Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Patch To Override IE 10's Do Not Track Setting

Posted by timothy on from the routing-around-it dept.

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"

83 of 375 comments (clear)

  1. Gee, How Much Google Paid For This by DcDc · · Score: 2, Interesting

    It's obvious that its scumbag advertisers and Google (maybe I'm repeating myself here) behind this. They want a way to track every user and all their behaviors. They want things like these to either not exist or be disabled by default. They live for all the user data they can gather. This also means they are available for law enforcement and any other party with interest to gather that data, now and in the future.

    It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. After I've searched for something on Google, the related advertisements start to come up EVERYWHERE on the internet. Seriously, they come after you. If you search for specific flights you start to see ads for that everyone. It'll haunt you and there's nothing you can do.

    Google already got into trouble over Safari privacy violations. Did you know that Safari is currently the only browser that blocks third party blocking cookies like those used by advertising networks (Google)? All the other browsers than Safari and IE are in bed with advertisers because both Firefox and Opera get revenue directly from Google. Chrome of course is the worst because it's designed by the advertising network itself.

    You know what's the worst thing? I have a developing case of paranoid schizophrenia. The behavioral advertisements are driving me nuts! It's pure hell when you have such case. I have tried to ease me by blocking such things but still Google gets thru something. They literally follow my every step everywhere. Imagine how paranoid you feel when you're already sick. What am I going to do, stop using the internet? That's really nice.

    So for the love of god Apache Project, stop taking bribes from Google and doing evil things like this!

    1. Re:Gee, How Much Google Paid For This by Stormthirst · · Score: 4, Insightful

      Ad-block FTW

    2. Re:Gee, How Much Google Paid For This by rotorbudd · · Score: 3, Funny

      Just wait till they start hiding under your bed with chainsaws.

      --
      A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
    3. Re:Gee, How Much Google Paid For This by Anonymous Coward · · Score: 2, Insightful

      Privoxy is more convenient

    4. Re:Gee, How Much Google Paid For This by heypete · · Score: 5, Informative

      It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. After I've searched for something on Google, the related advertisements start to come up EVERYWHERE on the internet. Seriously, they come after you. If you search for specific flights you start to see ads for that everyone. It'll haunt you and there's nothing you can do.

      Not true: you can change your Google Ad Preferences or opt-out.

      Similarly, you can use the NAI's opt-out page to opt-out of Google and other ad network tracking.

      There's plenty of browser plugins that work to block ads entirely (such as AdBlock) and ones that ensure that the "opt-out" cookies stay in existence even if you clear your other cookies.

      All the other browsers than Safari and IE are in bed with advertisers because both Firefox and Opera get revenue directly from Google.

      The default search box in those browsers comes configured to use Google, yes. They do get income from ad revenue stemming from searches from the box. You're not forced to use that search box, nor are you forced to use the default settings -- you can add other search providers (like DuckDuckGo, ixquick, etc.) -- Firefox, for one, doesn't have ad agreements with anyone other than Google.

      So for the love of god Apache Project, stop taking bribes from Google and doing evil things like this!

      Is there evidence that the Apache project is "taking bribes from Google"?

      My understanding from the article is that an individual contributed a patch to the the Apache httpd.conf source code and does not reflect the official viewpoint of the Apache Foundation, nor that the patch has been approved for inclusion. Naturally, I welcome any corrections.

    5. Re:Gee, How Much Google Paid For This by bmo · · Score: 5, Informative

      Just a FYI.

      I went to NAI's opt out page and tried it. I have Adblock-plus. To get all of them, you have to turn off Adblock-Plus, hit the "all of them" button, and then re-enable. Otherwise, you only get 50-some-odd out of 95.

      --
      BMO

    6. Re:Gee, How Much Google Paid For This by TrueSatan · · Score: 3, Informative

      You don't mention this but DNS Crypt is only, officially, supported on Windows and Mac but it can be made to work on GNU/Linux and BSD with a little work. The following site gives the details you would need to do this https://johnfail.wordpress.com/2012/07/24/dnscrypt-for-linux/

    7. Re:Gee, How Much Google Paid For This by heypete · · Score: 2

      Also FYI, I typoed the URL for Google's ad preferences. Here is the correct URL: http://www.google.com/ads/preferences/ -- I left off the "s" at the end of "preferences". Mea culpa.

    8. Re:Gee, How Much Google Paid For This by Karzz1 · · Score: 5, Insightful

      Choosing to ignore a standard is not what they should be doing either.

      To be honest this is kind of a ridiculous standard anyway. The way I read it, it seems to me the sites I would least want to track me are the exact sites that are most likely to ignore DNT completely. This standard reminds me of the Evil Bit RFC.

      --
      Beware of he who would deny you access to information, for in his heart he dreams himself your master.
    9. Re:Gee, How Much Google Paid For This by Karzz1 · · Score: 3, Informative

      While I agree with your sentiment I have seen where this patch is referred to as a patch against "source code";in your post and even (from the article page comments) "core source code" and I disagree with that. This is a *configuration file* patch. I don't know of anyone other than a home user trying Apache for the first time who uses the default configuration file; not to mention this patch is not even approved by or included with Apache (yet).

