On the Wired article with the story they have a diagram which shows how the whole proposed list is SUPPOSED to work. One of the notes included in it is that "Consumers may have to download a browser upgrade, Plug-in, or extension to get the Do-Not-Track list to work for them"

So.... lemme get this straight.... a Fed Maintained list....which required you to install a special application onto your computer...In order to keep private companies and websites from tracking you.

Now.... I'm not normally one who immediately expects some sort of grand conspiracy in every little thing, especcially something like this whole idea which is obviously the brainchild of people who don't have a clue how the internet and Web Actually function beyond their browser. But, part of me wonders if we'd see some of the big-brother groups like the NSA throw their support behind something like this since it basically would give them a great way to track people who are under the mistaken belief that they would not be able to be tracked.

Honestly, I can see them seeing it as another GREAT way to keep tabs on people. Hell, even the FBI might tap into it, and then hide behind the "online predator" defense if they get caught, simply because a large number of people who do things they shouldn't online do so because they think they can't be tracked/caught. Throw something like this list up for them, and I could see some people thinking it's another way to hide their online usage.

Re:Anyone else see the problem here?

[neoform]

So if I'm running a website and someone says "don't track me" I'm supposed to not log any of the user's actions on my server?

Golly, I wish I could do that while robbing a bank with my "don't videotape or look at me" tshirt on.

Re:Anyone else see the problem here?

[noidentity]

Exactly. Unlike telemarketing calls, this issue can be solved with a simple technical measure. Well, at least the problem of letting the server know of your preference to not be tracked. Enforcing it is an entirely different matter, and very difficult since you have no way of knowing that it's tracking you (it doesn't need to send your browser any cookies, for example). And this points to a fundamental difference: this kind of tracking doesn't directly impose on someone like a telemarketing call does.

Re:Anyone else see the problem here?

[groschke]

"OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list. Oops."

It looks like it works the other way. People who want to do the tracking are the ones that are registered. And those that don't want to be tracked download that list of tracking servers. So we are tracking the trackers, not those who dont want to be tracked

Internet != Telephone

[One+Childish+N00b]

The 'Do Not Call' list works - to a degree - because people who ignore it run the risk of legal action, due to all being inside the country they're calling. I can't see many companies going to the extent of running offshore telemarketing companies due to the high cost of international calls.

This problem obviously does not exist on the internet - the cost of serving up those banners to millions of people clearly doesn't eat into the profits of these companies, so there's no reason for them to stop, and if laws are passed forcing them to stop, they'll simply be replaced by foreign companies advertising either on behalf of the same companies serving up the ads now, or set up by the advertising companies to circumvent the laws.

This won't work.

Re:Internet != Telephone

[querist]

Your reasoning on the telephone situation is sound, but you have overlooked something: VOIP. I have received telemarketing calls from overseas, and it was obvious by the sound quality that it was a VOIP call. The caller even confirmed that he was calling from India.

Unfortunately, they have already figured a way around that law if they want to do it.

Re:Internet != Telephone

[neoform]

You obviously don't realize how many telemarketting firms are located in Montreal (90% of which call the US, since they don't have to follow US do not call lists)..

Lost revenue

[distr0]

I could see this causing alot of sites to shut the doors because of lost advertising money Personally i'd rather see a little ad than have to pay for all the sites that I like. Online tracking/advertising is a really effective system, and usually not too intrusive unless a particular website goes overboard

Re:Lost revenue

[N3WBI3]

You can still count web hits and referrals via links..

Re:you still are using word "mull" in wrong contec

[N3WBI3]

Unless of course they are using Mull as in Mull Over which means 'Reflect deeply on a subject'

Wow, just wow.

> AOL also said it will expand the use of extended opt-out technology, developed by Tacoda, an online ad company AOL bought earlier this year
>
> Currently, if users choose to opt-out from online ad tracking, a cookie, or small piece of software, is placed on their browser reflecting that choice. But if users delete their cookies, then the opt-out is lost. AOL's technology would enable the opt-out cookie to reset after cookies are deleted.

In other words, we put this cookie here to track you.

If you don't want to be tracked, let us put this special cookie here.

