Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Patch To Override IE 10's Do Not Track Setting

Posted by timothy on from the routing-around-it dept.

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"

18 of 375 comments (clear)

  1. We care about ad networks? by betterunixthanunix · · Score: 5, Funny

    This hasn't gone down well with ad networks

    To quote Firefly: "Do we care? Is this something we are caring about?"

    --
    Palm trees and 8
    1. Re:We care about ad networks? by mister_playboy · · Score: 5, Insightful

      There was content on the web before there were ads, dipshit.

      Anyone who thinks we can't have one without the other is wrong, because that state has already happened.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    2. Re:We care about ad networks? by silas_moeckel · · Score: 5, Insightful

      Why yes it was there was content, not people telling each other what they had for dinner and when they had a BM. When you searched for information about a piece of hardware you got the manual and other useful information not the marking drivel. The noise ratio of the internet has gone up dramatically as it's become more and more commercial.

      --
      No sir I dont like it.
    3. Re:We care about ad networks? by dissy · · Score: 5, Interesting

      If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?

      They can choose. Use tracking ads, have them blocked, and get nothing. Or use regular ads, and get something.

      It's hardly our fault that they choose to abuse their customers and then bitch about getting no money because of it.

    4. Re:We care about ad networks? by Seumas · · Score: 5, Interesting

      The best content on the internet is produced out of a passion for creating the content, rather than a desire to make a buck. The commoditization of the internet will ruin it, yet. We can't even escape marketing and obnoxious advertising *here*. The majority of people just want to make a buck, right down to the last mommy-blogger that plasters her five-views-a-month blogger page with adsense just so she can eek a nickel out of every last word.

      Remember when people did shit because they cared? They didn't have to monetize every square inch of every page of their website? The created services and content because they loved doing it or cared about the community they were doing it for? Remember when sysops built communities for free? They bought the hardware, they maintained everything, they paid for the phone lines, they spent hundreds of hours adding content, connecting their services to multi-node door games, setting up FIDOnet, accounting, etc. And they did it because they enjoyed it. And if people appreciated it enough, they chipped in some cash. Not because they were asked to, but because they wanted to. And you didn't have to be confronted with ads.

      I'm not saying the whole internet has to be like that, but does *EVERYONE* have to eek a penny out of every last spot they can? Not just big websites with huge advertising contracts, but right down to every jackhole with a dinky little website or blog?

      When I started my site in 1997, I did it with the specific intention of never monetizing it. I didn't charge money. I didn't charge fees. I didn't sell ads. Nothing. I did it because it was enjoyable and it served a purpose for people that they found valuable. I'm sure they'd have paid if I asked, but I didn't. It felt dirty. It felt unnecessary. I thought it was a righteous and reasonable thing to do.

      Almost a decade later, I met someone in a bar and it turned out she was a long-time member of my site. We got to talking about it for awhile and when I brought up advertising, she paused and said that she actually had never even noticed that there was no advertising on the site. I couldn't believe it. I feel so accosted by advertising every fucking where I turn that I sure as hell notice it on sites and appreciate the lack of it on others. And here, I discovered that regular people neither give a shit nor even notice whether there are or aren't any ads.

    5. Re:We care about ad networks? by moronoxyd · · Score: 5, Insightful

      Tracking should be something users should have to opt in to, not out of.

    6. Re:We care about ad networks? by Opportunist · · Score: 5, Interesting

      We had worthless crap spewed by some amateur individuals instead of worthless crap being spewed by some professional agencies.

      I fail to see the big improvement.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:We care about ad networks? by Celarent+Darii · · Score: 5, Insightful

      An optional flag that has no enforcement mechanism is just asking for government intervention. In any case I don't think DNT will survive, and something else will come in to make ad companies rethink their strategy.

      Do you remember the debate about blocking pop-up windows? Very similar complaints from advertisers who said they were 'financing the development of the web' (what a bunch of bullshit, they are just profiting from it). Yet every browser blocks them by default now. I await the day when (tracking) ads will be blocked by default by most major browsers. It's time to take the web back. HTTP is meant to be a stateless protocol.

    8. Re:We care about ad networks? by sjames · · Score: 5, Insightful

      I guess hell is freezing over now because I am forced to side with Microsoft on this one. I can't think of anyone who actually wants to be tracked like a bear with a radio collar. The express install has DNT as a default setting because most people really don't want to be tracked. For the few that do, they can choose custom settings and not choose DNT.

      I will be ripping that patch OUT of any Apache I install. If it were a physical thing, I would then piss on it and burn it. It is deeply disrespectful to the end user. All it does is lend credence to the idea that the whole DNT thing was a big fat LIE by the ad networks (liars for hire).

  2. Re:Gee, How Much Google Paid For This by heypete · · Score: 5, Informative

    It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. After I've searched for something on Google, the related advertisements start to come up EVERYWHERE on the internet. Seriously, they come after you. If you search for specific flights you start to see ads for that everyone. It'll haunt you and there's nothing you can do.

    Not true: you can change your Google Ad Preferences or opt-out.

    Similarly, you can use the NAI's opt-out page to opt-out of Google and other ad network tracking.

    There's plenty of browser plugins that work to block ads entirely (such as AdBlock) and ones that ensure that the "opt-out" cookies stay in existence even if you clear your other cookies.

    All the other browsers than Safari and IE are in bed with advertisers because both Firefox and Opera get revenue directly from Google.

    The default search box in those browsers comes configured to use Google, yes. They do get income from ad revenue stemming from searches from the box. You're not forced to use that search box, nor are you forced to use the default settings -- you can add other search providers (like DuckDuckGo, ixquick, etc.) -- Firefox, for one, doesn't have ad agreements with anyone other than Google.