      This may be an argument in semantics but it seems to me a true source code patch (ie. one in which once the server is compiled no configuration option will allow a setting one way or the other) is much more worrisome than a simple configuration change.

      From what I am reading, unless/until this patch is included with Apache by default, this is really a non-issue. Someone who wants to ignore DNT can do it. Someone who wants to honor it can do so as well. This choice is left up to the company that is using the software (and believe me, even if DNT was hard-coded into the source code, sites that don't want to honor it would simply patch Apache internally). As I mentioned elsewhere in this thread, DNT reminds me of the "Evil Bit" RFC.

      --
      Beware of he who would deny you access to information, for in his heart he dreams himself your master.
    10. Re:Gee, How Much Google Paid For This by Bengie · · Score: 2

      The DAA is MUCH larger than just Google. http://www.aboutads.info/participating

      Including:
      Better Business Bureau
      Association of the United States Army
      AllState Insurance
      Forbes
      Microsoft (ironic)

    11. Re:Gee, How Much Google Paid For This by guttentag · · Score: 2

      Just wait till they start hiding under your bed with chainsaws.

      Nah, they come in through the skylight or on stage at Yale. It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks. Rumor has it RMS also hid a special macro in Emacs which turns your pinky finger into a deadly weapon.

    12. Re:Gee, How Much Google Paid For This by __aaqvdr516 · · Score: 3, Interesting

      Google and every other advertiser know that, when given the choice to opt in on something, you likely won't. I could type a wall of text, but if you have a few minutes you could watch this TED talk about opt-in vs opt-out.

      To sum up: you are not really in control of your decisions

      http://www.ted.com/talks/dan_ariely_asks_are_we_in_control_of_our_own_decisions.html

    13. Re:Gee, How Much Google Paid For This by Culture20 · · Score: 2

      It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks.

      The same bed? :O

    14. Re:Gee, How Much Google Paid For This by MrHanky · · Score: 3, Interesting

      Wow, +5 for a shill account with one paranoid delusional comment.

      1) It's not obvious that Google is behind this. Roy Fielding, the man responsible for it, works for Adobe.

      2) If Roy Fielding were a sock puppet for Google, and Google would prefer DNT not to exist at all, then he probably wouldn't have made DNT in the first place.

    15. Re:Gee, How Much Google Paid For This by Mashiki · · Score: 5, Insightful

      Ad-block FTW

      Pretty much, along with cookie blockers. Anyone who doesn't use one on the internet these days is either mad or insane. Perhaps both. I don't care that site users are whining and crying that they're losing revenue, it's stuff like what was mentioned in the article itself(too long to repeat) that ensure that I'm going to keep using them. Plus the long list of abusive ads themselves that like to run with their volume at 11, or inject malware.

      I'd be happy with ads, no really. If companies weren't being so stinking abusive over it. I'd call the entire thing an abusive relationship, you even get companies promising "we don't do this, don't worry we've changed." And next time, they're right back to doing it. Sounds familiar doesn't it?

      --
      Om, nomnomnom...
    16. Re:Gee, How Much Google Paid For This by Anonymous Coward · · Score: 2, Insightful

      Don't allow newly created user accounts to be modded higher than +2 for the first 7 days or say after 20 posts. Maybe put a reminder next to the username that the user is a new user so others will know in casual browsing. There are some downsides to these concepts but it would weed out a lot of deception and shilling as well and people constantly creating new accounts to hide an agenda.

    17. Re:Gee, How Much Google Paid For This by Anonymous Coward · · Score: 2, Funny

      You know what's the worst thing? I have a developing case of paranoid schizophrenia.

      The good news is your slashdot karma will improve dramatically.

    18. Re:Gee, How Much Google Paid For This by KiloByte · · Score: 2

      DVR makers may not do auto-ad-skip, because it's the same as stealing copyrighted TV broadcast

      Er, what? The broadcast is available to everyone, no matter if you asked for it or not.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    19. Re:Gee, How Much Google Paid For This by supersloshy · · Score: 2

      Not just that. Many people don't know that you can get easily infected by a rogue advertisement even being displayed. That alone keeps me using Adblock, even if all of the other factors people name didn't exist.

      --
      "Our country is not nearly so overrun with the bigoted as it is overrun with the broadminded." -Archbishop Fulton Sheen
    20. Re:Gee, How Much Google Paid For This by TemporalBeing · · Score: 2

      Similarly, you can use the NAI's opt-out page to opt-out of Google and other ad network tracking.

      I went to that page - it told me I had to turn on third-party cookies to use its functionality. Nice try!

      I'm pretty sure not allowing third-party cookies largely solves the problem already. I've also got Firefox set to "ask me every time" whenever someone wants to set a cookie - yeah, it was a pain for the first few weeks, but I think it's worth it.

      So what happens if a company proxies the third-party cookies through their own site and turns them into first-party cookies?

      Advertisers can develop just as many hacks to deliver as as people can create hacks to stop advertisers.

      What, you thought HTML5 was just for kicks?

      --
      Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
  2. We care about ad networks? by betterunixthanunix · · Score: 5, Funny

    This hasn't gone down well with ad networks

    To quote Firefly: "Do we care? Is this something we are caring about?"

    --
    Palm trees and 8
    1. Re:We care about ad networks? by mister_playboy · · Score: 5, Insightful

      There was content on the web before there were ads, dipshit.