And if you really don't want to be tracked, and you delete your cookies, we've got some double secret probation "technology" that can put it back for you! (What do you want to bet it's a persistent Flash object, or given that this is AOL we're talking about, a background task that runs 24/7 to put the cookie back, should it ever be accidentally deleted...)

Where I come from, that's spyware.

The real opt out is to block all traffic to advertising domains at the router, and it's the one method the marketing companies dread the most, because who would ever opt back in?

No, "mull" is appropriate

[Kelson]

When applied to an idea, "mull" generally means to think about it in detail.

Re:you still are using word "mull" in wrong contec

[RandoX]

You're incorrect. As in; not correct; not in conformity with fact or truth; "an incorrect calculation"; "the report in the paper is wrong"; "your information is wrong ...

Never heard that usage.

[Nursie]

As far as I'm concerned it either means to fortify, heat and spice (mulled wine, cider etc), or to think over/consider an idea or range of options.

Usage here is just fine.

How?

[saterdaies]

The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

Am I missing something?

Re:How?

[FranTaylor]

Doubleclick and others put tiny images on many web pages so they see your cookie no matter where you go.

Re:How?

[saterdaies]

They see your DoubleClick cookie. There isn't a way to do this cross-adnetwork. So, I can opt out with DoubleClick, AdSense, Microsoft, Yahoo, TextLinkAds. . . individually. But I can't get a cookie from the FTC or someone that will be readable by all the advertizers.

Correct me if I'm wrong

[techpawn]

Won't this damage a lot of adSense technology already in place by non-evil companies? Also, would this apply to browsers keeping history of where you've been?

Re:Correct me if I'm wrong

[WK2]

They are working on an amendment that says that non-evil companies do not have to follow these rules.

on a "do not spam" list

[khallow]

The largest lesson in emal spamming has been that they'll send spam to anything resembling an email. They don't care where it came from or how and why they got it. So as I see it the only value of a "do not spam" list is that it will contain a lot of active email addresses. That is gold to spammers and I think anyone who believes such a list will reduce spamming (rather than have the opposite effect) is sorely deluded.

Re:on a "do not spam" list

[kinko]

Obviously such a list would not contain the actual addresses, but some type of checksum for each address. Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

Re:on a "do not spam" list

Because we all know the spammers wouldn't use the hash to remake the emails and send to them anyway. Cause spammers are 100% honest caring people.

Re:on a "do not spam" list

[cybermage]

Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

Of course, it doesn't need to be that complicated. The server takes an address from the spammer and either tells it yes or no. There's no need to hash it if the server never sends out addresses. I would take this idea a bit further. See my Option #2 here.

Re:on a "do not spam" list

[khallow]

Oh, that's not too bad. Still I can't see what changes from current methods of filtering spam. After all, if you receive an email and you're on the list, does that mean the email bounces or not? As far as I can see, either the source email address needs to get on some sort of white list or the email needs to pass a spam test. Both approaches are used today.

Finally, there's also the problem of legal-side attacks with a checksum based approach. Spammer ally gets email that checksums to something on the list. Sues to get "removed" from the list. Rinse, repeat, lather. Generate many costly court cases.

Re:on a "do not spam" list

[Bee1zebub]

Now the spammer just has to ask the server if the address is allowed. If it is not, then it almost certainly is real, and he can charge a premium for spamming it.

(yawn) Yet another pre-defeated proposal

[Arrogant-Bastard]

Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

Re:(yawn) Yet another pre-defeated proposal

[Eskarel]

Opt in filters work great if the number of people you want to talk to is small, fixed, and well known. Which is to say opt in filters work great if you're anti-social and have no friends. For regular people, if they have to jump through hoops every time they change their contact details they just won't talk to you.

Nice idea but!

[Anon-Admin]

This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

Re:Nice idea but!

This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

Insightful.

A DNS/domain/ip black list that your browser uses is a far better idea as compliance isn't a company option. You get reported for tracking, hole the domain or IP to a blank page. Let them squeal. They are not going to cooperate voluntarily.

Kick me

[FranTaylor]

This is the Internet equivalent of having a 'Kick Me' sign stuck to your back.

