Slashdot Mirror
Study: Ad Networks Not Honoring Do-Not-Track
itwbennett writes "According to a new study from Stanford University's Center for Internet Society, almost half of the Network Advertising Initiative (NAI) members that Stanford studied left tracking cookies in place after a Web user opted out of targeted ads. NAI's executive director said that with no consensus on what do-not-track means, ad networks continue to gather data for business reasons other than providing targeted advertising. 'Under the NAI self-regulatory code, companies commit to providing an opt out to the use of online data for online behavioral advertising purposes,' Curran said. 'But the NAI code also recognizes that companies sometimes need to continue to collect data for operational reasons that are separate from ad targeting based on a user's online behavior.'"
And the 'invisible hand' will always be watching our back.... or is it ...
Read radical news here
Just absolutely shocked.
These are three things I like.
You can probably still track me if I visit you site, but I'm damned if I'm going to help you.
I always assumed that when I checked the "Do Not Track" box, they set a special cookie.
Is it just me or did /. disabled the option to hide the ads for people with good Karma?
Nobox: Only simple products.
Not surprised at all. Look at how effective the "do not call" list has been?
It works for the most part, but the information is still available and for sale for scrupulous telemarketers.
Not surprised that this "do not track" can easily be worked around.
Previewing comments are for sissies!
I checked the "Do Not Track" checkmark, and honestly didn't expect ANY of the advertisers to respect the completely voluntary setting. The fact that any of them, let alone 50% are actually respecting it is a big improvement.
I, for one, am SHOCKED that ad networks aren't honoring my polite request not to make money off of me. I'm also puzzled that I continue to get emails about Viagra after dutifully clicking on the "opt-out" link in those e-mails. I should write a letter to my congressional representatives. They'll listen!
For those people who tried to argue against Adblock and other tools to help users control how their information is used and how their browsing experience plays out, this should take the wind out of their sails at least a little. Browser developers and advertising companies came up with a standard for not tracking the users who don't want to be tracked and the ad companies promptly turned around and fucked those users over. Why should we respect the wishes of marketers who don't want us blocking ads now?
Help protect civil rights from abuse by the TSA - visit TSA News Blog.
http://www.tsanewsblog.com
When these stories went around slashdot before, I posted that this is crazy. The only way to avoid tracking is to avoid leaking the data to begin with. That is, mostly, up to your local browser. You get to pick whether to accept cookies, run tracking scripts, and so on. But I was modded to -1 for saying this. It looks like it wasn't really so crazy after all.
Better Privacy + Cookie Monster + separate browser just for Facebook. Seems to do a fairly good job in total.
sPh
The NAI opt out has little to do with DoNotTrack. I do agree though that how cookies are supposed to be handled via DoNotTrack are unclear based on the standard. When working on an implementation of it, my company decided to actually put a cookie on any machine that has the DNT flag set. This cookie contains no tracking data and is ignored by our servers, but the consensus was that when opting out users have been trained to look for the presence of an opt-out cookie and so not putting one there may be confusing.
"Almost half"? I would have expected the number of ad networks ignoring do-not-track to be closer to 80%.
This indicates that more than half are honoring it, which is, IMHO, quite a victory for our side.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
That is a "Trusted Shopping Associate" - if only people registered then they could opt-out you see. oh wait.
Ah yes, we all know the advertising market is full of honesty and integrity...
Who in their right mind expected that if you give anyone full control over a lucrative resource and then tell them not to use it although you have absolutely no power to enforce your demand that they would respect your request? I mean, not even your kids respect anything you say that goes against their will if there isn't a consequence for their infraction.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
Data is how these companies make money. No one wants to buy ads if the ad company can't tell their clients how many views and unique views the ads are getting. Data is their lifeblood and they aren't going to stop because we asked nicely.
That's because Open Source projects are about what was said about Microsoft around the time Windows '95 was out. The only difference is the complexity of the project is much much lower and normally just a clone of something else creaded by some other team. Yet the marketing is strong with them. They can lie all the way and than some more. How about the tiny Firefox, smaller at every minor version? How about it being standard compliant? More compliant than an old Internet Explorer that is. How about it being faster? It used to compare with browsers a few years old. When even that was stalling they started comparing with their own older versions. How about Evince, the universal viewer which can read only a few of the formats used today and in a suboptimal manner? Ekiga? A wonderful project where the standard is at fault each time they fail a comparison with Skype. And so on, the list can make a small encyclopedia.
"Hi, we would like you to voluntarily limit your sources of revenue by not giving your customers, advertisers, the tracking options that they want."
doesn't work folks
sorry, the market doesn't regulate itself in some respects. mostly in those respects that involve moral behavior. you need regulation and enforcement for that
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
People respond to incentives. You cannot just ask someone to do something. I'm not sure why it continues to be a surprise when someone does/doesn't do something, when they have no incentive to change their behavior. We've been wired this way since the beginning - shouldn't this be obvious?
mov ah, 4ch
int 21h
Do not track... I assumed this was a simple concept. "Don't track me, bro!" Admittedly, these companies have a vested interest in not wishing to honor such requests on technicality, to say that they need to due to certain functions seems only partially true. If it's technical issues, such as capacity planning or performance benchmarks, there are other metrics one can use. If it comes to business metrics... well... tough. Use server-side stuff and either accept the market change or innovate.
the behavioral differences between those who opt out and those who do not. See?
Who'd have thought that ad networks wouldn't give up their source of revenue?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
This is so thoroughly at odds with everything I know and understand of this world that I am now in a horrible existential crisis. I will time to deal with this.