      Anyone who thinks we can't have one without the other is wrong, because that state has already happened.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    2. Re:We care about ad networks? by JustOK · · Score: 3, Funny

      oh, yes. And what a wonderful web it was.

      --
      rewriting history since 2109
    3. Re:We care about ad networks? by Anonymous Coward · · Score: 2, Insightful

      Yes, they fund most of the content on the internet, dipshit.

      This is a strawman. You can have ads and ad revenue without excessive user tracking.

    4. Re:We care about ad networks? by BorgDrone · · Score: 4, Informative

      Yes, all improvements to the web are thanks to the ad companies, it has nothing to do with technological progress.

    5. Re:We care about ad networks? by Kidbro · · Score: 2

      We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default.
      It's that simple.

      --
      May we live long and die out
    6. Re:We care about ad networks? by silas_moeckel · · Score: 5, Insightful

      Why yes it was there was content, not people telling each other what they had for dinner and when they had a BM. When you searched for information about a piece of hardware you got the manual and other useful information not the marking drivel. The noise ratio of the internet has gone up dramatically as it's become more and more commercial.

      --
      No sir I dont like it.
    7. Re:We care about ad networks? by Celarent+Darii · · Score: 4, Insightful

      You think ad networks will be the one who honor DNT? The very same people who profit by tracking?

      Frankly I think the whole thing would be better if adblock was just installed by default in every browser.

      Ads are nothing less than visual pollution. Tracking is also one of the reasons that we have cookies and all the other security problems with the web. HTTP was meant to be a stateless protocol and should remain so.

    8. Re:We care about ad networks? by dissy · · Score: 5, Interesting

      If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?

      They can choose. Use tracking ads, have them blocked, and get nothing. Or use regular ads, and get something.

      It's hardly our fault that they choose to abuse their customers and then bitch about getting no money because of it.

    9. Re:We care about ad networks? by oldlurker · · Score: 4, Insightful

      We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default. It's that simple.

      The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

    10. Re:We care about ad networks? by Seumas · · Score: 5, Interesting

      The best content on the internet is produced out of a passion for creating the content, rather than a desire to make a buck. The commoditization of the internet will ruin it, yet. We can't even escape marketing and obnoxious advertising *here*. The majority of people just want to make a buck, right down to the last mommy-blogger that plasters her five-views-a-month blogger page with adsense just so she can eek a nickel out of every last word.

      Remember when people did shit because they cared? They didn't have to monetize every square inch of every page of their website? The created services and content because they loved doing it or cared about the community they were doing it for? Remember when sysops built communities for free? They bought the hardware, they maintained everything, they paid for the phone lines, they spent hundreds of hours adding content, connecting their services to multi-node door games, setting up FIDOnet, accounting, etc. And they did it because they enjoyed it. And if people appreciated it enough, they chipped in some cash. Not because they were asked to, but because they wanted to. And you didn't have to be confronted with ads.

      I'm not saying the whole internet has to be like that, but does *EVERYONE* have to eek a penny out of every last spot they can? Not just big websites with huge advertising contracts, but right down to every jackhole with a dinky little website or blog?

      When I started my site in 1997, I did it with the specific intention of never monetizing it. I didn't charge money. I didn't charge fees. I didn't sell ads. Nothing. I did it because it was enjoyable and it served a purpose for people that they found valuable. I'm sure they'd have paid if I asked, but I didn't. It felt dirty. It felt unnecessary. I thought it was a righteous and reasonable thing to do.

      Almost a decade later, I met someone in a bar and it turned out she was a long-time member of my site. We got to talking about it for awhile and when I brought up advertising, she paused and said that she actually had never even noticed that there was no advertising on the site. I couldn't believe it. I feel so accosted by advertising every fucking where I turn that I sure as hell notice it on sites and appreciate the lack of it on others. And here, I discovered that regular people neither give a shit nor even notice whether there are or aren't any ads.

    11. Re:We care about ad networks? by bloodhawk · · Score: 2

      This is just fucked up. It should always be assumed someone wants privacy unless explicitly stated. If ad networks believe otherwise then it is time for government to step in with laws that require them to respect a users privacy by default.

    12. Re:We care about ad networks? by johanw · · Score: 3, Insightful

      What makes you think they don't ignore it anyway? That is why I don't care that much about DNT and use AdBlock Plus and Ghostery. The later also blocking those ugly Javascripts.

    13. Re:We care about ad networks? by moronoxyd · · Score: 5, Insightful

      Tracking should be something users should have to opt in to, not out of.

    14. Re:We care about ad networks? by Mabhatter · · Score: 2

      I think that Microsoft has turned that around. By setting the flag to not track, they then bully the OTHER ad agencies.

      Remember, Microsoft is ALSO an ad agency. They get to embed Bing right ino the browser as the default. It doesn't matter if they follow DNT flag or not, they have a huge captured market just from people that don't do anything. Just like Apple, they are working to build ads into the "metro" platform as well... That's all "outside" the Do Not Track debate because the DNT flag only effects "browsers".

    15. Re:We care about ad networks? by Opportunist · · Score: 5, Interesting

      We had worthless crap spewed by some amateur individuals instead of worthless crap being spewed by some professional agencies.

