Privacy Groups Mull 'Do Not Track' List for Internet

Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.

How?

[saterdaies]

The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

Am I missing something?

(yawn) Yet another pre-defeated proposal

[Arrogant-Bastard]

Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

The change needs to happen in the browser

[AmiMoJo]

Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

Tracking can be a Good Thing too

isn't tracking a useful thing?

- cookies are used to maintain the session of web applications - this isn't going anywhere

- tracking user actions within a site lets us get great statistics, work out where our web apps need improving

how do you prevent malicious tracking without damaging the above?

who says what is malicious and what is good? who polices the police?

and what's wrong with being tracked anyhow?

Why bother?

[ajs318]

All you need is a local HTTP proxy server set to block known advertising servers, and a local DNS server set to point the target URLs of tracking scripts somewhere benign. If your proxy server strips out __utm* cookies, so much the better.

Actually, screw local -- if you were an ISP with your own servers and the wherewithal to (re)sell ADSL, you could offer something like this as a paid-for service; and even give out CDs with a customised Firefox, preconfigured to use your proxy and DNS. I know people would gladly pay a premium for advert-free surfing -- after all, Sky Plus users pay for (what is effectively) advert-free television.