Chrome To Get 'Do Not Track'

puddingebola tips news that support for the 'do-not-track' privacy setting will soon be coming to Google Chrome. The feature was implemented for Chromium v23.0.1266.0 in a recent revision. Google has said DNT will make it into the public release of Chrome by the end of year. This will bring Chrome up to speed with Firefox, which has had it for a while, and IE 10, which will have it turned on by default. As for why Google is the last of the three do implement it, the LA Times points out a post earlier this year from Google's Susan Wojcicki: 'There’s been a lot of debate over the last few years about personalization on the web. We believe that tailoring your web experience — for example by showing you more relevant, interest-based ads, or making it easy to recommend stuff you like to friends — is a good thing.'"

Translation

[RaceProUK]

"DNT will hurt our advertising revenue"

Re:Translation

Translation: "We already know everything there is to know about you."

Re:Translation

I think you should remove the two dashes between the 2 phrases :*)

Re:Translation

[RaceProUK]

Do you mean between my post and my sig?

Re:Translation

This would be apt if Google did not already provide a way for users to universally opt out of doubleclick, and a chrome plugin that controls your opt out at key internet advertising associations.

Re:Translation

[plover]

This would be apt if Google did not already provide a way for users to universally opt out of doubleclick, and a chrome plugin that controls your opt out at key internet advertising associations.

In other words, "Google already provides a combination of non-intuitive and user-download-required ad hoc ways to do one fourth of something that's being standardized elsewhere, so we should think it's OK for them to ignore the standardizations under way."

Hmm... for a minute there I thought you were shilling for Google. But now I realize you're just cognitively impaired.

Re:Translation

[kllrnohj]

In other words, "Google already provides a combination of non-intuitive and user-download-required ad hoc ways to do one fourth of something that's being standardized elsewhere, so we should think it's OK for them to ignore the standardizations under way."

Hmm... for a minute there I thought you were shilling for Google. But now I realize you're just cognitively impaired.

Google supports DNT - both on their websites and on their browser. I know slashdoters don't read the article, but is it so hard to even read the title?

Hmm... for a minute there I thought you were FUDing against Google. But now I realize you're just cognitively impaired.

Oh, but really impressive work there - spinning that Google was way ahead of DNT on privacy as a negative thing. Yes, how dare they give you forms of opt out long before there is a standard way of doing that? Those evil bastards!

Re:Translation

[mysidia]

That would be an anti-Google biased way of looking at it.

Just because Firefox implemented an experimental DNT functionality that may become part of a future standard, does not necessarily mean that DNT should be a development priority for other browsers. It makes good sense to wait until the DNT standardization effort is completed, and see as to its fate, before investing time and $$$ on wasted development effort in creating implementation that then needs to be rewritten or massively overhauled soon after, due to changes in the standard.

It looks like it may have been wise for them to wait, because Microsoft is planning on destroying the standard/convention by not implementing it properly in IE; e.g. by Default pretending that the user has opted out by supplying a DNT 1 value; instead of the user taking no preference.

This will mean that a DNT header value of '1' no longer indicates an explicit user preference, therefore, advertisers won't be able to rely on it as an opt-out.

Perhaps the DNT standard could be expanded to include opt-outs for specific advertisers, and require the user agent implementing DNT to uniquely identify itself, and specify a label indicating the mechanism that was used to establish the setting being presented, and the webserver itself to indicate an explicit DNT header, indicating a declaration whether the browser's DNT requests will be honored, and what portions will be honored...

For example; "DNT: 1 express-user-optout" OR "DNT: 1 vendor-default", "DNT: 1 corporate-policy", OR "DNT: 1 browser-optout-plugin"

While they're at it, they could add specific Do Not Tags, or Allowed permissions for data tracking, for example "DNT: 0 vendor-default targeted-ads:OPTIN market-research:OPTOUT share-with-3rdparty:OPTOUT keep-accesslog-history:OPTOUT"

This would be a fundamental flaw in DNT accurately expressing explicit user preference (rather than default preference).

I maintain, that a more reliable approach would be the original FTC proposal, of requiring companies that want to track to register a list of domains/URLs OR support the new DNT flag, and browser makers will be able to incorporate the list into a blacklist.

Instead of asking browser's to present DNT information, the server should be required to also present a header, Identifying if the user will be tracked, and how that information will be used, after the browser has made their request.

The server's DNT header response can be captured by third parties, as proof of what declarations the organization has made.

The server's DNT header response can be submitted to central databases, and used to construct blacklists of sites that do not honor users' DNT requests.

Browsers can consult the blacklist, and for sites in the list, refuse to remote-load content, and when users attempt to navigate to it, present a warning similar to what Chrome presents for a known malware infected site "This site may track your activity and ignore your privacy preferences"

Re:Translation

[RaceProUK]

Wow, that's one hell of a response for a post that was (parttially at least) in jest. I think you took one too many ProPlus.

Re:Translation

Non-intuitive? It's like two clicks away from any of their ads...

Re:Translation

[betterunixthanunix]

Microsoft is planning on destroying the standard/convention by not implementing it properly in IE; e.g. by Default pretending that the user has opted out by supplying a DNT 1 value; instead of the user taking no preference.

This sounds like the right thing to me. If most users are unaware of how pervasive the tracking is these days, then it should be opt-in. Let people who at least know that there is something to opt in to make a decision about opting in.

Of course, then the web advertisers would just ignore DNT. Which is what will happen anyway.

The real answer is not to politely ask these companies to stop tracking us; what reason do they have to care about our wishes? The real answer is to make ABP a standard feature in browsers, with a whitelist option for users who actually want advertising (but which warns them that advertisers will track their browsing habits -- with clear, unambiguous, easy-to-understand wording). We made spam filtering a default for email, and then spam became manageable; we should make ad blocking the default for the web, until it is brought back down to reasonable levels.

I have no sympathy for web advertisers. They should be excluded from the debate, just like spammers were excluded.

