Slashdot Mirror
Apple Adding "Do-Not-Track" To Safari
bonch writes "The latest developer preview of OS X Lion includes a 'do not track' privacy feature in Safari, the latest browser to do so following Mozilla Firefox and Microsoft Internet Explorer. The feature complies with a privacy system backed by the FTC that allows users to declare that they do not wish to be tracked by online advertisers. This leaves Google Chrome as the last prominent browser not to support the feature. As an online advertiser themselves, Google states that they 'will continue to be involved closely' with industry discussions about compliance with the do-not-track system."
Microsoft added a 'Do Not Crack' plea button to Internet Explorer ... hackers were unavailable for comments on whether this new button will convince them of leaving the browser alone
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
There is an excellent 3rd party extension for Chrome called "ChromeBlock" that opts you out of ad tracking networks. I use this combined with one called "Disconnect" that dispersonalizes searches and blocks 3rd party sites from tracking you.
Do any of these "Do Not Track" buttons in browsers actually do anything useful, like disable third-party cookies, or does it just amount to an altogether useless "pretty please!" plea to the oh-so-ethical tracking/advertising industry? If the latter, then aren't these fancy "Do Not Track" buttons actually WORSE than nothing since they'll give ignorant users a completely phoney sense of security.
Y'know, while it pleases me to see all the major browsers implementing this, and even having some shred of FTC support, it still doesn't amount to a kernel of corn in a mountain of turd for one simple reason...
Namely, the real abusers of our privacy don't give a damn about what we want. And don't think that only includes the likes of Ralsky - Every single company that thinks they can get away with harvesting your data by using a "third party affiliate" or offshore host, will do whatever they can get away with.
We have one, and only one, means of maintaining our privacy online - Lie, lie, lie, lie, lie. Filter your response headers, never use your real name, address, phone number, or even your real dog's name as the answer to a site's security questions.
You see, I like to go and visit porn sites and then Evangelical Christian sites and then pot legalization sites and then pro-gay marriage sites and then back.
I'm hoping the social conservatives will see and think, "Hey! Our flock likes gay marriage, porn and pot. We better get behind the legalization of pot or we'll lose our worshipers!"
Or they'll think I'm just Republican Congressman.
That's what I tell myself anyway. ..
I'm sure there are ways for sites to be in compliance with the no-tracking feature, but they will still track you.
so i have ie, firefox, chrome, safari, and opera always installed on every one of my machines (work/ mobile/ home)
sometimes i'll randomly launch browsers just to get a feel for the user experience ("___ is not your default browser, would like to make..." ad infinitum). i'm sure if slashdot data mined the HTTP_USER_AGENT server variable attached to user circletimessquare they'd see an odd 5 piece pie chart
but after reading this post, i foresee the chrome pie piece experiencing a significant decrease in size
c'mon google, what the fuck
and this is why competition works. if only ie dominated, as in years past, there's be little or no pressure to introduce this feature. honest fair competition (in a well-regulated marketplace) means the consumer wins
one final aside: i love opera. that's one scrappy browser. they always seem to have the most exotic features that leave your mind excited rather than eye-rolling (like bit torrent support baked in). supporting opera, unfortunately, is an afterthought in most browser development projects i've been attached to, and in the past, it suffered from the same hijinks as ie6/7 which left you angry at it and resentful (not so much anymore). but i've always tried to support opera. and its not just sentimental love for the underdog, opera is a really good browser, you should try it (no i'm not affiliated with them in any way). i believe its hot in nordic countries (which makes sense, since its from there) and eastern europe
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Since Google Analytics seems to be on about every website in the known world these days, it hardly surprises me that Google would be reluctant to support this. Wouldn't this feature essentially cripple it?
SJW: Someone who has run out of real oppression, and has to fake it.
Incognito mode ('porn mode' to its friends) attacks an entirely different class of privacy problem.
The interpersonal privacy compromise problem is a legitimate one. Potentially embarrassing or worse. Incognito mode does a reasonably effective job of stopping that one(I haven't read up on whether or not the latest forensics packages can do anything against it; but the contents of a closed incognito session are safe enough from your roommate/spouse/kids/nosy sibling/etc.)
Against remote 3rd parties, though, incognito mode is highly limited. It does flush cookies when the session is terminated, which is better than nothing; but with most broadband IPs being close to static, it often isn't rocket surgery to correlate and reconstruct user activity even if you lose some cookies(indeed, being able to run an incognito session and a standard session at the same time and on the same host probably makes that easier, unlike the older, cruder methods where the user manually wiped all their sessions after a period of time).
They are really two entirely different classes of threat.
Except that it's a completely different thing that solves a completely unrelated problem.
Chrome already has "incognito mode," so I'm not sure what more you could want from a browser if there is any concern about privacy.