I do this already.

[sherriw]

I already 'opt out' of website advertising - I add the advertiser to my do not advertise list. It's called adblock. It's gold.

Re:I do this already.

[sootman]

I'm more of an /etc/hosts kind of guy, myself.

Legalized Stalking

Like many regulations added it is just a protection for coporations to prevent corporations from being prosecuted under laws intended for people. Prior such regulations have already legalized corporate stalking, this one is just in response to citizen complaints about being stalked. A big question here is how the implementation of opting out will work, this could really provide far too much indentifying info to the stalkers. With a business oriented web there is far too much identifying information already.

You may view this post as trollish, flamebait, or even tinfoil hat material, but it is still annoying that something as informative, communicative and potentially a source of world peace, may instead lead to our downfall. The exchange of knowledge and ideas built the internet into something desirable to log into and made the internet the meeting place of minds. Corporations of course noted this and applied the old marketing mantra "location, location, location". Unfortunately cost structures are such that most sites have to turn to advertising to exist, others exist solely for the advertising. Governments of the world have noticed the exchange of ideas here too and they fear them greatly and thus they have taken to stalking us as well. Somehow I doubt this new regulation will allow us to opt out of their stalking.

Remember the TNG episode where even thoughts of violence were prosecutable? Believe it or not, there is a value to anonymous thinking, travel and speech. Will technology destroy such freedoms? In many areas, I truely want to be an Anonymous Coward for in doing so I remain an Anonymous Patriot.

They'll track the denied tracking.

[IMarvinTPA]

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

User: "Hi, I don't want you to track the places I've visted."
Marketer: "Ok."
User: "Remember, I don't want you to track me, and I have just visted XYZ site."
Marketer: "Ok, I'll forget."

IMarv

Re:They'll track the denied tracking.

[smussman]

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

User: "Hi, I don't want you to track the places I've visted."
Marketer: "Ok."
User: "Remember, I don't want you to track me, and I have just visted XYZ site."
Marketer: "Ok, I'll forget."

IMarv I think this could easily be overcome by everyone using the same cookie (e.g. "doNotTrack=true"). While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

Re:They'll track the denied tracking.

[UbuntuDupe]

While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

On the contrary, it will give us aggregate web surfing statistics for paranoid privacy loons ;-)

And how do they propose . . .

[gambolt]

that website owners pay for bandwidth since this would kill adsense, pretty much?

The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online, there is no way to link a name to the observed browsing habits of a person unless ISPs get involved and connect IPs to names.

Re:And how do they propose . . .

[Cajun+Hell]

[And how do they propose] that website owners pay for bandwidth since this would kill adsense, pretty much?

They're not proposing anything. Paying for bandwidth is somebody else's problem. They're just (ostensibly) trying to protect rights, not plan the economy.

Of course, a paranoid person could read something interesting into this. Perhaps it is a "good thing" if the government can make web publishing more economically hard. It would help shut up troublemakers. There's too much independent media; some of them even question (or mock!!) our leaders' wisdom.

The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

There ya go. Looks like you have a proposal.

It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online..

Or rather, unless you use your real name once online, you can't be tracked. If I don't know who gambolt on Slashdot is, but I do know he sends the same cookies with his 1x1 pixel image requests as leatherfetish69 on a certain sex discussion board (you know which one, gambolt), and that user has the same registration email address as repealamendment16 on a politics discussion board, and that user sends the same cookies for 1x1 pixel image requests as John Smith at the Atlantic City Professional Gamblers Federal Credit Union's website, then I suspect gambolt is John Smith.

Yes, I know about your gambling problem ("professional" my ass) and leather fetish. See the privacy risks of using the internet?

How do they know it's you?

[argent]

Cookies don't work, they'd have to be set for each site. IP address doesn't work, they change and are shared. And what exactly is it people are worried about in the first place? That's what I don't get here... how is your privacy being violated if they don't know who you are?

If this is limited to advertising to people who are customers... that is, people who have some kind of relationship that would allow them to be identified... that would work. But it doesn't sound like that's what people are concerned about...