Re:Translation

What advertising company are you shilling for ? Defaulting to do not track does NOT "break" the standard.
It just annoys advertisers. You longwinded nonsense is just that, nonsense. All the advertisers claim that
the one "true" way is no flag then 0/1 based on user choice, but that misses the point. No flag is the
exact same thing as defaulting to 0, so no matter what you do there is a default. Because you define some
lame 3 state choice on the client request, there are no 3 state actions on a server. The server is either
going to track you or not track you - 2 choices, servers that implement DNT will not track you on a 1,
they will track you on a 0, and guess what they will do if no flag is present? track you, that's what.

Re:Translation

[mounthood]

"It is necessary to get behind someone before you can stab them in the back." -- Sir Humphrey.

If you want to kill DNT, first get behind it, then make sure you get to define what DNT means, how it's implemented and regulated.

Re:Translation

[vux984]

I installed Windows 8 yesterday on a test system; and the Internet Explorer setup made it very clear that by proceeding with the default settings that DNT would be turned on.

If we live in a world where clicking "I agree" on a scrollable wall of text that you can't otherwise skip amounts to accepting a contract then deciding to go with the default settings which has all of around 7 bullet points saying what it does ... incluidng turning DNT on, then that absolutely counts as the user making an explicit choice to use DNT. The GP post is either uninformed about how IE 10 sets up or is pretty butt hurt that IE 10 makes DNT the path of "least resistance".

Re:Translation

[KingMotley]

Microsoft isn't destroying the standard/convention. It just sounds like you want uninformed users (the majority) to default to being able to be tracked instead.

Oh well. Your tough luck. Personally, I don't mind being tracked usually. I'd rather have advertisements come up for buying things I'm actually interested in (sports cars, computers, yachts, computer games) that say, tampons, cramp cures, and weight loss pills.

Then again, as a webmaster who is often forced to install tracking crap all over the place, often by multitudes of different places, I fully understand the whole issue of how it can significantly slow down your web browsing experience, and I will sometimes/often use ADP to totally kill trying to even request that crap. Same thing for social media crap. Yes, I'm looking at you facebook like. Your servers suck ass and are slow as crap. I have a permanent ban on everything that tries to go out to you, cause I'm tired of seeing 1-2 connection threads tied up for 1-2 seconds on every page request just so I can see how many losers like the page.

Re:Translation

Ah, the Microsoft method. You forgot the last step: extinguish.

Re:Translation

I have no sympathy for web advertisers. They should be excluded from the debate, just like spammers were excluded.

Most popular web sites would not exist without advertising to pay the hosting bills and fund creation of content. And before you protest that *you* don't use any of those sites: you are reading slashdot, a site that would not exist without ad revenue, right now :)

Turning DNT on by default, and making advertisers honor it, means most users will get badly targeted ads they are even less interested in. The value of an internet ad will fall, and so will the revenue web sites make. A lot of web content will not be created, or will move behind a paywall. Is that really a good thing?

Ads fund the vast majority of content people care about on the web. Spam does not. There is a large difference.

Re:Translation

[ChatHuant]

Microsoft is planning on destroying the standard/convention by not implementing it properly in IE; e.g. by Default pretending that the user has opted out by supplying a DNT 1 value; instead of the user taking no preference

That's particularly silly. A well designed standard isn't "destroyed" by using it. The issue is not with Microsoft using the standard, it's with the fact that the "standard" is (I believe intentionally) badly designed; I think it was intended as nothing more than a PR exercise, to give Google and Mozilla the appearance of caring for users' privacy while the contrary will happen in reality. That you buy into this spin and blame Microsoft for Google's faults is quite funny.

Even funnier is the fact that the solution you suggest in your post (the use of blacklists and browser warnings to users) is almost identical to the standard Microsoft proposed to the W3C (see here. Of course, that solution would have worked, (as opposed to the current one), which is why I think it was blithely ignored by Mozilla and Google.

Re:Translation

[betterunixthanunix]

Most popular web sites would not exist without advertising to pay the hosting bills and fund creation of content

Cry me a river -- those websites did not stand up for their users and say, "do not track our users," when they made deals with advertisers. They could have based their advertising revenue on impressions, serving the images from their own servers, and made enough money to pay the bills. Websites that were foolish enough to accept the advertising terms that led to this situation should accept the consequences of those decisions: ad blocking, annoyed users, and reduced revenue.

Turning DNT on by default, and making advertisers honor it, means most users will get badly targeted ads they are even less interested in.

If that annoys people, let them opt-in to targeted advertising. If people are not annoyed, it is because they never wanted the advertising to begin with.

Furthermore, if users do want targeted advertising, we can do that in a privacy-preserving way. Instead of talking about trusting advertisers to respect users who say, "Don't track me," let's talk about advertising that relies on private information retrieval, so that people can have their browsers track their history and fetch relevant ads in a privacy-preserving way. This is not some unheard-of technology -- PIR has been known for decades, it can be done in a highly efficient way, and it can give people ads they want to see. Yet nobody respects users enough to do this; this could have been added to HTML5 as a special "advertisement" tag, but it was not.

A lot of web content will not be created, or will move behind a paywall. Is that really a good thing?

If that would indeed happen, then the problem is not with ad blocking, DNT, or advertising; the problem is with the web itself. I doubt that this doomsday scenario would actually happen, but if it did, the appropriate response would be to return to peer to peer networking, so that "content" creators do not run up big bills (see, for example, famous posters on Usenet, who did not need to partner with advertisers or run up huge bandwidth bills). One of the great things about the Internet is that the model is not based on "creators" and "consumers" -- any node can send or receive data, and we are not bound to the "broadcasting" model that we see the web turning into (and which aligns more closely with cable and satellite TV networks).

Ads fund the vast majority of content people care about on the web. Spam does not. There is a large difference.

Perhaps, but I view these as security problems. With spam, we want to prevent unwanted messages from clogging out inboxes and possibly tricking users; with web tracking, we want to prevent our personal information from being amassed and stored indefinitely. Legal approaches, "play nice" approaches like DNT, etc. are generally bad ways to solve security problems.

