Slashdot Mirror
IE10 Will Have 'Do Not Track' On By Default
An anonymous reader writes "As Microsoft released the preview of the next version of its Internet Explorer browser, news that in Windows 8 the browser will be sending a 'Do Not Track' signal to Web sites by default must have shaken online advertising giants. 'Consumers can change this default setting if they choose,' Microsoft noted, but added that this decision reflects their commitment to providing Windows customers an experience that is 'private by default' in an era when so much user data is collected online.' This step will make Internet Explorer 10 the first web browser with DNT on by default. And while the websites are not required to comply with the users' do-not-track request, the DNT initiative — started by the U.S. Federal Trade Commission — is making good progress."
It's nice on the one hand that Microsoft is making the privacy option the default, but if DNT is unenforceable, wouldn't "DNT by default" give certain entities an excuse to ignore the DNT flag by default?
You are not alone. This is not normal. None of this is normal.
DNT is useless. Disable 3rd party by default if you have the balls.
I've come to like complexity in villainous characters. I know, I know, it's all the rage now; I'm just saying this is a bandwagon I jumped on. They can't all be Saurons, give me a Jaime Lannister now and then.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Google makes it money from tracking users and selling customized ads. Google would look bad if they didn't honor DNT. Microsoft is setting the standard that DNT should be on by default, which reduces the ability for Google to track you all over the web. MS is not an ad company, so they really won't feel this as much.
"I have never let my schooling interfere with my education." - Mark Twain
Microsoft is making a bold (translate: risky) move with the huge changes in Windows 8, and they will need all the consumer sympathy they can muster. I classify the decision to include Flash support for select sites (e.g. disney.com) is in the same category with this default DNT policy. When October comes around, get out the popcorn.
It's making progress because the FTC must have run out of lobbying cash and wants more.
Give it time and things will go back to the way they should... sucking big corps' dicks.
Well first posty are often the best posty, they make the other posty look bad compared to the first posty which is a good thing for first posty considering that the other posty can't compete with the first posty. A lot of posty are made on www.reddit.com everyday, they say the posty originate from www.tblop.com but they really aren't sure because the posty have a mind of their own, they are becoming self aware, the posty are what the world live by today, public opinion is often bias by posty which drill down opinions in humans mind. The posty sure have a large impact on today's society, isn't that what we all care about, the posty instead of the article. Is that a bad thing? Among the posty which one of the posty read article? Can we trust a posty? If not what can be done to really trust the posty if you haven't read the article yourself ? Can you trust a posty you can't verify? Should we make automatic bot that analyze if the posty is related to the articles and if specific words from the article exists in the posty ? Please reddit make a posty bot for slashdot because they really need one. can somebody help the posty cause?
Sorry, but Windows has phoned home for at least 10 years, and sent data without user knowledge to 3rd party companies that could be traced to MS. IE may claim to have DNT on by default, but let's be clear. You will still be sending all kinds of tracking information to MS.
Seems to me to be a ploy to make money selling data to Google perhaps that Google gets now on their own.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
They run slow as heck when loading pages (load half the page but then pause before loading the other half), randomly freeze for 30 seconds while "thinking", and gobble-up tons of memory. (Really? A single tab open to slashdot requires 300,000 bytes of RAM?) I don't expect # 10 to be any better and will continue using Firefox or Opera (the latter of which has instant-draw).
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Of coarse, windows itself keep track of lots. This is a fight for control of the common idiot of whom Apple has a huge and trendy lock upon and growing at Microsoft's expense. MS will fight from it corporate and personal computing redoubt, first Google then Apple.
Those who control the common idiot controls everything.
Will the next version of Windows be the first in decades to not collect personally identifiable information from every user, by way of activation and other control schemes?
It might make the marketeers feel all good inside to spout platitudes like "private by default' in an era when so much user data is collected online," but let MS apply the same sacrosanct wisdom to its own practise.