    So for the love of god Apache Project, stop taking bribes from Google and doing evil things like this!

    Is there evidence that the Apache project is "taking bribes from Google"?

    My understanding from the article is that an individual contributed a patch to the the Apache httpd.conf source code and does not reflect the official viewpoint of the Apache Foundation, nor that the patch has been approved for inclusion. Naturally, I welcome any corrections.

  3. So when is it a default setting, mr. Fielding? by benjymouse · · Score: 5, Interesting

    When using IE10 for the first time (per user) you get a screen where you can choose "express settings". The screen clearly spells out what that means, *including* what DNT will be set to. Arguably, the user *has* made a decision by selecting express settings. How does Roy Fieldings patch determine how much of that text the user read before continuing?

    And how does the patch determine when a user *explicitly* sets the DNT.

    Yes, Microsoft probably does this because it will annoy Google and hurt them more than it will hurt Bing. But at the same time it does help protect users' privacy. What a joke if Apache accepts this patch. What a sell-out. Disgusting.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  4. Re:It does not protect anyone's privacy... by Anonymous Coward · · Score: 5, Interesting

    The point is, DNT only works, at present, on a voluntary basis. As you say, your stance (privacy by default) is not what any ad company will voluntarily choose -- but as long as only a few users opt-in, it can make sense to roll with it for good PR, and to keep the people who care about privacy placated so they don't agitate for privacy regulations the ad men would have to comply with.

    It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization

    Yeah, that is bull. The recipients don't care that it's set by a real human being, they care that it's set on a small enough fraction of UAs that the PR is worth more than the value of the data they forgo. The former (for now) satisfies the latter, but if enough people started setting it, it'd still be too many, and they'd start ignoring it.

    Now you may (as I do) consider the whole situation laughable, because it by design secures privacy for a few by throwing the masses to the wolves, but that's the system we have, and IE's default breaks the conditions under which that system can continue to exist. There's only three ways it can play out (so long as it's the same voluntary cooperation):

    (A) ad networks see IE's market share as "too much", disregard DNT altogether.
    (B) ad networks see IE's market share as acceptable losses and continue to respect DNT across the board; Firefox etc. eventually copy IE's default; ad networks then disregard DNT altogether.
    (C) ad networks see IE's market share as "too much", disregard DNT only on IE, nobody copies IE -- at the very least the system continues to work for people who care enough to set DNT on non-IE UAs, and there's the possibility IE switches back to opt-in DNT, after which the ad networks will restore the status quo.

    A and B are total losses (of the voluntary scheme; the aftermath may or may not result in new privacy regulations); C maintains the status quo for many users, and has the possibility to return to status quo across the board.

    By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.

    Oh, come off it. It protects your privacy when those qualifications don't affect you. So don't run IE, and it still protects your privacy. Now if you meant "it protects everyone's privacy as long as "recipients" abide by it without question" , then yes. But since we all know the DNT system is designed to operate by throwing ignorant or apathetic individuals to the wolves, protesting that it doesn't protect everyone's privacy is kinda disingenuous.

  5. Re:Gee, How Much Google Paid For This by bmo · · Score: 5, Informative

    Just a FYI.

    I went to NAI's opt out page and tried it. I have Adblock-plus. To get all of them, you have to turn off Adblock-Plus, hit the "all of them" button, and then re-enable. Otherwise, you only get 50-some-odd out of 95.

    --
    BMO

  6. Re:Two wrongs do not make a right by Likes+Microsoft · · Score: 5, Interesting

    Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice. They are also free to request the user to turn DNT off before they serve up key features. They apparently *really* don't like the idea of having to explicitly ask, "can I follow you wherever you go after this"?

    --
    -- Who am I? How did I get here? My God, what have I done?!
  7. Re:Gee, How Much Google Paid For This by Karzz1 · · Score: 5, Insightful

    Choosing to ignore a standard is not what they should be doing either.

    To be honest this is kind of a ridiculous standard anyway. The way I read it, it seems to me the sites I would least want to track me are the exact sites that are most likely to ignore DNT completely. This standard reminds me of the Evil Bit RFC.

    --
    Beware of he who would deny you access to information, for in his heart he dreams himself your master.
  8. Re:Noncommercial content by oakgrove · · Score: 5, Interesting

    Try this search engine. It remove the top million sites. Might be what you're looking for.

    --
    The soylentnews experiment has been a dismal failure.
  9. No thank you, now FOAD please? by pla · · Score: 5, Insightful

    The alliance has revealed that it will only honor DNT if and only if it is not switched on by default.

    Dear Digital Advertising Alliance - No one* wants you to track them. MSIE enabling DNT by default means nothing more radical than defaulting US releases of Windows to use English.

    Since you have decided you know better than we do, I will therefore block all ads and tracking technologies until you make them "opt-in" only.

    And then I will opt out.


    * Morons who consider Facebook as somehow "better" than the worst of you marketing parasites aside.

  10. Re:Gee, How Much Google Paid For This by Mashiki · · Score: 5, Insightful

    Ad-block FTW

    Pretty much, along with cookie blockers. Anyone who doesn't use one on the internet these days is either mad or insane. Perhaps both. I don't care that site users are whining and crying that they're losing revenue, it's stuff like what was mentioned in the article itself(too long to repeat) that ensure that I'm going to keep using them. Plus the long list of abusive ads themselves that like to run with their volume at 11, or inject malware.

    I'd be happy with ads, no really. If companies weren't being so stinking abusive over it. I'd call the entire thing an abusive relationship, you even get companies promising "we don't do this, don't worry we've changed." And next time, they're right back to doing it. Sounds familiar doesn't it?

    --
    Om, nomnomnom...