They all have a version of this feature. Safari started it all off with their Private Browsing back in 2005. Three and a half years later Chrome 1.0 gave us Incognito mode, IE8 then include the InPrivate Browsing. Firefox 3.5 also has Private Browsing while Opera 10.5 has Private Tab / Private Window.
Why would you want to have both systems? Well, why not. Frankly, I don't think you can have too many features to protect your privacy online. This new header is more of a directive to the server not to track the user. Think of it as Incognito Mode for the web server. Whether you trust the web companies to abide by it is left for the reader to decide.
Except that it's a completely different thing that solves a completely unrelated problem.
OK but that's all I want to hear about your penis enlarger.
Fine, but don't come crying when your partner dumps you for someone who did. Well actually do come crying, there's a deluxe model you see...
I'm pondering ways to designate my unique set of clicks to be a copyrighted work. Then we can let those beautiful new CopyTerror laws in a tasty case of the Law of Unexpected Consequences.
Actually, I'd really like to see a fight between the **aa and the web tracking industries. Anyone know how much $ value the "4th parties" (not Google) together combine into vs Big Media?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
To summarise:
"Privacy Mode" means "Do not store information about what I've been doing ON THIS COMPUTER"
"Do not Track" means "Dear Advertisers, Do not store information about what I've been doing ON YOUR SERVERS"
Large difference.
* Blocks web bugs
What?
* Disables loading of tracking ads
How? Magic? How do you work out which ads are tracking?
* Spoofs the referrer to be the root of the domain being visited
Possible yes. Useful? Not really.
* Changes your default search engine off google and onto one that doesn't log your searches
All search engines log searches, its how they get feedback.
You forgot the button that makes you unable to write on Facebook while drunk.
Wonder when they are going to implement malicious bit in TCP-IP.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Of course(and this is the big, big 'remains to be see' part) is that 'Privacy Mode' concerns something happening on a box you physically and(unless rooted) logically control. Enforcing it is just a matter of writing the software(which, under different names, I believe pretty much all browser producers have now done).
'Do not track', however, is just a polite request(similar to a robots.txt). There is absolutely no way of technologically forcing compliance(other schemes, like assorted cookie-handling plugins, tor routing, and such attempt to solve the problem technologically, with varying degrees of success and tradeoffs. DNT is just a psuedo-standard way of asking). If major players actually buy in, it could end up being quite useful(given that outwitting data-mining professionals is a bit of a cat-and-mouse, particularly for Joe User). If major players ignore it, or farm out plausible-deniability subsidiaries to do it for them, DNT will be a dead letter.
In the case of robots.txt, ignoring that is considered rather tasteless, and most big players tend not to; but there is nothing stopping a wildcat player or a proxy entity from trampling all over it. DNT's cultural status has yet to be determined. Since that is still up in the air, supporting it is a nice gesture; but provides an unknown(and at present likely fairly minimal) degree of protection.
One can use tools like sandboxie to help with making sure browsing traces are isolated from each other, and when done with the site, end up being gone, which helps local security, as well as remote security.
For local security, putting the sandbox from sandboxie on a TrueCrypt partition and having sandboxie do a wipe when deleting the sandbox is good. Not just security from someone nosy with an undelete utility, but having file isolation so that possibly damaging stuff never ends up on the same drive as the OS or documents. The TC volume can be used for security (making sure that even if stuff is missed by a wipe, it is inaccessible to an intruder), but it mainly is used as a separate filesystem for isolation reasons. Should some compromised Web browser add-on fill up the filesystem or try to corrupt it (like a script that just makes directories until all inodes are used), the worst that would need done is a format of that volume.
For remote security, using different web browsers in different sandboxes, or even instances of the same web browser in different spaces helps with separation of content -- something that takes over the browser that is doing banking transactions won't be able to take over the browser that is used for viewing pr0n and slurp up the pr0n subscription IDs and passwords.
If Web browsers were engineered to value privacy, they would have some way of masking fonts and other identifying info. Even with privacy browsing, one can use EFF's panopticlick to find out that in most cases, one's browser is unique, either due to the fonts used, the OS and browser, or a distinct combination of the above. I have yet to find a browser that obfuscates this info in a good manner.
Until this is done, advertisers still can track on this information.
Blocking all advertisments is kinda unethical.
Certain websites offer you free content, don't try anything nasty, and the least you can do is try to let them scrape some money which you're not paying for.
Yes I agree that when you end up with giant half-page "POP IN THE MIDDLE OF THE SCREEN" flash ads its kinda overdoing it...
Web bugs are again hard to find to remove. Blacklisting doesn't really work for long.
Chrome already has "incognito mode," so I'm not sure what more you could want from a browser if there is any concern about privacy.
Plenty! And Safari already had it's Private Browsing feature (where that idea in Chrome came from). In those modes, cookies are not saved past the current session, browser history isn't saved, your downloads history isn't preserved, etc. For me, I like those things, but my need for cookies is limited to things like Slashdot recognizing me so I am logged in all the time. I don't need ad tracking.