Re:How do they know it's you?

[stud9920]

1)Google Mail on day1 = cookie1 = ip address 1 --> your name, and mail secrets
2)Google Search on day1 = cookie2 = ip address 1 --> your benign search pattern
3)Google Search on day2 = cookie2 = ip address 2 --> your guilty pleasure search pattern
---------------
cookie2 --> ip address 2 at day2 and ip address 1 at day 1 are the same guy
ip address 1 --> cookie 1 and cookie 2 are the same guy
Therefore Google has the name, no longer content with your mail secrets, also know what your guilty pleasures are. Want a job at Google ? They KNOW you like midget porn. Your only chance is that Google staff members also like midget porn.

For all you know, MS does the same with MSN search and MSN Hotmail, not to speak of Yahoo, not to speak of datamining between databases of two or more companies. The latter is probably illegal but you can always hire market intelligence consultants to "exploit your data at its best". I'll let you guess how they do that better than your guys.

Re:How do they know it's you?

[John+Hasler]

> Therefore Google has the name...

Which you gave them. Why did you do that?

Re:How do they know it's you?

[argent]

[scenario]

If you're using Google Mail, then you fall under the "you're a customer" side of things.

Your only chance is that Google staff members also like midget porn.

Insert Google-vs-Second-Life joke here.

Re:terribly sorry

I can't believe I'm responding to this, but the outfit you're looking for is the Business Software Alliance, not the SBA.

Why don't you contact them, throw yourselves on their mercy, and let us know how that works out for you?

Advertising is too entrenched now

[erroneus]

I recall when commercialism was just beginning on our early utopian internet. Now the net is largely garbage and advertising leaving people to assume that the net wouldn't exist without it... kinda like cable TV without commercials. I don't like it and we don't need it. But it isn't going away.

But there should be some kind of W3C standard for web browsers and commercial web sites that could offer up a simple "dash board" that identifies a variety of characteristics about the sites users are browsing and the information should be across the board standard and unified whether it's on MSIE, Firefox, Opera or whatever. The dashboard should display the site's host nation, information about whether various cookies are being used in tracking, any categories of the site and stuff like that. Then people will begin to have the information they need when visiting various sites. At the moment, just about all of these things are available but in bits, pieces and extensions here and there and it's not all the same everywhere you go. And this idea can't work for everyone I know... not everyone looks at the dashboards in their cars, so why would they look on their browser? Still. The information should be easy, available and most importantly, standardized for all professional/commercial sites to support.

List of terrorists?

[prxp]

Any excuse is being used these days to label people as terrorists, imagine if you are in a 'do not track' list for online activities!
I believe people in this "do not track" list would most certainly make their way into some other NSA terrorist tracking list as well. People would protest against that, they would say that this violates their privacy,their civil liberties, but The US government would simply cite the Patriot Act and some other national security excuse like "not all people on the 'do not track' list are terrorists, but terrorists are using this list against the US people, so we must take action and monitor the people that wish not to be tracked!". The initial fuzz would cease and everybody would passively accept this 'violation', mostly thinking they have nothing to hide. After a couple of years we would find out that some major telecommunications company is helping the US government tracking people in the 'do not track' list and a federal suit would be placed against this company. The suit would last only a few month, because the government would issue some new legislation (with the cooperation of all the legislative from both parties) that would protect the telecom company (and all others like it) against such charges (after all they are helping national security!). Again, after a few months, some other non-governmental institution would propose a new list (much in the same sense as the do not call list) that would protect people against social networking stalking. The government would consider the people on this list as potential terrorists, then.... etc... etc... etc... and everybody would accept that passively as they have nothing to hide... etc... etc...and the telecom company would be charged... etc...etc... and charges would be dropped... etc... etc... national security... etc... etc...

Let me get this straight ...

[fayd]

They want to keep track of the people who don't want to be tracked ... *blink*

opt-out lists are the work of satan

[CarpetShark]

Why "opt-out" at all? If there's potential for abuse, it should be opt-in. That's already been accepted with bulk commercial email. Now, it just needs to be enforced.

Don't forget to make list available to scammers!