Advertising is not necessarily a bad thing. When I needed a new couch, I went to one of the most successful advertising websites in the world: Craigslist. The difference is that Craigslist is not recording who my friends are, what my emails say, or where I read my news; Craigslist lets me search for the things I want, and lets people who have things to sell advertise through that search system. I am not sure if Craigslist can be used to monetize the web; I am not creative enough to see a way for Craigslist to add something to a site like Slashdot that would be productive for anyone. On the other hand, Slashdot could just display a static image with some brand on it, and by seeing that, the brand would be advertised to me.

When I refer to web advertisers, I refer to those that are tracking people, because that is what most web advertising is (Craigslist-style advertising is, sadly, not the bulk of advertising). These same companies also tried to push "pop ups," "pop under," and

Re:Translation

[RocketRabbit]

One fourth of DNT?

Fah. DN accomplishes exactly nothing. There is no actual mechanism in DNT to stop any tracking. Every site serving you ads will slimy ignore it. Why not? There is no legal penalty for ignoring DNT, and ignoring it would provide an actual profit motive.

DNT is a feel good joke for people who believe in the tooth fairy. Blocking ads from loading is the only effective DNT mechanism.

Re:Translation

Ah, the Microsoft method. You forgot the last step: extinguish.

What's Microsoft doing with DNT? Oh right, they're making it inaccurate by having it on by default.

Re:Translation

[Cyberllama]

"But here it is anyways"

Re:Translation

[mysidia]

You may be conflating advertisers with trackers; not all trackers are advertisers though. Do not track may include things like remembering users' preferences/personalizations when visiting the same site again later, for example: forum comment display preferences.

This sounds like the right thing to me. If most users are unaware of how pervasive the tracking is these days, then it should be opt-in. Let people who at least know that there is something to opt in to make a decision about opting in.

Go read the standard. DNT is an extra header that has 3 values null: User has not expressed a preference
0 User has chosen to OPT IN to tracking
1 User has chosen to OPT OUT of tracking

Until the human being has chosen to opt out, NULL is what the browser is supposed to send

Sending 1 by default, just means the sites cannot tell the difference between a user who has chosen OPT OUT, and a user who has done nothing at all, therefore, they will just ignore DNT, because the header no longer expresses useful information.

Previously, advertisers were taking flak and getting unwanted negative PR, and potential government scrutiny, for ignoring not honoring Do not tracking.

Now with the MSIE change, they will have a valid excuse for ignoring the flag, and the scrutiny, and pressure to respect DNT will definitely end, result: DNT will become worthless, it will become a complete NOOP, everyone will be OPTED back in, per-site "opt out cookie-based schemes (and cookies that expire)" will again be the only way for users to express opt out intent, and the internet will be back in the same situation we were in before DNT had even been proposed.

Re:Translation

[mysidia]

It just sounds like you want uninformed users (the majority) to default to being able to be tracked instead.

NO. I want the DNT header to express useful information. The information that the standard says that the DNT header is supposed to express.

If it is set to 1 by default, then all the DNT header means is you are a typical user who installed MSIE with default settings, you have not specifically indicated an intent not to be tracked, you have just installed software that has falsely claimed that

Re:Translation

[Yoda222]

The IE user has made a choice. He has made the choice to use the default settings. Saying that this is not an user choice is like saying that clicking "I read and accept the EULA" does not mean that the user has read and accepted the EULA.

Re:Translation

[mysidia]

The IE user has made a choice. He has made the choice to use the default settings.

The user has not expressed a desire to opt out by using "default settings".

is like saying that clicking "I read and accept the EULA" does not mean that the user has read and accepted the EULA.

People click "accept" on EULAs all the time.

Over 98% of those users who are presented with EULAs, have not read the EULA at all, when clicking the 'has read and accepted' button.

Re:Translation

[UltraZelda64]

I agree: I will never give up NoScript and Adblock Plus (or similar extensions). I think Do Not Track Plus and Ghostery have now made it to the point where I will no longer browse without them, either. DNT is a joke; its entire existence is a failure, because no one will ever be forced to abide by the user's wishes. Apache's move further cements the DNT header as a crock of shit. Still, I'll be sure that DNT is enabled at all times in all of the browsers that I use to get my point across; to leave me the fuck alone and get out of my god damn business. But I'll never get rid of my privacy extensions, and I'll never allow third-party cookies to be set.

Re:Translation

[betterunixthanunix]

Until the human being has chosen to opt out, NULL is what the browser is supposed to send

Did you read what I said? If people do not know how pervasive tracking is, it should be opt-in, period.

Now with the MSIE change, they will have a valid excuse for ignoring the flag, and the scrutiny, and pressure to respect DNT will definitely end, result: DNT will become worthless, it will become a complete NOOP, everyone will be OPTED back in, per-site "opt out cookie-based schemes (and cookies that expire)" will again be the only way for users to express opt out intent, and the internet will be back in the same situation we were in before DNT had even been proposed.

There is another, better option, one which the trackers have a harder time defeating: ad blocking. Yes, you can still be tracked if you use ABP, but it is harder when you are not even getting the page elements that are used to track you. DNT is a waste of time and a distraction; advertisers can ignore it if they want, and they can do so without users being alerted to that fact.

Privacy protection is a security problem; how many other security problems have been solved by politely asking the adversary to stop their attack?

Re:Translation

[KingMotley]

If it is set to 1 by default, then all the DNT header means is you are a typical user who doesn't want to be tracked.

There, fixed that for you.

You are so blind that you can't even see the stupidity of your own statements. You believe people should be able to be tracked unless they explicitly say otherwise. While the rest of the world sees the issue as you should not be able to be tracked unless you explicitly say otherwise. It really isn't that hard of a concept, and I feel sorry that you can't understand it.

Re:Translation

[mysidia]

You are so blind that you can't even see the stupidity of your own statements. You believe people should be able to be tracked unless they explicitly say otherwise.

No, but the marketing industry has made a decision that they will track people, until they say otherwise.

If the browser announces DNT by default, then DNT is not usable as an indication that they have said otherwise, period.

Re:Translation

[allo]

> The user has not expressed a desire to opt out by using "default settings".
he did.

Such as he expressed the desire to use the default search engine and some other points, which are in the bullet-point list.

Re:Translation

[mysidia]

Such as he expressed the desire to use the default search engine and some other points, which are in the bullet-point list.