      I fail to see the big improvement.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    16. Re:We care about ad networks? by Opportunist · · Score: 2, Insightful

      Indeed it was. I searched for information and I got information. Today it's more of a hassle to get information than it was in the 90s.

      Let's say you're looking for some kind of code. You want to know how to do something elegantly, sensibly, or just at all. In the 90s, this meant typing in your search string and unless you were looking for something completely outlandish, altavista usually offered you some university page where that problem was discussed by some students.

      Today, you type your search string and then the game starts. First, you scroll down the "sponsored links" that usually have little to do with your problem. Then you weed out the pages that want you to cough up some dough to actually show you the solution. The advanced searcher already has a "default" search template consisting of a lot of "-$page -$page -$page..." entries to tack onto the search string so those pages don't show up in the result. Usually that template takes up way more room in your search than what you're looking for.

      Then you eventually find a page that looks like it might solve your problem. You click it, endure a lengthy flash ad you cannot skip, only to find out you fell for yet another page that either wants your money or doesn't offer any solution but just lures you to generate clicks, and you have another entry for your default search string.

      Rinse, repeat until you eventually find a university board where your problem is being discussed...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    17. Re:We care about ad networks? by Celarent+Darii · · Score: 5, Insightful

      An optional flag that has no enforcement mechanism is just asking for government intervention. In any case I don't think DNT will survive, and something else will come in to make ad companies rethink their strategy.

      Do you remember the debate about blocking pop-up windows? Very similar complaints from advertisers who said they were 'financing the development of the web' (what a bunch of bullshit, they are just profiting from it). Yet every browser blocks them by default now. I await the day when (tracking) ads will be blocked by default by most major browsers. It's time to take the web back. HTTP is meant to be a stateless protocol.

    18. Re:We care about ad networks? by mounthood · · Score: 3, Insightful

      The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

      Yes, and we saw the same reaction with the AdBlock Plus detection/counter-measures hoopla. Advertisers can tolerate a small percentage of blocking, but it can't become to popular.

      http://en.wikipedia.org/wiki/Adblock_Plus#Advert_filtering_controversy_and_.22acceptable.22_ads

      DNT is just an Evil-Bit with better marketing, so I'm not sure what concessions the advertisers can make to continue the pretense that DNT is an effective option.

      --
      tomorrow who's gonna fuss
    19. Re:We care about ad networks? by 1u3hr · · Score: 3, Interesting

      You want to know how to do something elegantly, sensibly, or just at all. In the 90s, this meant typing in your search string and unless you were looking for something completely outlandish, altavista usually offered you some university page where that problem was discussed by some students.

      Or you used Dejavu usenet search and found the technical group that either already had the answer, or was the right place to ask it.

      Then Google bought Dejavu, and mixed its own "Googlegroups" forums in with it inextricably, and allowed any Google user to send unlimited amounts of spam to usenet. So every single fucking newsgroup was full of ads for knockoff Chinese sports shoes, Rolex, pyramid scams, porn, etc, etc. The signal to noise ratio became so bad that almost everyone abandoned usenet. Seemed to be Google's idea, after all they can very effectively filter spam from GMail, but did absolutely nothing to prevent spam -- mostly from their own users -- going into usenet. A wonderful resource was destroyed so Google could try to promote their own forums, which never took off, so we don't even have that as a alternative. Now you have to search and find the right web forum. And when that forum goes offline, all its accumulated knowledge just disappears.

    20. Re:We care about ad networks? by sjames · · Score: 5, Insightful

      I guess hell is freezing over now because I am forced to side with Microsoft on this one. I can't think of anyone who actually wants to be tracked like a bear with a radio collar. The express install has DNT as a default setting because most people really don't want to be tracked. For the few that do, they can choose custom settings and not choose DNT.

      I will be ripping that patch OUT of any Apache I install. If it were a physical thing, I would then piss on it and burn it. It is deeply disrespectful to the end user. All it does is lend credence to the idea that the whole DNT thing was a big fat LIE by the ad networks (liars for hire).

    21. Re:We care about ad networks? by sjames · · Score: 2

      This doesn't get rid of ads, it just asks nicely that the user not be tranq darted, tagged, and cataloged like an animal. The patch gives those nicely asking users the finger.

      I have adblock installed, but decided I would only block ad servers that serve up malware, scams, and/or annoying singing, dancing, and jumping around ads.

    22. Re:We care about ad networks? by Rayonic · · Score: 2

      > The best content on the internet is produced out of a passion for creating the content, It's best when those people can devote 100% of their time to their passion. Advertising enables that. Otherwise they have to get "a real job" and only spend their spare time (if any) being creative.

      --
      [PowerPoint] is a tool for capitalist presentation
    23. Re:We care about ad networks? by westlake · · Score: 3, Insightful

      Yes, all improvements to the web are thanks to the ad companies, it has nothing to do with technological progress.

      Technological progress costs money.

      You have to give people a reason to buy the hardware and services it requires.

      Broadcast radio began as little more than a high tech hobby. With programming like Amos and Andy and The Grand Old Opry, broadcast radio became a national obsession.

    24. Re:We care about ad networks? by 1u3hr · · Score: 4, Interesting
      As I remember, UseNet spam was a huge problem before Google Groups came along. UseNet had a way to delete spam from the entire network, but they had a rule against using content-based filters to decide which messages were spam.