I am literally 3000 tokens away from the chaotic crossbow --Stephen
It's nice on the one hand that Microsoft is making the privacy option the default, but if DNT is unenforceable, wouldn't "DNT by default" give certain entities an excuse to ignore the DNT flag by default?
Expect browser add-ons to work around this. Their EULAs will mention this so there may be no DNT enforceability issue, the user clicked yes. Google, Facebook, etc will surely have various add-ons that will "enhance" the IE10 experience.
Take that, Google.
(or, in reality, an alternative three words beginning with the letter f.)
How can we ever be sure that the server is actually honoring the Do Not Track request? Even if it was mandated by the law, I believe it's hard to monitor what's happening behind the scenes of some website.
This is a potential disaster in my eyes. We're talking about destroying the commercial web here. Advertising, for all its foibles, underpins vast amounts of free content and services. Data largely drives that value these days, by making ad distribution more efficient. The vast majority of the data underpinning this is anonymous - no names, no email addresses, no phone numbers - just general preferences inferred from the types of sites people visit. DNT is not defined yet, but I suggest that a lot of your favourite websites are supported or helped by this data. Even slashdot has advertising these days. Slashdotters have a choice by nature of knowing how things work, but there's also some pretty decent advertising industry programs aimed at giving information and choice to consumers. Blanket DNT could seriously destroy businesses at-scale. I'm really worried about this move.
Thus encouraging content providers that get revenue from collecting info from ignoring the request (by default)
MS is a major investor in facebook
DNT might be on but if you like every other website than facebook will be getting a lot of data that google won't be
They hacked Safari's privacy measures previously.
http://www.huffingtonpost.com/2012/02/17/google-tricked-apples-saf_n_1284551.html
They also ignored IE's p3p setting.
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx
Expect Google fanboys/employees to slag MS for protecting the users' privacy in the comments.
This space for rent.
Can we have a +1 Bafflingly Nonsensical?
Maybe IE10 could also automatically add you to the Do Not Kill list. Microsoft can use all the incentives it can find to coax people into using IE.
Is it just me or is everyone confused about DNT? It is a header, a suggestion, nothing more. It changes absolutely nothing about how a web site could track you. Even if it was legally enforced, a web site could STILL track you without violating the legality.
The only way to prevent a web site from tracking you is to not visit it at all (or block it completely). Anything else is a false sense of privacy, and that's exactly what this DNT header is giving people.
Yeah, both the FTC guidelines and the current W3C DNT draft both state that users should opt-out of tracking, not opt-in. Furthermore, the advertizing industry groups like that have had the most successful with self-regulation efforts have flat-out said that while they will respect the user's chose to opt-out, they will ignore any system that opts users out automatically.
Microsoft's decision here is completely counter productive. At best, it means that sites will add code to ignore theDNT header if the UA is IE. At worst it will derail the entire process.
This step will make Internet Explorer 10 the first web browser with DNT on by default.
define 'web browser'. I believe none of the following track anything
Lynx
Links
Dillo
I'm sure there are many others,...
I'd be down for that. It's pretty lame, but it the sombodys-sanitized-personal-computer thing.
no need to disable the dnt. by installing or agreeing to using any google service you'll give them permission to track you. they'll need to start giving the cookie notice anyways, they'll wrap a nice long eula to it and be done with it.
I wonder what is in Android's EULA, if Google has some tracking authorization in there?
Industry solutions (like DNT) are voluntary, unenforceable, empty gestures. DNT has almost no meaning, simply expressing the desire that things were different somehow, without defining how they should be different. DNT is less then an EULA -- it doesn't even ask for an "I Agree" response from the server. Will IIS implement a DNT response? Chrome 12 stopped downloading files without a content length header, so why aren't we reading about browsers demanding a valid DNT response?
It isn't surprising or disappointing that companies would engage in such an empty gesture, but Mozilla really let us down by encouraging this.
DNT: 1
tomorrow who's gonna fuss
Along with Do Not Install any OS but WinOS, aka UEFI, which is starting to sound more and more like UFIA.