There is a fundamental distinction between expressing a preference and accepting a default. Accepting a list of defaults does not express a preference; it's a choice to not express a preference, and just accept what the software developer suggested.

Re:Translation

[TranquilVoid]

Exactly, there's a world of difference between Google implementing a DNT option in their browser and actually honouring it in their websites, let alone the myriad of smaller advertising operators. You are ultimately better off using Adblock to cut these off at the source.

Of more concern, why can't the DNT option be used as an additional tracking item to uniquely identify you? Perfect irony.

From a brief search I understand Google has formed an agreement that suggests their websites will honour DNT, if they don't already.

As previously discussed, IE turns this option on by default, whereas the DNT specification states this should not be done. A weird requirement, perhaps political, and weirdly good work from MicroSoft.

Re:Translation

[TranquilVoid]

The real answer is not to politely ask these companies to stop tracking us; what reason do they have to care about our wishes? The real answer is to make ABP a standard feature in browsers

I suspect a better solution is to tighten privacy laws to make extensive tracking illegal.

I'm a huge fan of ABP but I think it only works while it's a minority use case. If it gains widespread usage it will spark a programming arms race that we are unlikely to win.

Re:Translation

[betterunixthanunix]

If it gains widespread usage it will spark a programming arms race that we are unlikely to win.

We said the same about spam filtering, and yet spam is now down to manageable. I think we can do the same with annoying and intrusive web advertising.

The real question is not, "Can we win?" but rather, "Will browser makers actually try to win?" Unfortunately, the answer is probably, "No, because browsers are made by advertisers or by people who are in bed with advertisers."

Re:Translation

[TranquilVoid]

Spam filtering works mostly because it is text. Perhaps similar AI could be applied to images but I suspect they look more like noise. Already some pages detect adblocking by using JS to parse the DOM tree to find where the ads should be. A smart blocker could attempt to lie to the JS however it's not hard to imagine this causing page problems if the JS makes layout choices based on it. You'd be trying to keep two copies; one for rendering and one for tricking the JS (that only needs tricking partially, not for actual site content).

If advertisers and sites ever develop enough trust we'll see ads served from the domain of the site, and potentially randomised element/image tags for both advertising and non-advertising content, making black and white lists difficult.

Unfortunately, the answer is probably, "No, because browsers are made by advertisers or by people who are in bed with advertisers."

Spot on, and exactly why I prefer Firefox over Chrome. You can't beat the sense that Mozilla is working for you, not for what you can give it. I know they receive money from Google, but it's more like playing footsies under the table than being in bed with them.

Re:Translation

[DrXym]

DNT is better than nothing and I agree that some shady advertisers won't honour it. But the large ones will or they'll find themselves on the end of embarrassing stories from security researchers and possible lawsuits.

Ad blocking is obviously a better option but nothing is certain with that either. I can think of several ways to force people to either disable ad block or for ads to slip past with little chance of blocking them. It's only a matter of time for some advertisers to start offering those services and for some cash strapped sites to implement them.

What is clear to me is that ad blocking and DNT should be explicit opt-in decisions. Most users really don't care enough about their privacy and that suits the advertisers fine to take a hit from a small % of people motivated to block / DNT. But if the likes of IE enable it by default then I fully expect that many advertisers and sites will ignore the preferences or subvert them entirely.

Re:Translation

[allo]

no, its the choice to express the preference to use what the list is saying. this is okay with the spec.

Pointless?

[Praetor.Zero]

What's the point if this can be ignored at the server level?

Re:Pointless?

[kvvbassboy]

The point is that advertisers WILL (and want to) take this seriously on the server level, as long as the user KNOWINGLY sets the DNT option on. But, if it is abused by certain software vendors, the whole exercise is going to be rendered pointless.

Re:Pointless?

Advertisers were only going to follow it so long as it wasn't used by many people. As soon as people started using it en mass it would promptly be ignored.

Re:Pointless?

[allo]

> WILL
[citation needed]

Re:Pointless?

[plover]

No, advertisers have no business value in taking this seriously, and every incentive to find ways around it. Advertisers know that targeted advertising is both more effective and less offensive than random advertising. And today, in order to provide targeted advertising, tracking provides an overall picture of an individual's tastes and habits.

Targeted advertising will continue, but in a different fashion. Instead of tracking you at an individual level, I predict they'll find ways to identify surfers at an aggregate level. Perhaps cookies will contain your advertising preferences instead of your identity. If you visit a few car forums every so often, the advertiser might store the CAR=2 value in your cookie, if you visit Etsy a lot they'll store CRAFT=5, and if you visit a political campaign donation site, they'll store SUCKER=9. Then, as you surf the web, if you're identified as a SUCKER>3, the ads will feature Vote Rombama. They're not tracking you personally or identifying your habits, but they're still targeting you.

The bigger problem, and why I think Google was the big holdout, is Google Analytics. They don't use the tracking data just for advertising. They sell information about shopping habits to marketers. If you search for "stereo reviews", then click the links to stereo-reviews.com and hifiworld.com, then buy a Coby home stereo for $299 from shopping.com, they can provide that data to stereo retailers around the net: people who buy overpriced crap surf believe the information on stereo-reviews.com and hifiworld.com. Killing tracking kills that intelligence business.

Re:Pointless?

[betterunixthanunix]

Sorry, I must have missed the part where advertisers have an incentive to honor DNT. Care to explain?

Re:Pointless?

[tlambert]

> WILL
[citation needed]

microsoft.com honors DNT ... Oh wait, they don't, it's just another way for them to screw with Google. Microsoft tracks you anyway, IE has it on by default in violation of the specification, guess only the people who honor it get screwed.

Re:Pointless?

> WILL
[citation needed]

microsoft.com honors DNT ... Oh wait, they don't, it's just another way for them to screw with Google. Microsoft tracks you anyway, IE has it on by default in violation of the specification, guess only the people who honor it get screwed.

Yes. Google will have to honor DNT. The FTC will audit them (they agreed to let the FTC audit them for 20 years). Other advertisers will do whatever they want, and those that follow the law will not be able to compete with those that break the law. This is a way Microsoft can screw Google.

Re:Pointless?

