Slashdot Mirror
Apache Patch To Override IE 10's Do Not Track Setting
hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"
How it seems to me, in a simplified way, is that advertisers feel they have the right to serve you ads. Off the bat, I disagree with this notion, however I do see that without ads many websites would not be around or would be forced to hide behind a paywall.
At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?
Overall, I see where they are coming from but at the same time all I hear is a bunch of self-entitled whiners. Is there any good reason to instantly get tracked as soon as you visit your first website, or should you be allowed to later reveal yourself to the world if you so desire the features this advertises and data miners claim to provide? The most obvious being targeted ads and more relevant searches when using Google.
When using IE10 for the first time (per user) you get a screen where you can choose "express settings". The screen clearly spells out what that means, *including* what DNT will be set to. Arguably, the user *has* made a decision by selecting express settings. How does Roy Fieldings patch determine how much of that text the user read before continuing?
And how does the patch determine when a user *explicitly* sets the DNT.
Yes, Microsoft probably does this because it will annoy Google and hurt them more than it will hurt Bing. But at the same time it does help protect users' privacy. What a joke if Apache accepts this patch. What a sell-out. Disgusting.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?
They can choose. Use tracking ads, have them blocked, and get nothing. Or use regular ads, and get something.
It's hardly our fault that they choose to abuse their customers and then bitch about getting no money because of it.
The point is, DNT only works, at present, on a voluntary basis. As you say, your stance (privacy by default) is not what any ad company will voluntarily choose -- but as long as only a few users opt-in, it can make sense to roll with it for good PR, and to keep the people who care about privacy placated so they don't agitate for privacy regulations the ad men would have to comply with.
It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization
Yeah, that is bull. The recipients don't care that it's set by a real human being, they care that it's set on a small enough fraction of UAs that the PR is worth more than the value of the data they forgo. The former (for now) satisfies the latter, but if enough people started setting it, it'd still be too many, and they'd start ignoring it.
Now you may (as I do) consider the whole situation laughable, because it by design secures privacy for a few by throwing the masses to the wolves, but that's the system we have, and IE's default breaks the conditions under which that system can continue to exist. There's only three ways it can play out (so long as it's the same voluntary cooperation):
(A) ad networks see IE's market share as "too much", disregard DNT altogether.
(B) ad networks see IE's market share as acceptable losses and continue to respect DNT across the board; Firefox etc. eventually copy IE's default; ad networks then disregard DNT altogether.
(C) ad networks see IE's market share as "too much", disregard DNT only on IE, nobody copies IE -- at the very least the system continues to work for people who care enough to set DNT on non-IE UAs, and there's the possibility IE switches back to opt-in DNT, after which the ad networks will restore the status quo.
A and B are total losses (of the voluntary scheme; the aftermath may or may not result in new privacy regulations); C maintains the status quo for many users, and has the possibility to return to status quo across the board.
By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.
Oh, come off it. It protects your privacy when those qualifications don't affect you. So don't run IE, and it still protects your privacy. Now if you meant "it protects everyone's privacy as long as "recipients" abide by it without question" , then yes. But since we all know the DNT system is designed to operate by throwing ignorant or apathetic individuals to the wolves, protesting that it doesn't protect everyone's privacy is kinda disingenuous.
Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice. They are also free to request the user to turn DNT off before they serve up key features. They apparently *really* don't like the idea of having to explicitly ask, "can I follow you wherever you go after this"?
-- Who am I? How did I get here? My God, what have I done?!
The best content on the internet is produced out of a passion for creating the content, rather than a desire to make a buck. The commoditization of the internet will ruin it, yet. We can't even escape marketing and obnoxious advertising *here*. The majority of people just want to make a buck, right down to the last mommy-blogger that plasters her five-views-a-month blogger page with adsense just so she can eek a nickel out of every last word.
Remember when people did shit because they cared? They didn't have to monetize every square inch of every page of their website? The created services and content because they loved doing it or cared about the community they were doing it for? Remember when sysops built communities for free? They bought the hardware, they maintained everything, they paid for the phone lines, they spent hundreds of hours adding content, connecting their services to multi-node door games, setting up FIDOnet, accounting, etc. And they did it because they enjoyed it. And if people appreciated it enough, they chipped in some cash. Not because they were asked to, but because they wanted to. And you didn't have to be confronted with ads.
I'm not saying the whole internet has to be like that, but does *EVERYONE* have to eek a penny out of every last spot they can? Not just big websites with huge advertising contracts, but right down to every jackhole with a dinky little website or blog?
When I started my site in 1997, I did it with the specific intention of never monetizing it. I didn't charge money. I didn't charge fees. I didn't sell ads. Nothing. I did it because it was enjoyable and it served a purpose for people that they found valuable. I'm sure they'd have paid if I asked, but I didn't. It felt dirty. It felt unnecessary. I thought it was a righteous and reasonable thing to do.
Almost a decade later, I met someone in a bar and it turned out she was a long-time member of my site. We got to talking about it for awhile and when I brought up advertising, she paused and said that she actually had never even noticed that there was no advertising on the site. I couldn't believe it. I feel so accosted by advertising every fucking where I turn that I sure as hell notice it on sites and appreciate the lack of it on others. And here, I discovered that regular people neither give a shit nor even notice whether there are or aren't any ads.
We had worthless crap spewed by some amateur individuals instead of worthless crap being spewed by some professional agencies.
I fail to see the big improvement.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Try this search engine. It remove the top million sites. Might be what you're looking for.
The soylentnews experiment has been a dismal failure.
There was no "rule" at all.
Almost all ISPs had usenet servers and filtered spam. The ones that didn't were blacklisted by the others. Until Google came along. Then many ISPs stopped providing usenet feeds and told their users to use Google. And Google didn't filter spam. It enabled spammers to use throwaway accounts. Didn't matter that the account was deleted later, they could get a new one immediately and keep going. Some premium hosts blocked Google posts, but that also blocked many legitimate posters who didn't want to pay form a usenet feed.
Anyway, where before you could filter out all the crap from Russia, China, India, etc, now the biggest usenet host of all in the world was generating the most spam. Those cunts killed usenet. .