"Google states that they 'will continue to be involved closely' with industry discussions about compliance with the do-not-track system."
Of course that's so they know what they need to do to make it not work.
mod parent up: informative/ insightful
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
this is some sort of subculture war i'm not familiar with. link? (work safe link please)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Yes, Spam legislation did SO much good. /sarcasm All it did was move it off shore. While advertising may not move off shore, the fact is that you can't legislate tracking, and you can't solve it with "Please please don't track me" buttons. Oh, so you can get adsense to stop following you? Big whoop. If a website wants, they can each have their own tracking software, and sell to highest bidder.
And you keep pushing and pushing, and sites like Facebook will start throwing up warnings about how crappy your experience will be unless you disable. Don't disable? Then they'll feed you a site with no Javascript that looks like it survived the Geocities shutdown.
When will users, companies, and politicians learn... they wouldn't KNOW so much about you if you didn't TELL them in the first place! Other than your IP, every other form of information is one you actively give or can proactively prevent. And there are always services like Tor if your IP being known freaks you out...
Sorry, but I'm really tired of this shit. People freak out because someone stole a list of email addresses, oOoOo... I stole a white pages phone book, should someone call the FBI? I'm going to start comparing the 30yr old + generation, of which I'm a part of, the new Sen. Stevens generation. I'm all for privacy, but this whiny do not track button BS isn't going to save ONE person from real ID theft. It's another "the internet is a bunch of tubes" make believe idea.
I8-D
don't worry, i have no party in this fistfight. happy browsing and happy brawling
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Blocking all advertisments is kinda unethical.
Certain websites offer you free content, don't try anything nasty, and the least you can do is try to let them scrape some money which you're not paying for.
Yes I agree that when you end up with giant half-page "POP IN THE MIDDLE OF THE SCREEN" flash ads its kinda overdoing it...
Web bugs are again hard to find to remove. Blacklisting doesn't really work for long.
It's not unethical. They can't force you to look at ads or pay attention to them and they can't force you to load them at all. Do you consider going to the bathroom during a commercial break to be unethical ?
If all else fails, immortality can always be assured by spectacular error.
If you can still post to Facebook then you aren't drunk enough.
If all else fails, immortality can always be assured by spectacular error.
you're an idiot.
You can't use the same metaphor because the tv station gets paid for showing the commerical break, regardless of how many people are watching it or urinating or whatever - and getting ratings for those is difficult, so the advertiser never gets to know.
If of course there was some magical technology available for everyone which would remove all commercials, then I would expect my favourite channel to suffer for it, and would be unethical.
If you follow that reasoning it would be unethical to not click on every advertisement a website serves up because they are most likely pay-per-click. In fact you are advocating killing the DVR, which also allows you to skip ads. This isn't new of course ABC tried the same thing a while back.
If all else fails, immortality can always be assured by spectacular error.
Opera is cool, unfortunately it is currently broken on OSX, I cannot access any sites that have IPV6 AAAA-record cause Opera tries to use IPV6 even though I have disabled IPV6. Hoping that next version fixes this, I can stop launching Safari to access those few sites that won't open now on Opera.
- Raynet --> .
No thanks Apple, I already have it covered.
This is a good combo, not sure why Apple is developing their own when perfectly good options already exist.
Slashdot still doesn't work properly in any browser after the recent rewrite.
'Do not track', however, is just a polite request(similar to a robots.txt). There is absolutely no way of technologically forcing compliance(other schemes, like assorted cookie-handling plugins, tor routing, and such attempt to solve the problem technologically, with varying degrees of success and tradeoffs. DNT is just a psuedo-standard way of asking). If major players actually buy in, it could end up being quite useful(given that outwitting data-mining professionals is a bit of a cat-and-mouse, particularly for Joe User). If major players ignore it, or farm out plausible-deniability subsidiaries to do it for them, DNT will be a dead letter./quote.
I think that the usefulness of DNT as an adopted industry standard is that it could pave the way for future legislation. So far as I know, in some countries, it is already illegal to gather and store private information about someone who has explicitly asked that it not be done. In US this is not the case, but this could be changed - it's a fairly reasonable law, in my opinion, since the burden is on the user to ask. But then, if courts agree that DNT amounts to such an explicit ask, then suddenly it gets some legal teeth.
This does nothing in the most general case (of servers being hosted somewhere in China etc), but it's still a good start.
Google states that they 'will continue to be involved closely' with industry discussions about compliance with the do-not-track system.
Who else can smell the methane coming off of this obvious political statement? Talk about side-stepping to avoid making a comment. This is why I use Firefox. No fud, community supported, rock solid.
Yes, I've made bug reports on them all. And after posting that comment Opera wanted to update itself and voila, the bugs are gone. Way to go Opera! Now I can again use just one browser.
- Raynet --> .