[Intropy]

If you know you have DNT set, and you see adds that suspiciously appear to be targeting you, then you will be mad about them. If you are mad about the ads you will feel antipathy towards the things being advertised, which is contrary to the purposes of advertising. Granted you have to be aware of the DNT setting and also have cause to suspect the tracking, but attempting to target without looking like you're targeting is probably a losing proposition.

Re:Pointless?

[rtkluttz]

This so misses the point. Do not track should be a anonymization option built into the browser where it isn't POSSIBLE to be uniquely identified. In other words all browsers report exactly the same thing.

Asking to not be tracked is absolutely ridiculous. What is even more ridiculous is people pretending like it will be honored. wink wink.

Re:Pointless?

This so misses the point. Do not track should be a anonymization option built into the browser where it isn't POSSIBLE to be uniquely identified

Simply never going to happen. No matter how much you layer into the browser, you will always be uniquely trackable unless you take extraordinary measures that would require, among other things, time-shifting your requests, which would make browsing the web far too painful for most users.

Frankly, anonymity just isn't a concern for most folks on the Web. The general idea of being tracked sounds scary, but half of the people who are concerned about being tracked online happily offer up their same VISA card at every store and restaurant they visit in the real world and online...

Re:Pointless?

[geminidomino]

. If you are mad about the ads you will feel antipathy towards the things being advertised, which is contrary to the purposes of advertising

Bullshit. If that was the logic, the advertising-supported web would have failed as a business model over a decade ago. Even before we had ABP and noscript, we had Privoxy, Proximitron, Internet Junkbuster... ads have been pissing people on the internet off for a long time now (and people not on the internet for even longer than that).

The advertisers' take on the situation you describe is "if they're angry enough to be mad at the product, at least they still remember it. Mission accomplished."

Re:Pointless?

[Intropy]

Or, you know, not everyone gets all bent out of shape over seeing some ads.

Re:Pointless?

[geminidomino]

Which makes your original claim that it's in their interest to honor DNT even more pointless. The advertisers and their clients are crying about things like ABP et al, even though, if what you claimed was true, they should be all FOR them, since they make sure that only the people who see the ads are the ones who WANT to.

If that were true, THAT would be "defeating the purpose of advertising."

Re:Pointless?

[Intropy]

You don't see how people are likely to feel differently about just plain seeing ads and seeing ads they explicitly asked not to see? Advertisers probably don't want there to be any way to block ads because they want to show them, and they probably don't want there to be any way to ask not to be tracked either. But if such a mechanism does exist, then they do have reason to honor it.

Re:Pointless?

Advertisers know that targeted advertising is both more effective and less offensive than random advertising.

Users know that being tracked and targeted by advertisers if more offensive.

Re:Pointless?

[hairyfish]

No, advertisers have no business value in taking this seriously, and every incentive to find ways around it. Advertisers know that targeted advertising is both more effective and less offensive than random advertising.

I'm not sure if you know how targeted ads "work". In my experience if I type something into google, click a few links I then get those same pages thrown at me as ads. It makes absolutely no sense as I've already researched that topic and no longer have any interest in it. If I had a product to advertise I would much prefer my brand being exposed to people who didn't already know about it, or hadn't visited my webpage. Google's version of "targeted advertising" is to to hand you a flyer for a store you you just walked out of. It is probably the least effective form I've advertising I've ever come across.

Re:Pointless?

[TheRaven64]

If that was the logic, the advertising-supported web would have failed as a business model over a decade ago.

It almost did. Then a company came along with plain text adverts that were based on the content of the page and so relevant to your interests (if you were interested in the page). They were not intrusive, but sometimes they were actually relevant. The company made a huge pile of money based on this idea.

Tracking

[DaMattster]

While I like the idea of DNT, it won't be long until folks find a way around it. Remember, Google found a way around the robots.txt file to let their bot continue to index a site despite explicit denial. Of course a lawsuit did end this.

Re:Tracking

[larry+bagina]

Find a way around it? It's an HTTP header. You can ignore it, just like you can ignore robots.txt.

Re:Tracking

[kllrnohj]

"find a way around it"?

I think you mean "just don't bother implementing support on the server side". By default DNT doesn't do anything at all. DNT only works on sites that take the engineering time to support it on their servers. Google has gone out of their way and spent time and money to support DNT - why would they then search for a way around it? That doesn't make any sense.

Re:Tracking

[mysidia]

While I like the idea of DNT, it won't be long until folks find a way around it.

What i'd like to see with DNT is a response header for each HTTP request for GET and HEAD operations, and both requestor and response headers to have _TAGS_ or other identifiers indicating more detailed optouts and more details about the server's policy (E.g. they might declare that they won't track the user, but may retain logs for 24 hours of their HTTP requests), not just relying on the client "blindly" sending a DNT: 1 request header, and the server being "on their honor" to respect that.

Instead there should be a response header from the server to be treated as a declaration of how the server will treat a request with certain DNT flags, or to what extent. Browsers that change their policy based on the reponse header (for example, the browser might make a HEAD request against / with referrer suppressed, to obtain a DNT declaration, before accepting a script or IMG tag for a remote domain, or requesting any pages from the host), and there could be a blacklist of sites that disclose false information in the DNT header.

Sites with no declaration will have functionality cutoff like cookies/remote load.

Sites in the blacklist get a "This site may track you and ignore your privacy preferences." error message, when users attempt to visit the site. And they will have to expand some hidden panels to find a 'visit this site anyway' link, which when clicked will open up a warning dialog, requiring confirmation.

Re:Tracking

Not that my opinion has any significant power but frankly I think trackers should be prosecuted under numerous laws for their privacy invading stalking of private citizens. They don't have a private investigator's license and planting "bugs" that send information even after they have left the stalker's site as well as other activities unrelated to their site while there is tantamount to illegal wiretapping etc etc. People with tracking cookies should feel rather like a deer with a GPS device broadcasting from under its skin keeping it stuck in the spotlights of a million hunters. They are guilty of many more things as well.

repeat after me: I am not an aggregate

[epine]

We believe that tailoring your web experience â" for example by showing you more relevant, interest-based ads, or making it easy to recommend stuff you like to friends â" is a good thing.