[wsanders]

Well, out here at the Minsk Home for Deposed Nigerian Cabinet Ministers the first thing I must do is get hold of this list so I can stop scamming all you people.

Since most web usage is tracked anonymously it's much more likely that identifiable information will be hijacked from a copy of the the "no not track" list than from any of the web tracking itself. Seems like kind of a silly, tinfoil-hat-inspired idea!

Bad Analogy With Do Not Call...

[Beetle+B.]

The Do Not Call list was to prevent unsolicited calls.

This, however, is saying, "Look, I want to go to your Web site and have you not track me." To which I think the valid response should be, "Well then, don't come to my Web site."

The user is entirely in control. He initiates the actions, not the Web site. It's not as if he's running a program and the Web site suddenly shows up. And if it does, that's spyware/malware, not cookie tracking.

I second the CookieSafe, Adblock and NoScript extensions. Once a user knows how to use them, life becomes good. Yes, it has been argued that your average user can't handle some of them, or that they're quite inconvenient for some. But if you go shopping at a store, others can see what you buy, unless you disguise yourself or wear a hood, which is also inconvenient. You have to decide how much you value privacy. It rarely comes for free.

Re:Bad Analogy With Do Not Call...

[chainLynx]

Exactly. It's a flawed analogy.

Another solution is to block ads via /etc/hosts http://ubuntuforums.org/showthread.php?t=110440

Hash..

[msimm]

Using a hash would work, but the number of problems with the list far out weight any good reason to have a sensible debate on the top.

P3P Privacy policy cookies

[mpcooke3]

I don't really see the point in this. For sites willing to obey the rules they can publish a P3P privacy policy for their site. This allows users to reject their cookies based on what the site owner plans to do with the data. Or alternatively a user can set his browser to accept 1st party cookies but reject 3rd party cookies.

I believe IE (and possibly firefox) actually requires a valid P3P policy to serve 3rd party cookies at all.

There is an argument that the browsers should be more aggressive at explaining to users that they are leaking their personal data due to the default privacy settings.

Do Not Track Request Form

[kalirion]

Please fill in all of the following required fields:

First Name:
Last Name:
Birth Date:
Gender:
Marital Status:
Social Security Number:
Personal Email Addresses you do not wish tracked:

Personal Computer / Home Network IP addresses you do not wish tracked:

Web sites that you do not wish to be tracked to:

Re:you still are using word "mull" in wrong contec

[Chris+Mattern]

You are a special, unique individual, and that's a great thing. Unfortunately, you also have a special, unique definition of "mull", and that's not working out so well.

Chris Mattern

The change needs to happen in the browser

[AmiMoJo]

Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

Re:The change needs to happen in the browser

[El_Oscuro]

Deleting cookies is a standard option for Firefox. Edit/Preferences/Privacy, check "Always clear private data when I close Firefox".

Re:you still are using word "mull" in wrong contec

Ah, but what is the definition of "contect".

Anyone else see the solutions here? We have list

We have what you're asking for - it's called the HOSTS file. Put every damned ad tracking domain next to a 0 and you're done. Mine has already gone past 20,000 entries and it works just fine with Win XP and Tiger, thankyouverymuch.

Your job bunky, is to be part of the solution and start submitting entries. I wish stopbadware.com would publish its list instead of making me look up domains one at a time. Those guys are part of the problem.

You can't help stupid

[fragmentate]

This isn't stupid enough by itself. It gets even stupider.

In order for a web site to know that a person has "opted out" of tracking, the site would have to set a cookie to track that user's preference to not be tracked.

While I realize there is a difference between a cookie like:

• Cookie: optout=yes;

...and...

• Cookie: trackmeforever=someWeIrD_unique_ID;

It's still tracking. Maybe I'm nitpicking...but, so are they, yes?

One Opt Out To Rule Them All

[WillAffleckUW]

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

Three levels of security for the paranoid King
Useless and a waste of time

Five cookies for the hapless sap
Who clicked on Track Me For All Time

Seven credit checks for the customer
Whose identity has been stolen

Nine illegal agreements for the click thru license
Soon to be voided

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

A bit like caller ID blocking

[EmbeddedJanitor]

As parent says, using a list to "do not track" is self contradictory.