"Microsoft does not yet respond to the DNT signal, but we are actively working with other advertising industry leaders on what an implementation plan for DNT might look like, with a goal of announcing more details about our plans in the coming months."
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/05/31/advancing-consumer-trust-and-privacy-internet-explorer-in-windows-8.aspx
So basically, this is all about screwing anyone who honors DNT by competitively disadvantaging them in the marketplace relative to Microsoft -- a statement I'll happily retract as soon as they start honoring DNT themselves, rather than just using it as an anticompetitive weapon in IE10.
This pretty much implies they are once again wielding their monopolistic power in the marketplace to promote their own products and services. Isn't this what got them into trouble last time?
-- Terry
If only they would have the "Do Not Exploit With Malware" option turned on.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
The point is to give users the choice to choose not to be tracked.
If everyone is "choosing" not be tracked by default then no one will honor it.
The DNT signal is nothing more than something included in the HTTP header what the web server does with this is no more of a consequence than the HTTP status "450 Blocked by Windows Parental Controls" that Microsoft introduced (and everyone ignored). DNT is of no consequence either because like the 450 status it is "not enforceable"
After this comes out, I'll give it a try on Ubuntu.
Actually, we're talking about destroying DNT. The whole point of DNT is that its opt-in for users. Honoring the DNT flag is voluntary, and no one is going to honor it if major browser vendors reverse the design to make it opt-out.
by default
I agree to a point. It's not that the gesture is empty, but it's impossible to implement correctly because it's unintelligible, vague, and opens web hosts up to possible privacy suits because "Do Not Track" is so ill defined.
Ignoring all the costly updates to many custom websites back-ends that I've developed for others, including non-profit groups: What does this mean for my own sites? I have a few personal websites, and one for an indie game that a few other folks and I are working on in our spare time. My problem is that the behaviour is TOTALLY UNDEFINED as to what action I should take when I encounter a DNT: 1 HTTP header.
Let's say you're registering an account for our forums. Should I delete the registration request from the database in an effort to automatically comply with the fact that you're telling me not to track the data you've entered? Look, I'm not trying to be facetious, I'm serious. If someone walked up to you and asked you if you wanted to fill out a survey or sign a petition, and you filled it out, then wrote: DO NOT TRACK THIS then WTF do you even mean?! What should I do with that data? Should I just toss it in the trash? That's really what I'm thinking of doing. Why? That would be dumb of me? NO. What would be dumb would be to NOT cover my ass, and track the data you just told me not to.
The users of our game will be able to run their own game servers. The game server will respond to an HTTP request with a statistics page to give a bit of info about the game you could embed in your own website, but mainly to help scrapers generate a list of servers to play on... So, what should my code do when it sees a DNT: 1? What I currently do with the 3rd party tracking data (not a cookie, a munged URL or generated ?= query string), is allow users to reserve a spot in one of the servers, while they're browsing a list of games (it sucks to go and launch a client to find out the game is full). DNT kills this feature and many others.
OK, us geeks & nerds here all know how HTTP & TCP/IP works, right? I mean... TCP and UDP don't mean shit until we get near the top of the networking stack. Before that layer, all the packets are just that -- simple blobs of data going from one endpoint to another. Agreed? Alright. So, to differentiate which packet goes to which user what do we do? WE TRACK YOUR IP ADDRESS AND PORT NUMBER. We record that data so we can correlate it with the next packet of data that has the same info and we call that a "connection". So, my question is -- when I see a DNT: 1 shouldn't I just TERMINATE the TCP connection? This way I'm not tracking your info anymore?
What am I not supposed to track? Even if I was a marketer, your PC is what connected to MY site, and YOUR browser is storing the cookie... So, DNT is supposed to help people when they already have all the tools in their hands already? Don't want someone tracking you? Don't connect to that IP -- blacklist it. Don't want a cookie to be stored? DON'T ACCEPT IT. That's what I do, and it works beautifully.