This is "your" as the anonymous plural. I'm an individual, not an aggregate, thank you very much. I mainly have any friends left at all for not presuming that my tastes are theirs. Strangely, I surround myself with people who have strong minds and distinct tastes. My social circle is not an echo-chamber of group think.

From [all-caps title suppressed]

These Big Data issues are important, but there are bigger things afoot. As you move into a society driven by Big Data most of the ways we think about the world change in a rather dramatic way. For instance, Adam Smith and Karl Marx were wrong, or at least had only half the answers. Why? Because they talked about markets and classes, but those are aggregates. They're averages.

While it may be useful to reason about the averages, social phenomena are really made up of millions of small transactions between individuals. There are patterns in those individual transactions that are not just averages, they're the things that are responsible for the flash crash and the Arab spring. You need to get down into these new patterns, these micro-patterns, because they don't just average out to the classical way of understanding society. We're entering a new era of social physics, where it's the details of all the particlesâ"the you and meâ"that actually determine the outcome.

Reasoning about markets and classes may get you half of the way there, but it's this new capability of looking at the details, which is only possible through Big Data, that will give us the other 50 percent of the story. We can potentially design companies, organizations, and societies that are more fair, stable and efficient as we get to really understand human physics at this fine-grain scale. This new computational social science offers incredible possibilities.

I don't mind my search results personalized, but my preference here is to have specific crud removed, not favoured results promoted. Alibaba and scribd and certain content mills would be early casualties, and no link to Elsevier in the top ten, ever. Mostly I can skim a list of 50 search results in the blink of an eye, thank you very much (and I don't find the skim gestalt useless, either).

Here's the thing, Google, you don't have to guess. Just give me a place to dial in my personal preferences, and then you'll know for certain: I don't want those stinking suggestions. My one burning desire in the user interface for the last decade is more capacity to disaggregate myself from faddish workflows. Ubuntu 10.10, that's how I like it, uh huh uh huh.

(*) I use a FF extension Make-Link to copy and paste links. Sometimes when you copy an all-caps link it comes out properly, if the all-caps was coded as a presentation style. I used to have an extension decaps to deal with this, but it broke in some FF upgrade. Over my dead body I'm retyping the title by hand to change the case, and neither am I leaving it there to scream at people.

Re:repeat after me: I am not an aggregate

(*) I use a FF extension Make-Link to copy and paste links. Sometimes when you copy an all-caps link it comes out properly, if the all-caps was coded as a presentation style. I used to have an extension decaps to deal with this, but it broke in some FF upgrade. Over my dead body I'm retyping the title by hand to change the case, and neither am I leaving it there to scream at people.

Sounds like it's working out to be a real efficiency gain for you.

Re:repeat after me: I am not an aggregate

Parent: "Why? Because they talked about markets and classes, but those are aggregates. They're averages"

Only some aggregates are averages. Many of them are full distributions. I know, because I have built software to target people like you, the edge cases. The problem with Big Data is not the aggregate problem. It is that the content it operates on is very far removed from the properties of people that are actually desirable. They have to discover hidden variables. What I do instead is use data on the variables I want, and use statistical models to bring those variables online in a way that deals with the edge cases. Turns out that the statistics to do that is the simplest kind, and isn't actually that hard to do. The hard part is gathering the data sources that are semantically appropriate for the desirable targeting parameters. The offline data world has plenty of that, and real cheap, because it isn't hyped as "Big Data", and people think it is on its way OUT. The truth is that it is finally on its way IN to the online world.

Re:repeat after me: I am not an aggregate

Mod UP! Was about post exactly this. Not everybody targets aggregates, in fact the deviants are the juicy parts, that everybody tries to find.

This is the IP evil bit all over again

[Dwedit]

This is basically the "Evil Bit" all over again. It's completely non-binding and ineffective.

What actually works is using Adblock and Requestpolicy, because that actually prevents third party tracking.

Re:This is the IP evil bit all over again

[0123456]

This is basically the "Evil Bit" all over again. It's completely non-binding and ineffective.

While I agree that the solution is to block the sites, your claim is only true for companies that don't claim not to be evil.

Ad companies who ignore 'do no track' look evil. Google doesn't want to look evil.

Re:This is the IP evil bit all over again

[betterunixthanunix]

They may look evil, but hardly anyone cares. Do you really think Facebook will see a mass revolt if it ignores DNT?

Re:This is the IP evil bit all over again

Companies who ignore 'do not pass my details on' look evil too, but it's so common I've basically given up relying on it (using a trackable email per site gives *really* interesting results).

DNT won't mean squat. They'll send your data anonymously and the first you'll know is 'targetted' mail through your inbox - or your letterbox.

Re:This is the IP evil bit all over again

[Intropy]

I also use a different email per site, when I can bothered anyway. I've actually never found a third party spamming me based on me giving such an address to anyone who actually claimed they would keep my address private. The worst I get is some random email a year later from a site I visited once asking me to come back.

Re:This is the IP evil bit all over again

[shutdown+-p+now]

It's only ineffective if it's not legally enforced. EU has already introduced a law that requires companies to avoid tracking you if you explicitly request to not be tracked. It was not yet successfully argued in court whether DNT constitutes such an explicit request, but it most likely does. At that point any tracking would become illegal.

The "evil bit" idea is only useless against malicious parties that don't care about compliance with the law, e.g. when they're anonymous. This is not the case here.

Re:This is the IP evil bit all over again

Exactly!

So refreshing to see this point being made so well.

Do Not Track means NOTHING. It's just a header in a request, which companies can ignore as they wish.

Adblock and Requestpolicy works. Anonymizing proxies work. Tor works.

DNT makes you less creeped out

DNT will stop letting Facebook creep you out.

I can't believe how often I get ads for something I searched for on google, following me... everywhere.

Reinterpreted quote from Susan Wojcicki

[93+Escort+Wagon]

"There’s been a lot of debate over the last few years about personalization on the web. Our entire business model is based on showing you more relevant, interest-based ads. We also wish to track your specific purchases so we can use your name in ads targeted at your online friends, although that's a bit of a pipe dream since Google+ still isn't getting any traction."