      There was no "rule" at all.

      Almost all ISPs had usenet servers and filtered spam. The ones that didn't were blacklisted by the others. Until Google came along. Then many ISPs stopped providing usenet feeds and told their users to use Google. And Google didn't filter spam. It enabled spammers to use throwaway accounts. Didn't matter that the account was deleted later, they could get a new one immediately and keep going. Some premium hosts blocked Google posts, but that also blocked many legitimate posters who didn't want to pay form a usenet feed.

      Anyway, where before you could filter out all the crap from Russia, China, India, etc, now the biggest usenet host of all in the world was generating the most spam. Those cunts killed usenet. .

    25. Re:We care about ad networks? by makomk · · Score: 2

      If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?

      Relevance. Companies aren't interested in paying money to show ads to people who aren't going to buy their product anyway, so if websites use regular ads they're going to make a lot less money.

  3. It does not protect anyone's privacy... by Neil_Brown · · Score: 4, Informative

    It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization

    By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.

    If active choice is not an option, a default in favour of not tracking seems a better position to me but, then again, I am not an ad network executive.

    1. Re:It does not protect anyone's privacy... by Anonymous Coward · · Score: 5, Interesting

      The point is, DNT only works, at present, on a voluntary basis. As you say, your stance (privacy by default) is not what any ad company will voluntarily choose -- but as long as only a few users opt-in, it can make sense to roll with it for good PR, and to keep the people who care about privacy placated so they don't agitate for privacy regulations the ad men would have to comply with.

      It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization

      Yeah, that is bull. The recipients don't care that it's set by a real human being, they care that it's set on a small enough fraction of UAs that the PR is worth more than the value of the data they forgo. The former (for now) satisfies the latter, but if enough people started setting it, it'd still be too many, and they'd start ignoring it.

      Now you may (as I do) consider the whole situation laughable, because it by design secures privacy for a few by throwing the masses to the wolves, but that's the system we have, and IE's default breaks the conditions under which that system can continue to exist. There's only three ways it can play out (so long as it's the same voluntary cooperation):

      (A) ad networks see IE's market share as "too much", disregard DNT altogether.
      (B) ad networks see IE's market share as acceptable losses and continue to respect DNT across the board; Firefox etc. eventually copy IE's default; ad networks then disregard DNT altogether.
      (C) ad networks see IE's market share as "too much", disregard DNT only on IE, nobody copies IE -- at the very least the system continues to work for people who care enough to set DNT on non-IE UAs, and there's the possibility IE switches back to opt-in DNT, after which the ad networks will restore the status quo.

      A and B are total losses (of the voluntary scheme; the aftermath may or may not result in new privacy regulations); C maintains the status quo for many users, and has the possibility to return to status quo across the board.

      By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.

      Oh, come off it. It protects your privacy when those qualifications don't affect you. So don't run IE, and it still protects your privacy. Now if you meant "it protects everyone's privacy as long as "recipients" abide by it without question" , then yes. But since we all know the DNT system is designed to operate by throwing ignorant or apathetic individuals to the wolves, protesting that it doesn't protect everyone's privacy is kinda disingenuous.

  4. How it seems... by p0p0 · · Score: 4, Interesting

    How it seems to me, in a simplified way, is that advertisers feel they have the right to serve you ads. Off the bat, I disagree with this notion, however I do see that without ads many websites would not be around or would be forced to hide behind a paywall.
    At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?

    Overall, I see where they are coming from but at the same time all I hear is a bunch of self-entitled whiners. Is there any good reason to instantly get tracked as soon as you visit your first website, or should you be allowed to later reveal yourself to the world if you so desire the features this advertises and data miners claim to provide? The most obvious being targeted ads and more relevant searches when using Google.

    1. Re:How it seems... by Stormthirst · · Score: 3, Insightful

      At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?

      So all adverts then.

      I have ad-blocking on by default. There are only a couple of sites where I specifically allow them to be shown, because as you point out some sites can't exist without them. I don't like adverts, and I go out of my way to avoid buying anything that is "advertised". If I want something, I'll go looking for it, research it, and the buy it.

      I don't take calls from cold callers either - I think they are as distracting, irritating and privacy invading as adverts on websites.

    2. Re:How it seems... by Motard · · Score: 4, Insightful

      Tracking is not required to serve ads. I don't mind seeing billboards on the side of the road, but if the billboard is photographing my license plate and sending that to a central server, I have a problem with that.

    3. Re:How it seems... by fustakrakich · · Score: 2

      I do see that without ads many websites would not be around or would be forced to hide behind a paywall...

      Good riddance to 'em. This crap is clogging the tubes.They can serve up static ads on their own damn servers, instead of bouncing us back and forth amongst a boatload of ad servers.

        Quit your shillin'. I have no obligation to let them infect my machine, or know anything about me if I don't want. Obviously this 'DNT' thing is worthless. I'll stop them the old fashion way by blocking their servers.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:How it seems... by Compaqt · · Score: 2

      The attack vector argument is a very good one.

      I've seen multiple instances of malware-laden ads being served by "mainstream" ad networks on multiple sub-1000 Alexa sites.

