Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Groups Mull 'Do Not Track' List for Internet

Posted by Zonk on from the i'd-sign dept.

Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.

26 of 136 comments (clear)

  1. Do not spam? by ACS+Solver · · Score: 5, Funny

    So when will I be able to add my email to a "do not spam" list?

    1. Re:Do not spam? by sm62704 · · Score: 2, Insightful

      Mods, the GP was indeed humorous but its writer deserved mod points (you don't get points for "funny"; mod me however you want, my karma's excellent so "funny" is fine). His point in the admittedly humorous post was that these lists would be completely worthess, as there is no possible way to enforce them.

      This is completely unlike the "do not call" lists; these are country-specific. If I spam your phone and you're on a do not call list, we're most likely to share the same government (at least so far) You can be prosecuted.

      OTOH, the AC's post above this one should be modded funny. Oh, right, tough room...

      This post void where prohibited by law

      -mcgrew

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    2. Re:Do not spam? by FlyByPC · · Score: 2, Insightful

      Right this way, sir. Our company has set up a database to help manage your email marketing experience. And it won't even cost you a thing! Just confirm your valid email address via a script, and...

      The sad thing is, I know this would collect a LOT of valid emails. (Probably from folks who would buy things from spammers, too.) Unfortunately, I'm not quite evil enough to bring myself to do that. It's too bad, really.

      --
      Paleotechnologist and connoisseur of pretty shiny things.
  2. unrealistic goals by User+956 · · Score: 4, Funny

    Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said.

    Also, they want world peace, and a pony.

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:unrealistic goals by N3WBI3 · · Score: 2

      Ponies exist, they desire a unicorn..

      --
    2. Re:unrealistic goals by morgan_greywolf · · Score: 5, Informative
      Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

      • Download Firefox
      • Install the Adblock Plus and NoScript extensions
      • T
      • Go to Edit | Preferences or Tools | Options (depending on platform) and go to the Privacy tab. Uncheck 'Accept cookies from sites'.
      • Click Exceptions. Add in all the sites that you use that need cookies to work right (online banking, Slashdot, etc.)


      Tada! You're done. Now you can't be tracked (unless you specifically want to be).

      --
      My blog
    3. Re:unrealistic goals by TheMeuge · · Score: 3, Insightful

      Exactly.

      My first reaction to this story was to add the "futile" tag.

      I think we all have to get used to the thought that if there is any information out there, that is publicly accessible in plaintext, it will be cataloged, author identified, and data-mined ad infinitum. Given the technological capability to collect, organize, and process data... as well as the prolific availability of said data, we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression.

      The way I see it, the only way to ensure any real privacy, is to personally ensure anonymity at any point where it seems necessary. With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society... but this is a choice we're all making right now, and will certainly have to make in the future.

    4. Re:unrealistic goals by walt-sjc · · Score: 2, Insightful

      This "do not track" group is a bunch of die-hard IE users. Since MS refuses to add reasonable privacy tools, they are looking for legislation. Idiots. This is a browser problem, not an advertiser problem. Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE, I don't know what the hell they are thinking Congress will do. Most likely we will end up with a law that outlaws privacy tools like Firefox / Adblock and instead mandates a stupid list that only US based companies are obliged to obey.

    5. Re:unrealistic goals by mdm-adph · · Score: 2, Informative

      My friend, I had kinda the same problem as you did (having to maintain a huge whilelist with NoScript) -- that's why, on the first tab of the configuration window, you'll see an option for "Allow Top-Level Sites by Default." No more keeping track of a huge whitelist.

      Now, any site you go to will automatically allow JavaScript from that domain (I mean, if you didn't want its JavaScript running on your machine, what are you going there for?). Any other domain's scripts that are present on that page will still not run, and I'm sure that you'll find that 90-95% of the time those extra scripts are ads and tracker scripts.

      Doing the whitelist thing (having to manually allow every domain's JavaScript every time you go to a new site) will eventually bite you in the ass -- after about a year of using NoScript, my whitelist had grown so large that every site I visited had a noticable 4-5 second pause, which was literally just NoScript checking through the huge whitelist!

      --
      It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
  3. Anyone else see the problem here? by Kelson · · Score: 3, Insightful

    Anyone else see the problem here?

    OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list.

    Oops.

    A better idea would be a standardized opt-out system where your browser tells every server, "Do not track me," then set up web applications to honor that choice.

    Maybe set up an X-DontTrackMe header for HTTP requests. Or a standardized DontTrack=true cookie not linked to a domain. Something that has no unique information and gets sent to every website. Then turn it on and off in the browser with a checkbox.

    Something like that could be tested as a Firefox extension or IE browser helper (if I'm remembering the terminology correctly) to start with, then added to browsers themselves.

    1. Re:Anyone else see the problem here? by walt-sjc · · Score: 2, Funny

      I don't allow cookies. Your method won't work. How about a "X-I-want-to-be-tracked" cookie and a "X-my-SSN#-is" for the 3 idiots on the planet that WANT to be tracked?

  4. Internet != Telephone by One+Childish+N00b · · Score: 5, Insightful

    The 'Do Not Call' list works - to a degree - because people who ignore it run the risk of legal action, due to all being inside the country they're calling. I can't see many companies going to the extent of running offshore telemarketing companies due to the high cost of international calls.