Disingenuous

"We believe [tailored ads] are a good thing"

Okay, well, if users agree then DNT doesn't make a difference, and if users disagree, who gives a shit what you think?

Or we could not trust servers

[betterunixthanunix]

Why are we trusting web servers to be honest? Advertising should be opt-in, not "opt-out, and then only if the server agrees to let you opt-out."

We didn't bring spam down to manageable levels by politely asking spammers not to send us email. We brought spam down to manageable levels by filtering it so that it did not even reach our inboxes. Why are we treating web advertising any differently?

Re:Or we could not trust servers

[mysidia]

Why are we trusting web servers to be honest? Advertising should be opt-in, not "opt-out, and then only if the server agrees to let you opt-out."

Because we don't have a choice. You are talking about advertising, but i'm talking about tracking. The status Quo is everything is opt-in by default, you can sometimes have to opt-out of tracking and you rarely if ever have any option to opt out of advertising, and the people running the web servers aren't going to agree to anything different; they're going to refuse to implement functionality that requires you to opt-in to advertising. Their business model relies on advertising -- if advertisers don't pay, the site goes away, therefore: You don't see advertising, then you can't visit this site.

Ultimately, you're going to have to somehow pay yourself, if you want to see professional content providers' content without advertising.

Right now, the best we can hope for is incremental improvement. Get technology in place, that lets users make their requests regarding tracking, and requires web servers to respond with declarations about what they will do, AND provides a mechanism to identify both web servers that are honest, and web servers that lie in their declarations, and what things they lie about.

In a much later incremental improvement.... some mechanism can be provided to allow browsers to opt-out by default, and the DNT framework can be extended with default opt-out, but only after DNT has acceptance and is implemented by the content providers, the browsers, and robust white lists and black listing functionality.

Browsers can become more intelligent over time and automatically refuse to load parts of popular sites that implement tracking functionality.

AFTER widespread DNT implementation, then an additional type of request and declaration could be added to DNT pertainining to types of advertising specifically.

So that users can opt out of specific kinds of ads, E.G. "BannerAds" "Popups" "Newsletters" "EmailMarketing" "ShareEmailwithThirdparties.

Sites would be required to declare those types of things, and browsers would warn the user before being able to enter their email address into a form on a page with DNT EmailMarketing tag, or DNT Opt-Out of e-mail marketing would require the site to suppress the form, or only offer subscription to Newsletters that don't involve spam.

Similarly "AdWare" opt-out would require sites that contain software, to suppress download links for any application that displays advertising on a user's computer.

Re:Or we could not trust servers

[betterunixthanunix]

we don't have a choice

Yes we do: ad blocking software. I would say that ad blocking software is as necessary for web browsing as spam filtering is for email. If website owners are hurting, let them demand impression-based ad revenue, let them serve ads from their own servers, and we can revisit the idea of not blocking ads.

The status Quo is everything is opt-in by default

Browser makers can change that. W3C can change that. We can make targeted advertising that is privacy-respecting by using PIR and similar protocols. The fact that we are not doing that shows how much we respect users of the web (and whose interests we really care about).

Ultimately, you're going to have to somehow pay yourself, if you want to see professional content providers' content without advertising.

Spoken like someone who has not yet graduated from the 1960s. The Internet is not a cable TV network. We can do things differently online, if we can evolve our concept of how worthwhile information is created. We can do things in a peer-to-peer fashion and take the cost of "broadcasting" out of the picture.

Except that we let the RIAA ruin all that.

Right now, the best we can hope for is incremental improvement

No, we have ad blocking software, so we can do better than incremental improvement. Let website owners find a way to monetize their sites without invading our privacy. They did not say "no" to the lack of respect for their users; they should lie in the bed they made, which should be the one where users and browser makes are revolting.

This is not a matter of incremental improvement, it is a matter of getting the respect we deserve. Unchecked databases on our browsing habits which store our personal information indefinitely are bad for us -- and if website owners do not care about that, why should we care about them?

Re:Or we could not trust servers

[Miseph]

"Why are we treating web advertising any differently?

Probably because we like having "free" content on the web, and "free" content is, generally, paid for by advertising.

Maybe you're one of those rare birds who likes the idea of paying subscription fees or micro-transactions every time you want to look at a website, but most of us are happier with the occasional unobtrusive banner ad.

Re:Or we could not trust servers

[betterunixthanunix]

Maybe you're one of those rare birds who likes the idea of paying subscription fees or micro-transactions every time you want to look at a website, but most of us are happier with the occasional unobtrusive banner ad.

The 90s called, they want their web advertising back. In today's world, web ads are not unobtrusive, they are not remotely privacy-respecting, and they are bad for web users. That system needs to be stopped, and the sooner, the better.

Re:Or we could not trust servers

You thought 90s web advertising was good?

Every browser made a popup blocker and turned it on by default because the advertising was too unacceptable.

Still glad I use Firefox

As for why Google is the last of the three do implement it...

This is a perfect example of why I don't trust Chrome, and will continue to use Firefox.

Originally, I had heard that Google's web engine was not as flexible as Firefox's for things like implementing ad blocking. Due to this inferior design, I was originally uninterested in Chrome. Two years later, I'm still uninterested.

Google will probably still track you

It's not like Chrome will stop tracking everything you do, every URL you visit, and every download. Only those in complete privacy denial use Chrome.

Re:Google will probably still track you

Spot on.

Google's "Don't be evil" motto is suck a freaking lie it's not even funny.
Take a look at Wikipedia's entry on "Don't be evil" if you want a lesson in hypocrisy.

DNT is pretty much a waste of time anyway, because theirs no way of knowing who adheres to it or not.

Seems you can't even highlight something in a book with out it becoming the knowledge of some company.
http://www.minyanville.com/mvpremium/2012/04/24/kindle-users-amazon-is-tracking/

Seems you can't fart nowadays without it turning up on a database somewhere.

IE10 DNT is NOT on by default

[benjymouse]

The user is presented with a "setup" screen at which he/she can choose "express" or "advanced" setup.

The screen *clearly* spells out that *if* you choose express settings then DNT will be switched on.