      Some or another advertiser throws up some script (by design or not), and suddenly, you're getting pwned.

      --
      I'm not a lawyer, but I play one on the Internet. Blog
    5. Re:How it seems... by martin-boundary · · Score: 4, Insightful

      Tracking can be beneficial for both the advertiser and the user - we all like to be offered relevant content, and the advertiser likes to offer it to people who he thinks will be interested.

      No, we do NOT. We do NOT all like to be offered RELEVANT content. That is one of the insidious fallacies that ad peddlers (and Google is a prime offender) like to claim so they can justify their practices.

      Ads are noise, whether they are relevant or not. Take your favourite kind of music, say your favourite songs from your favourite band. Do you want to hear those songs ALL THE TIME? While you're driving to work, while working, after work when watching TV, etc? Clearly NOT.

      NEARLY ALL THE TIME, PEOPLE DON'T WANT ADVERTISING, RELEVANT OR NOT (caps to make it easy on the stupid Googlebot ;-)

      The whole idea that we need to be aware of available choices and having choices is good is bullshit. What we need is to be able to control our environment, and if we want choices we'll ask our friends first, thanks very much.

    6. Re:How it seems... by moronoxyd · · Score: 2

      My opinion is that the default option should always be choice, and will I always oppose having someone make the decision for me. And everyone else should learn that having a choice matters.

      With a yes/no toggle, there is always a choice made for you in the beginning.
      Either DNT is 'on', or it is 'off'.

      As enough people have pointed out already DNT is doomed to fail anyway: As soon as people are starting to use it in great numbers, the advertisers are going to not follow it anymore.

  5. A roundabout way of saying that DNT is... by John+Hasler · · Score: 4, Insightful

    ...useless and silly.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:A roundabout way of saying that DNT is... by Moxon · · Score: 3, Informative

      Well, yes. Expecting ad agencies to honor DNT seems about as clever as firewalling based on the April fool's "evil bit". In both cases, the people doing something you don't want have to choose to honor your wish. Good luck with that.

  6. Marketroids? by 19061969 · · Score: 2

    So let's see if I have this straight? The marketroids are saying that, by their default, I want to hear all the crap they are paid to push and unless I explictly say, "get lost', they'll continue to bug me until I collapse under the weight of junk product info?

    Did Bill Hicks have a great point?

    --
    bang goes my karma... again...
  7. Two wrongs do not make a right by another+random+user · · Score: 4, Insightful
    Ignoring the issue around if IE10 should set the DNT flag by default or not, this patch only makes the situation worse.

    With this patch, even if the user has explicitly chosen to set the DNT flag, the server will ignore it. They claim this patch has to be done because IE 10 ignores part of the spec:

    "Key to that notion of expression is that it must reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control."

    This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.

    I do agree that the DNT setting should be a user choice, perhaps given when the user first installs the browser as well as having the option to change it at any time, but to me this is not the right response to having a default set - although I'm sure if the default setting was that tracking was allowed, the add people would for some reason not be complaining about having a default...

    --
    -1 troll is not supposed to be used simply because you don't agree
    1. Re:Two wrongs do not make a right by John+Hasler · · Score: 2

      This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.

      DNT is purely advisory. Advertisers who want to ignore it are going to configure their servers to do so. If it is too hard to do so with Apache they'll use somthing else.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Two wrongs do not make a right by Likes+Microsoft · · Score: 5, Interesting

      Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice. They are also free to request the user to turn DNT off before they serve up key features. They apparently *really* don't like the idea of having to explicitly ask, "can I follow you wherever you go after this"?

      --
      -- Who am I? How did I get here? My God, what have I done?!
    3. Re:Two wrongs do not make a right by makomk · · Score: 2

      Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice.

      When that browser is bundled with the OS installed on 95% of all PCs, it's not a choice at all - it's indifference. Complete, total indifference.

  8. So when is it a default setting, mr. Fielding? by benjymouse · · Score: 5, Interesting

    When using IE10 for the first time (per user) you get a screen where you can choose "express settings". The screen clearly spells out what that means, *including* what DNT will be set to. Arguably, the user *has* made a decision by selecting express settings. How does Roy Fieldings patch determine how much of that text the user read before continuing?

    And how does the patch determine when a user *explicitly* sets the DNT.

    Yes, Microsoft probably does this because it will annoy Google and hurt them more than it will hurt Bing. But at the same time it does help protect users' privacy. What a joke if Apache accepts this patch. What a sell-out. Disgusting.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  9. Legally, DNT *IS* the default by Anonymous Coward · · Score: 2, Insightful

    In case it has faded from people's memory, PRIVACY IS A FUNDAMENTAL HUMAN RIGHT - enshrined in laws across the planet.

    That wasn't some arbitrary, weird, one-man-and-his-hobby-horse decision, this was the result of a serious amount of very costly and capable people sitting together and hammering out basic principles. A bit like the US Constitution that US politicians appear so keen to ignore.

    So, from that principle, not wanting to be tracked IS the legally correct default, DNT should have never been needed, only a "DT" ("Do track, because I don't care about my rights"). If Mr Roy Fielding is writing a patch to override what should have been a default to start with (the jammering and global breaking of this principle by marketing people across the globe does not define breaking the law as rule), then Mr Roy Fielding is effectively on his way to break the law in practically any part of Europe.