    This problem obviously does not exist on the internet - the cost of serving up those banners to millions of people clearly doesn't eat into the profits of these companies, so there's no reason for them to stop, and if laws are passed forcing them to stop, they'll simply be replaced by foreign companies advertising either on behalf of the same companies serving up the ads now, or set up by the advertising companies to circumvent the laws.

    This won't work.

    --
    Dealing with lawyers would be a lot less tedious if they all looked like Casey Novak.
  5. Re:you still are using word "mull" in wrong contec by N3WBI3 · · Score: 2, Funny

    Unless of course they are using Mull as in Mull Over which means 'Reflect deeply on a subject'

    --
  6. How? by saterdaies · · Score: 2, Interesting

    The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

    Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

    Am I missing something?

  7. on a "do not spam" list by khallow · · Score: 5, Informative

    The largest lesson in emal spamming has been that they'll send spam to anything resembling an email. They don't care where it came from or how and why they got it. So as I see it the only value of a "do not spam" list is that it will contain a lot of active email addresses. That is gold to spammers and I think anyone who believes such a list will reduce spamming (rather than have the opposite effect) is sorely deluded.

    1. Re:on a "do not spam" list by kinko · · Score: 3, Insightful

      Obviously such a list would not contain the actual addresses, but some type of checksum for each address. Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

  8. (yawn) Yet another pre-defeated proposal by Arrogant-Bastard · · Score: 4, Interesting

    Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

    Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

    This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

    Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

  9. Kick me by FranTaylor · · Score: 2, Insightful

    This is the Internet equivalent of having a 'Kick Me' sign stuck to your back.

  10. I do this already. by sherriw · · Score: 2, Insightful

    I already 'opt out' of website advertising - I add the advertiser to my do not advertise list. It's called adblock. It's gold.

  11. How do they know it's you? by argent · · Score: 2, Informative

    Cookies don't work, they'd have to be set for each site. IP address doesn't work, they change and are shared. And what exactly is it people are worried about in the first place? That's what I don't get here... how is your privacy being violated if they don't know who you are?

    If this is limited to advertising to people who are customers... that is, people who have some kind of relationship that would allow them to be identified... that would work. But it doesn't sound like that's what people are concerned about...

  12. Let me get this straight ... by fayd · · Score: 2, Funny

    They want to keep track of the people who don't want to be tracked ... *blink*

  13. Don't forget to make list available to scammers! by wsanders · · Score: 2, Funny

    Well, out here at the Minsk Home for Deposed Nigerian Cabinet Ministers the first thing I must do is get hold of this list so I can stop scamming all you people.

    Since most web usage is tracked anonymously it's much more likely that identifiable information will be hijacked from a copy of the the "no not track" list than from any of the web tracking itself. Seems like kind of a silly, tinfoil-hat-inspired idea!

    --
    Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
  14. Re:you still are using word "mull" in wrong contec by Chris+Mattern · · Score: 2, Informative

    You are a special, unique individual, and that's a great thing. Unfortunately, you also have a special, unique definition of "mull", and that's not working out so well.

    Chris Mattern

  15. The change needs to happen in the browser by AmiMoJo · · Score: 2, Interesting

    Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

    It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  16. Tried and failed by uigrad_2000 · · Score: 2, Informative
    There is already a policy like this, called P3P (Platform for Privacy Preferences Project).

    P3P lets a create a all-encompassing privacy plan for their browser, and only websites that comply with particular levels of user privacy, and sign their sites as doing so, are able to set and read cookies in the way that the user specifies. The standard was created by W3C, and even had support initially from IE and Mozilla.

    The code for P3P in Mozilla sat untouched from 2003 until 2007, so they turned it off for a few releases to see if anyone would notice. When no one complained, they finally yanked it out of the firefox and seamonkey trunks.

    The vast majority of websites are never going to file one of these documents, since it is just a bunch of paperwork, and a setup for a lawsuit against yourself.

    My questions not answered by this article are:

    1. What does this new system have that P3P does not?
    2. Why is the FTC involved? Does the government have to control every aspect of our lives?
    3. Who is actually going to trust every website out there to abide by these controls? A company that signs and promises not to abuse your data, and then asks for extra privileges are the most likely to abuse it.
    4. If a website does abuse data that they promised not to, how will they be caught? Will they be tried in court as criminals? Copyright infringers are tried as criminals and we all know how that turned out.

    The Do not call registry works because it is tied phone numbers, which are static for users, and are the only gateway for phone communication between a user and a solicitor. There is no such vehicle for the internet. If the U.S. government wants to assign web browsing IDs for all users, then it could work. If that ever happens, I'm moving to Cambodia.

    --
    Free unix account: freeshell.org
  17. Why bother? by ajs318 · · Score: 2, Interesting

    All you need is a local HTTP proxy server set to block known advertising servers, and a local DNS server set to point the target URLs of tracking scripts somewhere benign. If your proxy server strips out __utm* cookies, so much the better.

    Actually, screw local -- if you were an ISP with your own servers and the wherewithal to (re)sell ADSL, you could offer something like this as a paid-for service; and even give out CDs with a customised Firefox, preconfigured to use your proxy and DNS. I know people would gladly pay a premium for advert-free surfing -- after all, Sky Plus users pay for (what is effectively) advert-free television.

    --
    Je fume. Tu fumes. Nous fûmes!