The only way to do it is via some sort of "don't track me" token. But what do we really mean by "don't track me". Some services need cookies etc. Are cookies tracking? What about the context used to set up a secure connection for transactions?

Tried and failed

[uigrad_2000]

There is already a policy like this, called P3P (Platform for Privacy Preferences Project).

P3P lets a create a all-encompassing privacy plan for their browser, and only websites that comply with particular levels of user privacy, and sign their sites as doing so, are able to set and read cookies in the way that the user specifies. The standard was created by W3C, and even had support initially from IE and Mozilla.

The code for P3P in Mozilla sat untouched from 2003 until 2007, so they turned it off for a few releases to see if anyone would notice. When no one complained, they finally yanked it out of the firefox and seamonkey trunks.

The vast majority of websites are never going to file one of these documents, since it is just a bunch of paperwork, and a setup for a lawsuit against yourself.

My questions not answered by this article are:

1. What does this new system have that P3P does not?
2. Why is the FTC involved? Does the government have to control every aspect of our lives?
3. Who is actually going to trust every website out there to abide by these controls? A company that signs and promises not to abuse your data, and then asks for extra privileges are the most likely to abuse it.
4. If a website does abuse data that they promised not to, how will they be caught? Will they be tried in court as criminals? Copyright infringers are tried as criminals and we all know how that turned out.

The Do not call registry works because it is tied phone numbers, which are static for users, and are the only gateway for phone communication between a user and a solicitor. There is no such vehicle for the internet. If the U.S. government wants to assign web browsing IDs for all users, then it could work. If that ever happens, I'm moving to Cambodia.

Re:Tried and failed

[octaene]

Great post regarding the P3P. In answer to #2, the FTC's job is the promotion of consumer protection and the elimination and prevention of what regulators perceive to be `anticompetitive` business practices. They also levy fines and prosecute violators of GLBA, FCRA, and COPPA. So no, the Gubment doesn't have full control of our lives, but the FTC is looking out for your privacy (somewhat).

Tracking can be a Good Thing too

isn't tracking a useful thing?

- cookies are used to maintain the session of web applications - this isn't going anywhere

- tracking user actions within a site lets us get great statistics, work out where our web apps need improving

how do you prevent malicious tracking without damaging the above?

who says what is malicious and what is good? who polices the police?

and what's wrong with being tracked anyhow?

Why bother?

[ajs318]

All you need is a local HTTP proxy server set to block known advertising servers, and a local DNS server set to point the target URLs of tracking scripts somewhere benign. If your proxy server strips out __utm* cookies, so much the better.

Actually, screw local -- if you were an ISP with your own servers and the wherewithal to (re)sell ADSL, you could offer something like this as a paid-for service; and even give out CDs with a customised Firefox, preconfigured to use your proxy and DNS. I know people would gladly pay a premium for advert-free surfing -- after all, Sky Plus users pay for (what is effectively) advert-free television.

Do not Track

Please give us your name, social security number, address, sex, date of birth and IP address so we can enter it into a huge all-encompassing database so as to ( not ) keep track of you.

Thank You

The Watchers

Adblocking is stealing.

[Kaenneth]

Adblocking is stealing, Just like skipping TV commercials. the Ads are the price they put on their content, and is what pays to keep them running, providing the service. If you don't like it you should, visit other sites, and watch PBS (and donate), or pay Cable/Sat. channels and pay sites. Or just eyeball past the ads if they arn't interesting to you.

By blocking ads, you are preventing them from getting paid, while taking up thier bandwidth and other resources.

Personally, I support the adding of something like an "X-Demographics:" header to HTTP, where users can optionally list anything they like, from "age:20-30 sex:male location:texas interests:cars,babes,booze", to "Piss Off", and Ad-servers can use that data for demographics, instead of trying to guess what you may be interested in. People could easily put invalid data into the field, but, those who would would probably be the ones who would block ads anyway. No need to 'mine' for data, when most people would give it away for free, resulting in better ad targeting, cheaper, more profitable, and open, so that anyone serving a site can use it without cost, not just within the little ad boxes, but to adjust content site-wide.

