Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Proposes Unified "Do Not Track" Privacy Standard

Posted by Unknown on from the federal-legislation-due-in-2013 dept.

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

21 of 93 comments (clear)

  1. Noble ambition by ackthpt · · Score: 5, Funny

    Raise your hand if you think it will be fully adopted by Facebook.

    And Microsoft will probably come up with their own standard...

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Noble ambition by iluvcapra · · Score: 5, Funny

      If they invite Microsoft to the ISO open document standardization meetings, it's only fair they invite Facebook and Google to the privacy standardization meetings.

      --
      Don't blame me, I voted for Baltar.
    2. Re:Noble ambition by Anonymous Coward · · Score: 5, Informative

      You obviously don't realize that it was Microsoft who first submitted a Do Not Track proposal to the W3C, earlier this year.

      http://threatpost.com/en_us/blogs/microsoft-submits-tracking-protection-proposal-w3c-022511
      http://www.w3.org/Submission/2011/SUBM-web-tracking-protection-20110224/

      The Microsoft specification/method doesn't require to cooperation of publishers and doesn't rely on the behaving properly - unlike the methods implemented in Firefox and Chrome do, which therefore are practically useless against ill-behaving advertisers who do not honor the user's wishes regarding privacy.

    3. Re:Noble ambition by lvxferre · · Score: 3, Insightful

      It's interesting to Microsoft to kill tracking, since it's what their biggest rival - Google - uses for generate revenue, and MS's income comes from their [dubious quality] OS and office suite.

      --
      Nerdy news for your nerdy needs? http://www.soylentnews.org Soylent News is people!
    4. Re:Noble ambition by TheRaven64 · · Score: 2, Informative

      Exactly. In this case, Microsoft's incentives line up with the general public's, so there's a good chance that their standard will do what we actually want. FireFox and Chrome get most of their funding from Google, so they've got an incentive to appear to be acting in consumers' favour without actually making tracking too difficult. Apple probably just doesn't care - Safari isn't a profit centre for them.

      --
      I am TheRaven on Soylent News
  2. Yea, this will . . . . by bogidu · · Score: 3, Insightful

    work as well as that 'Do Not Call' list.

    1. Re:Yea, this will . . . . by EdIII · · Score: 5, Interesting

      You can't compare the two.

      Telemarketers (Debt Collectors are not bound by it) are required to show proof that they checked the number against the list within 14 days of contact. If they cannot, and they made contact, it is a 50k USD fine the last time I checked per infraction .

      Of course, the only way the FTC knows about it is complaints. What does the FTC have? Phone records. Everything they need to assess the fine, and they love to do it.

      This is completely different, and completely retarded, if it has no such teeth. How does the consumer even know to complain in the first place?

      The consumer does not know:

      - What information I am storing server side in my databases.
      - If I am even processing the privacy requests in the first place. That's all new code. Once that standard is in place I will have to go back to every website I am responsible for and enact the new policies.
      - If, and when, I sold the information to 3rd parties.
      - If, and when, I was hacked and the information copied. Unless new laws mandate disclosure.
      - If, and when, affiliates were provided the information.

      It is kind of hard to compare the two together. This new standard puts an awful lot of responsibility on website developers and owners, of which many, are ill equipped to comply with new standards like this immediately. There is a significant percentage that will not even upgrade to a new web server capable of processing the requests.

      What about foreign web servers? At least the FTC can nail telemarketers in the US regardless of where the call came from as long as the profit was made in the US.

  3. Can we get one... by Anonymous Coward · · Score: 4, Insightful

    ...for use without a computer?

  4. Re:It's about loopholes, adherence and enforcement by betterunixthanunix · · Score: 5, Insightful

    And then the enforcement is lax.

    Enforcement by whom? This is just a standard by W3C, and it is a weak one at that. If you fail to produce compliant HTML, your web page might not render correctly; if you fail to follow this standard, nobody will notice.

    Privacy is not something that a standard can guarantee you.

    --
    Palm trees and 8
  5. Re:It's about loopholes, adherence and enforcement by causality · · Score: 2, Insightful

    And then the enforcement is lax.

    Enforcement by whom? This is just a standard by W3C, and it is a weak one at that. If you fail to produce compliant HTML, your web page might not render correctly; if you fail to follow this standard, nobody will notice. Privacy is not something that a standard can guarantee you.

    I hope this doesn't work out the same way anti-telemarketer devices did prior to the Do-Not-Call List.