    DNT is an excuse to casually ignore the fact that fundamental principles were already broken by companies raking it in on the back of breaking fundamental principles (yes, Google and Facebook, I'm looking at you).

    Let me put it this way - if this patch goes live anywhere in Europe, a complaint to the relevant government department in charge of Data Protection WILL be made. No ifs, no buts, no maybes.

    It's time we start working on people's rights - because with such idiocy and cow-towing to money nobody is going to do it for you.

    1. Re:Legally, DNT *IS* the default by Elldallan · · Score: 2

      Except that an EULA is not a legally binding agreement in a large part of the EU, and also many nations in the EU does not permit signing away some rights enshrined in law even with informed consent.

  10. Re:MS aren't doing it for altruism anyway by bloodhawk · · Score: 2

    The DNT setting applies to everyone, and ironically it appears MS are about the only ones that abide by it. I having DNT by default seems to me to be the intelligent choice, The default should always err on the side of a users privacy. Why the fuck are people suddenly supporting the right to be tracked??? You should require explicit permissions from the person in order to track them.

  11. DNT not ON by default by Toreo+asesino · · Score: 4, Informative

    Article is misleading. DNT is enabled if you setup Windows 8 with express settings, at which point it actively states DNT will be set 'on'. Until that point there is no configured values. This is Apache caving into advertiser pressure, pure & simple IMO.

    --
    throw new NoSignatureException();
  12. DNT is failing by design. by someones · · Score: 2

    If you do not want to be tracked, DO NOT SEND REQUESTS.
    But sending requests with a "please handle this one but dont use it to track me or put it in logfiles" comment ... did anyone *really* expect that to work?

    How much tracking is done via log file analysis alone?
    Not Logging requests that the user specifies makes it a standard for script kiddies only.

    If it was intended for just not putting a cookie... well fail?
    Thats what browser settings are for and what could have been done with more aggressive browser settings alone.

    Sorry to say that, but this whole standard seems to not ever made sense at all...

  13. Nobody's attacking privacy... by Jahava · · Score: 4, Insightful

    This is not an attack on privacy. This is the only valid option.

    If you look at the details of the Do Not Track Header, you'll see that there's not much to it. It's an optional HTTP header that represents the user's request not to be tracked. There is no mechanism to actually enforce this choice; any party can easily just ignore the header and track you regardless. The entire purpose of the header is to express a user's intent, and, therefore, the entire value of the header is derived from that intent.

    It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies, and I may be able to drive in the carpool lane. Imagine, now, that everyone always puts that sign in their car by default because they want the additional driving space and courtesies. The value of my sign is significantly diluted; not only does standard driving operation make it impossible to honor those requests, but my own actual situation gets lost in the noise. Drivers will surely ignore the little yellow sign altogether, and it becomes worthless.

    Unless "Do Not Track" is actually an explicit expression of a user's conscious intent, it will face the same hypothetical fate and become yet another ignored standard. Its only value is derived from its explicit intent, and Apache and Fielding are taking steps to ensure that the value is not compromised.

    1. Re:Nobody's attacking privacy... by pla · · Score: 4, Funny

      It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies

      Wait, people buy those because they actually believe it will make other drivers more courteous???

      Heh... Personally, I take it as a warning - "This car will go way too slow and has a frequently-distracted driver. Please pass me ASAP, and treat me as you would a potential drunk driver".

    2. Re:Nobody's attacking privacy... by Tom · · Score: 2

      It's like the "Baby on Board" car signs

      No, it isn't. That sign communicates a statement with a measurable truth value - either there is or there isn't actually a baby in the car, so you are either saying the truth or you are lying.

      The DNT flag expresses a preference. The only person to judge its truth value is you. Basically, the car analogy equivalent would be a sticker saying "please don't drive too close".

      Now continue your thought experiment regarding what would happen if everyone put that sticker on their car.

      --
      Assorted stuff I do sometimes: Lemuria.org
  14. Re:Does it really work? by Mabhatter · · Score: 2, Insightful

    No, it's very useful. Microsoft Windows is basically a monopoly on the PC desktop now. Microsoft is ALSO an ad company. They have Bing set as default and built into the OS, they dont need that specific kind of tracking to make their money. By setting the flag they kneecap the other agencies for oppressing the users... And get to play "white knight" about it in the press.

    This is about Microsoft using the standard to kick other ads out, I'm sure they have exceptions when the ad servers are contacted by the OS itself. Not to mention Microsoft is moving to their "fully owned " platforms. Who can turn off XBox ads, Windows Mobile Ads, Windows Surface Ads?

  15. Re:Noncommercial content by oakgrove · · Score: 5, Interesting

    Try this search engine. It remove the top million sites. Might be what you're looking for.

    --
    The soylentnews experiment has been a dismal failure.
  16. Maybe using ie10 was my choice? by Culture20 · · Score: 2

    Perhaps the use of ie10 is my active choice, knowing that it has this privacy set by default. It's not, but consider the possibility.

  17. No thank you, now FOAD please? by pla · · Score: 5, Insightful

    The alliance has revealed that it will only honor DNT if and only if it is not switched on by default.

    Dear Digital Advertising Alliance - No one* wants you to track them. MSIE enabling DNT by default means nothing more radical than defaulting US releases of Windows to use English.