I don't mind Ads that support content (as opposed to spam, which provides me nothing), but it was silly when for about 6 months I was mainly getting feminine hygene ads from some sites (being male)... and after looking up Arthritis information, getting AARP offers... Like when I saw my Grandfather recieved an offer in the mail: "If you served in World War II, you are eligible for U.S. Government Benifits!" ... really?, even though he served in the Luftwaffe? ...

Re:Adblocking is stealing.

[Khaed]

We have this discussion every time adblock comes up:

If ads weren't invasive and annoying (javascript that slows a site, flash, sound), they wouldn't get blocked -- and those things existed long before AdBlock or even Firefox.

Re:Adblocking is stealing.

[salesgeek]

Adblocking is stealing, Just like skipping TV commercials.

Where did you make the idea up that commercial skipping is the same as putting the five finger discount on hard property? Is someone using a text mode browser like elinks stealing since they can't see those javascript and rich media ads? No. Reality is that if a visitor to a site blocks ads, they are using the web as it was designed. That a business model fails to account for the fact that http and html make it a snap for people to selectively load content (i.e. filter ads, adult content, etc...) simply isn't anyone other than website publisher's problem. In reality people aren't "blocking" ads, they are simply not loading and displaying content from their computer.

By blocking ads, you are preventing them from getting paid, while taking up their bandwidth and other resources.

FAIL. Reality: a publisher getting CPM money who doesn't do so in a way that gets clicks is a genuine fraud. Web visitors pay for bandwidth, too. The publisher and website reader are both paying - but the reality is that someone who filters ads out is simply wasting less bandwidth as is their right to do. It's high time that web publishers started to realize that they have to take the good with the bad with the media they publish. The web gives 100% control to the reader and unless you make your whole site into a giant bitmap, you really can't do a damn thing about it. Nor should you. Get off the my visitors are thieves because they don't let me get my CPM pennies from heaven kick and understand that you are getting paid by advertisers to get willing participants in the advertising game, not to force feed ads no one wants to see let alone click on down peoples throats. If anyone is stealing, it's the web publisher who is getting CPM money and not delivering the clicks to the advertisers because no one sees the ads as adding value to the content of the site. Publishers have a responsibility to deliver for advertiser and their compensation is in the end tied to results. No clicks = cancel. Bad clicks = cancel. Ad blocking is stealing = SCO/RIAA/MPAA STUPID

and how would they do this?

[aldousd666]

By giving you a tracking number that identifies you as someone not to be tracked? Duh. Someone has been smoking a little too much of what comes off the tubes.

DNC List is unconstitutional

[SonicSpike]

The DNC list is unconstitutional. Nowhere in the Constitution do the States delegate the authority to the Federal government to regulate communications.

Re:DNC List is unconstitutional

[JacquesDemien]

http://en.wikipedia.org/wiki/Commerce_Clause#Text ?

Re:DNC List is unconstitutional

[SonicSpike]

The ICC does not mean that Congress is free to regulate every aspect of commerce as many erroneously think.

When the Constitution was written "regulate" meant "to make regular"

If you read your history you'll discover the #1 reason for the Constitution was trade wars and currency imbalances between the States. Therefore the Founders wanted "to make commerce regular" among the States. They wanted a common currency, and no tarrifs/open trade internally.

Re:DNC List is unconstitutional

[JacquesDemien]

I humbly accept your reply and stand corrected. : )

Re:DNC List is unconstitutional

[SonicSpike]

That's ok. Don't believe me, do you own research and find out for yourself.

But be sure to tell others about what you find so that these myths, half-truths, and misconceptions don't continue to spread. Ignorance is the reason why our country is in the position we are currently in.

I hope you are voting too (see my sig) ;-)

BISS lists?

[Fuzzypig]

1. Download moblock/peerguardian
2. Download BISS lists

Alright, not entirely foolproof, but a start in the right direction to keeping the AD tracker dirtbags off your "front-lawn"!

it means

[unity100]

a subjekt that is being discused at the particucar moment.