    Anyone remember those? They used various tones and other tricks to try to convince the telemarketers' auto-dialers that the number was invalid or not in service. How did the telemarketers respond? Did they take the hint that they were not wanted and focus their efforts on people who might be more willing to entertain their sales pitches? No. They interpreted that as "those people must be using those devices because they are unassertive pushovers who have difficulty saying 'no', so if we can reach them we'll REALLY make some sales!"

    So they tried to find ways to circumvent those devices and after some time, the calls would get through anyway and I'd have to tell them to piss off myself. One favorite was to sound interested and then ask for their own personal telephone number. When they inevitably refused, I'd say something like "what's wrong, you don't like having strangers bother you at home?" While it's fun to hassle a professional pest (who during that job market could have chosen many other career paths), it was a nuisance that these idiots tried so hard to circumvent your express wishes.

    That was with the telephone network which is old technology that most people understand how to use. Is there any reason to think this won't be the case with Internet technology that most users don't have a clue about? It definitely tends to tilt the playing field in favor of the professional assholes. I for one will ignore this standard and probably won't even use it when it becomes supported on all major browsers. Instead, I'll stick to a combination of Adblock Plus, NoScript, cookie management, Redirect Remover, RefControl, a comprehensive hosts file, and several other measures I use.

    I mean think about it. Why leave the decision-making to the party that stands to gain from failing to respect my privacy? What goodwill have they shown in the past that suddenly makes them so trustworthy? Since when did the advertising industry suddenly start respecting privacy? I just don't buy it. It's an inherent conflict of interest.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  6. Pre-emptive "What about Apple?" response by 93+Escort+Wagon · · Score: 2

    I cheated and read the article.

    Apple is part of the working group (along with Microsoft, Facebook, et. al.); but listing IBM's participation was deemed more important by the submitter, kierny.

    --
    #DeleteChrome
  7. Wrong prioroties by tomhudson · · Score: 5, Insightful

    Not tracking should be the default, and you should have to opt in to tracking.

    1. Re:Wrong prioroties by Luckyo · · Score: 2

      Problem with this approach is that no one will respect it then, as it will present massive losses to advertisers to respect it.

    2. Re:Wrong prioroties by Luckyo · · Score: 2

      How do you "prosecute and fine" companies that don't adhere to standards? If we did that, microsoft would've been bankrupt for IE6.

      Standards become standards not because they are mandated, but because they are both mandated and ACCEPTED. Purely mandated, unaccepted standards end up not used at all.

    3. Re:Wrong prioroties by LordLimecat · · Score: 2

      Its a web standard, not a law. You set an incredibly dangerous precedent by letting w3c standards dictate law-- what if one day they set a standard that all browsers must conform to IE9's behavior?

  8. Evil bit? by Anonymous Coward · · Score: 3, Insightful

    RFC 3514 was meant as a joke. This time it looks like people are discussing it for real. Let's go ahead and add a "Captain Justice" HTTP header that would command all the bad guys to immediately stop being evil.

  9. Re:It's about loopholes, adherence and enforcement by adolf · · Score: 2

    It did say Federal Trade Commission was part of this.

    Did it say which side they're on?

    --
    Kid-proof tablet..
  10. Do Not Want by Anonymous Coward · · Score: 2, Insightful

    Of course all the major companies want this feature. That way, they can code their websites to be completely disabled if they detect you don't allow tracking. It won't say disabled, but agree to this for a vastly improved experience. You'll be 'forced' to agree to them tracking you to view their site and now, in theory, they have your legal permission to do whatever with whatever they can get from you. Similar to agreeing to TOCs before using a website, but now it's transparent for all normal users (browsers will ship with tracking enabled by default). Thus every website can require tracking as it won't impede the user experience, except for those not wanted anyway.

  11. Re:not quite do not track- more like pretend not t by tomhudson · · Score: 2
    It's because they don't want you to track what THEY are doing.

    Calling this "do not track" is like ... well, like pretty much all those other misnamed initiatives.

    Eventually, we'll all just have to set up a random generator that routes all over the place, uses auto-generated bogus email accounts, and randomly clicks on tons of ads - when it gets to the point that invasive targeted ads are worse than plain display ads with no tracking, they'll drop the tracking.

  12. Why opt-out? by Tom · · Score: 2

    Opt-out is cashing in on the users who are lazy or don't get it.

    Like spam, any solution short of opt-in won't solve anything.

    --
    Assorted stuff I do sometimes: Lemuria.org
  13. Re:"Please don't be evil" bit by mwvdlee · · Score: 2

    This makes the bit a tristate one; "evil", "not evil" and "don't blame us; you didn't ask".

    I'm guessing the most common use-case for this feature will be "track user" and "track user but try to hide it".

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?