    Since you have decided you know better than we do, I will therefore block all ads and tracking technologies until you make them "opt-in" only.

    And then I will opt out.


    * Morons who consider Facebook as somehow "better" than the worst of you marketing parasites aside.

  18. And if the user really doesn't want to be tracked? by __aaltlg1547 · · Score: 2

    Fielding thinks his options should be "use another browser." Well fuck you Mr. Fielding. Thanks for coming up with a standard that you are going to cheerfully ignore while giving users the false impression that you are going to honor their wishes.

    Do we need and involuntary standard to get advertisers to behave? Because that's where this sort of shit may be leading.

    Or do you want a war with Microsoft? Maybe they'll patch IE to identify and disable Apache servers by default, or send them spoofed and anonymized information by default.

  19. If you want to play like that... by asdf7890 · · Score: 2

    I agree with DNT not being set by default. Make it an option on the default browser home page, then people can set it whenever they like, or just ignore it. Done.

    But to Apache: "we do not support breaking open standards" hold no water what so ever when your way to express your love for standards is to patch your product such that it can completely ignore a generally accepted standard by default. That to my mind is a text-book example of hypocrisy.

    And to the ad servers saying "if X then we'll just ignore DNT" I say fine: if you won't honour DNT I feel no guilt at all in completely blocking all your content. Thanks for playing. I only block ad networks that get on my nerves (auto playing sounds, overly irritating animations, malware riddled shite, and so forth), but this is on my list of things that get on my nerves.

    For what it is worth I don't think DNT will make any difference at all, as it relies on everyone to play ball server-side and I barely trust anyone with a commercial or other interest in tracking people to play ball in anything other than hollow words, but that is no reason to not be irritated when you hear people say "we know and understand your preferences, but fuck you".

  20. Re:I like a me-centric Internet by asdf7890 · · Score: 2
    No, I know a few people who don't object at all.

    There are a few reason why some people object though, including but not limited to:
    1. * They just don't like being followed. In some circumstances in real life (walking through an iffy part of a town you don't know well, or making your way through lion country) being followed is not a good feeling, and our brains which aren't as much evolved as we sometimes like to think don't make the distinction between being tracked physically and being tracked virtually.
    2. * Some don't want certain browsing habits (porn being the main one) to be accidentally revealed to some of their circles (should they forget to engage incognito mode).
    3. * Having heard the stories over the years and dismissed them as "yeah, you mean porn" but I do now know someone who nearly had a surprise soiled by gmail filling his screen with engagement ring adverts while his now-fiencée was around (again, incognito mode would have helped here).
    4. * Back on the "being followed" feeling: this is happening in your own home, which makes it doubly odd if you are going to feel odd about it anyway.
    5. * Some wonder, "if Google/bing/facebook are profiling me, who else might be?" - someone who collates enough information about you might be able to use it for various less useful things and that risk might not be worth the utility of relevant adverts.
    6. * And my main objection: someone somewhere is making money off all this information in my profiles, and it isn't me nor am I getting any sort of cut!
  21. What has Apache got to do with this? by recoiledsnake · · Score: 3, Insightful

    Why is Apache doing this? Shouldn't it be up to the webmaster and developers whether to ignore IE10's DNT or not?

    Why is Apache doing user agent sniffing(a no no usually for even web apps) and overriding web applications by default? The patch doesn't even give a choice to the webmaster to configure Apache to disable this action. So it's being forced on Apache users because of the ego of the DNT spec writer? Lets say IIS turns on DNT for all browsers, how will Mr. Fielding feel then? Apache is being used as a pawn in this power game and this move will help no one. Let the advertisers ignore DNT from IE10 if they want to, why block DNT flag on at the web server level?

    --
    This space for rent.
    1. Re:What has Apache got to do with this? by HermMunster · · Score: 3, Insightful

      This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.

      And who the hell cares about the digital advertising alliance. They don't dictate anything having to do with advertising on my computers.

      What the hell is going on here? These people seem to be violating every tenant of privacy. This makes Apache an outlaw. It's ridiculous to say the least. They say they don't tolerate...., well we should never tolerate their interference.

      If you guys are supporting Apache because they are Apache you need to stop and reexamine your position. I don't use IE but all browser makers should be pampering the users not the advertising industry, and the web server manufacturer should never pamper advertisers.

      --
      You can lead a man with reason but you can't make him think.
    2. Re:What has Apache got to do with this? by Simon+Brooke · · Score: 4, Informative

      This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.

      Apache isn't doing this. One person has posted a patch. It has not, as I understand it, yet been accepted by the Apache Foundation. Even if it were, Apache HTTPD is by design a highly configurable web server which has modules to do all sorts of things, but on any typical web server only a few of those modules will be enabled. This particular patch - even if it were accepted as part of the distribution - only works if both the 'setenvif' and 'headers' modules are enabled, which, on my servers, is not the case. Furthermore, the 'patch' is five lines in a configuration file; if you don't like 'em, comment them out.

      Slow news day, storm in a teacup, nothing to see here, move along.

      --
      I'm old enough to remember when discussions on Slashdot were well informed.
  22. Re:W3C by shutdown+-p+now · · Score: 2

    W3C is against DNT being on by default.