Democracy Now! - your daily, uncensored, corporate-free
Yes, we need incentives to go through TSA checkpoints. It's not like we're forced by law or anything.
I don't get all the hype with the Do-Not-Track, because from the beginning, I had zero faith in the method. Frankly, it's almost funny to read this now, when I knew this to be exactly what would happen. If not worse.
I mean, do you trust in a sign you'd put up on your front door, saying "Do not rob"? Thought so.
On Internet anno 2011, in the world we live in, with the kind of overpopulation and hunt for resources and money, the kiddie stuff that is "Do not track" does not work, at least not for your common greyzone law hustlers. The thinking needs to go in to other places, like a comfortable cookie policy that can also communicate to and from the user. So that people save some cookies they want, and reject the others. I could go on and on, but it's not really that hard, but I am surprised this "Do not track" thing has gotten so far off the ground. One would think it'd die in infancy, like all the other obviously lousier ideas.
As an HTTP expert (16 years working with the protocol at a low level, often writing code to use the protocol directly through socket connections) and programming professional, his results raised two flags for me after reading his methodology.
He stated that he only reloaded the browser after opting out. Non persistent cookies don't get deleted until you completely kill every process for a given browser because they share cookies across browser processes. Simply shutting one of the tabs off or closing one browser window won't work.
Reloading isn't going to do shit and that's all he did to see if the cookie got deleted. If it was a cookie with an expiration date, it would get deleted. Per session cookies don't get deleted based on a header from a web server. They stick around til the browser processes are closed.
To see this for yourself, open two browser windows. Go to www.gmail.com. Log out if you are logged in. Uncheck the "Stay signed in" checkbox (You DO do this already right?). Now log into gmail with one of your browsers. Close the browser. Go to the other window and go to www.gmail.com. You will still be logged in. Now log out of gmail. Open your cookie list and look for the mail.google.com cookies that will still be there.
These are per session cookies. They'll get deleted when you close all your chrome windows.
As well it's very likely that some people leave a cookie and mark the ID as "do not track" in the database so they can still serve ads and know not to collect tracking data on that ID.
Unless DoNotTrack has some mighty beefy servers, that's about the only way for you to keep track of who not to track on a permanent basis.
DoNotTrack is also a browser plug in written by Stanford. Hmmm...
He is jumping to flawed conclusions based on incomplete data.
He didn't call a single ad network to ask what the cookie is used for. Irresponsibility combined with hubris and ignorance.... What is Stanford Law coming too... oh wait a minute!
I work in the security industry, not ad serving. I used to work in the ad industry. I wrote a third party ROI tracking server. I actually do know what I'm talking about.
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
Even reputable websites that allow third party adservers to post ads to their servers get tracking cookies installed. Advertising companies don't care, when they are caught they get warned at most so why bother stopping? So they all chance their arm doing it. The likes of Google text ad services generally don't I don't think. I just use an adblocker, it is my information and it is actually worth money. Ad companies will pay for this information if they can't get it for free so why are we letting them collect our information for free? There are online surveys and you can get vouchers for popular online websites for filling them in and they only take 10 minutes. I used to do it when working in a help desk at lunch time. Made about a 100 Euro in 3 months doing it. Alcohol ones pay best.
I am shocked, shocked, I tell you, to discover that "do not track" preferences are being ignored.
It's almost as if the trackers actually wanted to track you...
Remember to flush your cookies regularly in every browser you use, and to use a different browser for financial stuff (including purchases) than for regular browsing. And don't get me started about BaseFuck (or was it FaceBook).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Their entire purpose in life is to lie and cheat in order to make money. Anybody who expect voluntary ethical behaviour from a marketer doesn't know marketers. And don't talk to me about the mythical wise, long-term thinking marketers.
Do-Not-Track opts you out of receiving targeting advertising. That's completely separate from something like, Google Analytics, which tells businesses how their sites are being used and measure traffic. Asking businesses not to collect analytics data is like asking a shop owner to wear a blindfold and earmuffs when you come through the door.
I originally misread the title as:
"Study: Ad Networks Honoring Do-Not-Track"
My jaw almost hit the floor before I figured it out.
No further comment necessary.
NT
********************
I object to Intellect without Discipline.
So I have an idea that could possibly work? What if we could give an incentive to the ad networks to honor it?
The gist is Adblock/etc, band up and agree that they will by default only block networks that do not adhere to DNT (this would be the default option on first install, users who want more can change this option to say "everything"). By doing this, adnetworks who do follow DNT will rach a tiny (but growing) surge of users they would not otherwise. Not to mention some good karma.
http://dilemma.gulecha.org - My philospohical short film.
That's why I keep having Flash cookies show up in Safari Cookies, obviously.
Capitalists are such lying byatches.
Death, taxes, and people trying to sell you shit.
How about using Flashblock?
Then the site will just stop using HTML technologies and present itself as a Flash app (and possibly as an iPhone and iPad app if there is demand). That way, unblocking the site in Flashblock will unblock the ads.
If they don't like people copying their data without paying for it, perhaps they should have considered that before they posted that data on the public Internet
Then the providers of advertising-supported works could escalate it by requiring the user to interact with an ad before the user receives a token that allows decryption and display of the work.
There's a very simple solution to this. Just download & install xxxterm and adsuck. Those scumsucking advertisers won't be able to track you anymore.
http://opensource.conformal.com/wiki/Adsuck
http://opensource.conformal.com/wiki/XXXTerm