I'm not some marketing sleeze-bag. I don't run ads on my sites. I'm just trying to comply with this UBER Moronic & Nebulous Bullshit that users now have at their fingertips. I realize what DNT: 1 is supposed to do -- But the execution is Pants On Head Retarded. I couldn't comply if I wanted to! I don't have much money in the Just In Case Privacy Lawsuit box. This means I can do one of two things:
0. I just don't do anything online because I can't fucking afford to pay the lawyers. Yay! Innovation! Ugh.
1. I see a DNT header and just terminate the connection to ensure my ass is fully covered.
Guess which one I'm doing until this DNT: 1 nonsense is better defined? Oh can't use some sites? Well, that's what you get for being an early adopter. Protip: Never use the first iteration of any new technology. Always wait till the bugs are worked out.
My advice: Hold out for: DNT: 2
Google is the infamous search giant:
1) to which Microsoft now presents some competition, in the search engine industry, with Bing
2) already competing with Microsoft, in mobile operating systems industry
3) rumored to have lots of user data, as in some relation to Google AdSense(tm) technology.
4) which allows users to voluntarily opt in to browser history tracking, with such as Google Web History and the Google toolbar - and to my understanding, that feature is not enabled by default, the user actually has to opt into it, just as I've had to, for so much as search history tracking.
5) all of the above
It sounds to me like Microsoft may be suggesting some doubt towards companies collecting data about user browsing habits. I wouldn't be the least bit surprised, then, if Google may be the main FUD target they could have in mind, at that. Fortunately, though, no one company owns the discussion.
However, this move is honorable ...
I would say - much of it.
That means - at least they learned to loose with honor.
That is really miserably that there is no honor left without being looser.
That is really what makes me sad in nowadays.
What's the point? Your browser sends something saying you don't want to be tracked.
Isn't that sweet!
Why not do the same in real life. Put a sticker on your front door: "do not rob". That'll fix it!
Or to your work desk: "do not lay off". Yeah, problems solved!
Do you idiots honestly believe that DNT will do anything? It's at best a false sense of security. Although one would have to be pretty stupid to consider it even that.
DNT is completely meaningless exercise in nothing constructive.
The only way to "do not track" is to hide your trails via proxies, Tor and the like.
As Roy pointed out to them on Twitter, this is a blatant violation of the spec; DNT is designed to reflect the USER's preference, not a default.
http://www.w3.org/TR/2012/WD-tracking-dnt-20120313/#determining
"""
The goal of this protocol is to allow a user to express their personal preference regarding tracking to each server and web application that they communicate with via HTTP, thereby allowing each service to either adjust their behavior to meet the user's expectations or reach a separate agreement with the user to satisfy all parties.
Key to that notion of expression is that it must reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control. Although some controlled network environments, such as public access terminals or managed corporate intranets, might impose restrictions on the use or configuration of installed user agents, such that a user might only have access to user agents with a predetermined preference enabled, the user is at least able to choose whether to make use of those user agents. In contrast, if a user brings their own Web-enabled device to a library or cafe with wireless Internet access, the expectation will be that their chosen user agent and personal preferences regarding Web site behavior will not be altered by the network environment, aside from blanket limitations on what sites can or cannot be accessed through that network.
"""
Yeah, both the FTC guidelines and the current W3C DNT draft both state that users should opt-out of tracking, not opt-in. Furthermore, the advertizing industry groups like that have had the most successful with self-regulation efforts have flat-out said that while they will respect the user's chose to opt-out, they will ignore any system that opts users out automatically.
Microsoft's decision here is completely counter productive. At best, it means that sites will add code to ignore theDNT header if the UA is IE. At worst it will derail the entire process.
I think Microsoft's action here is simply intended to reduce Google's ad profits.
And you forgot one more argument: ad companies would not mind to respect an opt-in DNT program because users who cared to opt-in would be those few paranoid NoScript types who don't click on ads anyway. So following the DNT program would cost them nearly nothing, and would be good PR.
But thanks to Microsoft, any ad company who follows DNT will be losing serious money. Hopefully they will ignore DNT only when the UA is MSIE so the rest of people can still get DNT.
He makes a good point.