Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Proposes Unified "Do Not Track" Privacy Standard

Posted by Unknown on from the federal-legislation-due-in-2013 dept.

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

10 of 93 comments (clear)

  1. Noble ambition by ackthpt · · Score: 5, Funny

    Raise your hand if you think it will be fully adopted by Facebook.

    And Microsoft will probably come up with their own standard...

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Noble ambition by iluvcapra · · Score: 5, Funny

      If they invite Microsoft to the ISO open document standardization meetings, it's only fair they invite Facebook and Google to the privacy standardization meetings.

      --
      Don't blame me, I voted for Baltar.
    2. Re:Noble ambition by Anonymous Coward · · Score: 5, Informative

      You obviously don't realize that it was Microsoft who first submitted a Do Not Track proposal to the W3C, earlier this year.

      http://threatpost.com/en_us/blogs/microsoft-submits-tracking-protection-proposal-w3c-022511
      http://www.w3.org/Submission/2011/SUBM-web-tracking-protection-20110224/

      The Microsoft specification/method doesn't require to cooperation of publishers and doesn't rely on the behaving properly - unlike the methods implemented in Firefox and Chrome do, which therefore are practically useless against ill-behaving advertisers who do not honor the user's wishes regarding privacy.

    3. Re:Noble ambition by lvxferre · · Score: 3, Insightful

      It's interesting to Microsoft to kill tracking, since it's what their biggest rival - Google - uses for generate revenue, and MS's income comes from their [dubious quality] OS and office suite.

      --
      Nerdy news for your nerdy needs? http://www.soylentnews.org Soylent News is people!
  2. Yea, this will . . . . by bogidu · · Score: 3, Insightful

    work as well as that 'Do Not Call' list.

    1. Re:Yea, this will . . . . by EdIII · · Score: 5, Interesting

      You can't compare the two.

      Telemarketers (Debt Collectors are not bound by it) are required to show proof that they checked the number against the list within 14 days of contact. If they cannot, and they made contact, it is a 50k USD fine the last time I checked per infraction .

      Of course, the only way the FTC knows about it is complaints. What does the FTC have? Phone records. Everything they need to assess the fine, and they love to do it.

      This is completely different, and completely retarded, if it has no such teeth. How does the consumer even know to complain in the first place?

      The consumer does not know:

      - What information I am storing server side in my databases.
      - If I am even processing the privacy requests in the first place. That's all new code. Once that standard is in place I will have to go back to every website I am responsible for and enact the new policies.
      - If, and when, I sold the information to 3rd parties.
      - If, and when, I was hacked and the information copied. Unless new laws mandate disclosure.
      - If, and when, affiliates were provided the information.

      It is kind of hard to compare the two together. This new standard puts an awful lot of responsibility on website developers and owners, of which many, are ill equipped to comply with new standards like this immediately. There is a significant percentage that will not even upgrade to a new web server capable of processing the requests.

      What about foreign web servers? At least the FTC can nail telemarketers in the US regardless of where the call came from as long as the profit was made in the US.

  3. Can we get one... by Anonymous Coward · · Score: 4, Insightful

    ...for use without a computer?

  4. Re:It's about loopholes, adherence and enforcement by betterunixthanunix · · Score: 5, Insightful

    And then the enforcement is lax.

    Enforcement by whom? This is just a standard by W3C, and it is a weak one at that. If you fail to produce compliant HTML, your web page might not render correctly; if you fail to follow this standard, nobody will notice.

    Privacy is not something that a standard can guarantee you.

    --
    Palm trees and 8
  5. Wrong prioroties by tomhudson · · Score: 5, Insightful

    Not tracking should be the default, and you should have to opt in to tracking.

  6. Evil bit? by Anonymous Coward · · Score: 3, Insightful

    RFC 3514 was meant as a joke. This time it looks like people are discussing it for real. Let's go ahead and add a "Captain Justice" HTTP header that would command all the bad guys to immediately stop being evil.