You are confounding default settings (settings which take effect unless you explicitly go through a change) with a *choice* of grouped settings.

Yes, the settings are grouped. Yes, the users may not know what exactly could be the benefits of tracking (or the benefits to Google?).

But, the user actually *do* make a choice. It is not like the screen merely says "express or advanced?". It actually outlines what will be set.

To claims that this is "default" and that the user has not made a choice is simply wrong. It is the *easy* choice, but that is not the same.

Advertisers and their shills like Roy Fielding may not like the fact that the process does stack the deck against tracking as it makes the DNT the easy choice. To me that is just "right back at ya!". Thanks for all your toolbars, btw. But no thanks.

Re:IE10 DNT is NOT on by default

[mysidia]

The user is presented with a "setup" screen at which he/she can choose "express" or "advanced" setup.
The screen *clearly* spells out that *if* you choose express settings then DNT will be switched on.

I'll still say they aren't gathering the user's express consent. It doesn't matter that in the laundry list of items they warn you that 'DNT will be set if you pick express'.

For it to be express consent, they would actually have to prompt the user specifically to choose to enable DNT or not, AND present it in such a way, that picking to enable DNT is definitely the user expressing a preference, eg by clicking a radio button, rather than just clicking Next.

Re:IE10 DNT is NOT on by default

Most people choose express and so DNT can be regarded as the default setting. Second, by making it the default runs the very real risk that advertisers won't honour it at all, or will single out IE 10 and not honour it there. Advertisers would likely tolerate a small proportion of users who explicitly seek out and set the option. It represents a user's explicit choice and therefore it is harder to justify morally or legally if it turns out they are ignoring it. Having DNT set amongst a bunch of other settings during an express setup does not represent an explicit choice and so they'll ignore it.

Re:IE10 DNT is NOT on by default

[allo]

most people select express, because express is right for their concerns. Wouldn't you think, DNT is right for the normal person? Who wants to be tracked? So how is it wrong?

Request for comments

[mounthood]

Network Working Group
Request for Comments: 3514
Category: Informational

                  The Do Not Track Flag in the IPv4 Header

Status of this Memo
      This memo provides information for the Internet community. It does
      not specify an Internet standard of any kind. Distribution of this
      memo is unlimited.

Copyright Notice
      Copyright (C) The Internet Society (2013). All Rights Reserved.

Abstract
      Advertisers, marketers, data aggregators, and the like
      often have difficulty distinguishing between people that have
      money and those that are merely unusual. We define a
      Do Not Track flag in the IPv4 header as a means of distinguishing
      the two cases.

Read more at http://www.ietf.org/rfc/rfc3514.txt

real translation

Nosey bastards

Third party cookies?

On IE9 and Chrome, you have the option of blocking third party cookies (or turning first party cookies off as well if you really feel like it). Isn't that similar to DNT?

You can also install Adblock on Chrome.

The ability to turn it off is a Good Thing

...

belief

[Tom]

We believe that tailoring your web experience â" for example by showing you more relevant, interest-based ads, or making it easy to recommend stuff you like to friends â" is a good thing.

"believe" being the key word there.

AdBlock all the way. I don't brake for ads anymore.

Yeah, right...

[19061969]

Quoth: Google's Susan Wojcicki: 'We believe that tailoring your web experience â" for example by showing you more relevant, interest-based ads, or making it easy to recommend stuff you like to friends â" is a good thing.'"

Except that I did a *lot* of research (getting a phd for the first few years) that says that tailoring experience misleads people into thinking the stuff around them is more meaningful than it is.

In some ways, the survivalist approach, while less satisfying, produces much more accurate mental models of information sources.

I really think that Google had a golden age around 2002 when they had masses of information but little customisation - but let users decide things for themselves.

Sigh. I'm a fan of DuckDuckGo now and not just because I'm #1 for my important key phrases. DDG doesn't try to 'help' - it just lets you use your brain.

DNT was done in conjunction with the White House?

[popo]

Simple question: Why did Chrome's "Do Not Track" feature have to be done in conjunction with the White House and FTC?

Doesn't that tell you everything you need to know already?

Problematic

[tyler_larson]

You heard it here first:

Once this standard becomes popular, advertising resellers will stop paying for views/click for hits from browsers with DNT set. Unlike traditional ad blocking, the DNT header signals to the primary site that you are being uncooperative, making it trivial to redirect visitors who set that header to a "fix your browser" page.

Assuming DNT is actually respected by the server, DNT establishes a second pipeline WRT logging, analytics, error-reporting, and other server-side functions. Not only are DNT visitors of little or no value to site owners, but they also create additional cost for the provider to maintain that separate logging pipeline.

RewriteEngine On
RewriteCond %{HTTP:DNT} 1
RewriteRule .* /disable-dnt.html

For your disable-dnt.html page, nothing fancy, nothing explanatory, just simple instructions:
ALERT!
Your browser cannot display this page.
Please select the menu Tools -- Options and uncheck Do Not Track. Then refresh this page to continue.

Problem solved. And all you have to say is that the cost of compliance with the "do not track" standard make supporting that option unfeasible. Or something like that.

Re:Problematic

[shutdown+-p+now]

If you try to pull that kind of shit anywhere in EU, you'll get their consumer protection agencies descending on you faster than you can say "cookie".

Re:Problematic

[u64]

Does anyone know how to detect DNT headers using PHP ?

Re:DNT was done in conjunction with the White Hous

[ImaLamer]

I'm confused at this whole story because there is already a Do Not Track extension for Chrome.

I use Flashblock

[tepples]

And before you protest that *you* don't use any of those sites: you are reading slashdot, a site that would not exist without ad revenue, right now :)

For one thing, Slashdot users who keep their karma near the Kap long enough get rewarded with a "Disable Ads" checkbox. But even if that checkbox didn't exist, I don't block ads in general but I do keep Flash in click-to-play mode. If advertisers can boil their pitch down to a JPEG or a text box, let 'em advertise. I do click text or still image ads that I find interesting because I don't have flashy Flash to distract me.

Recommend stuff I like?

[__aaltlg1547]

Or have advertisers use my name and reputation to recommend stuff they'd like others to buy, without my specific consent or any compensation?

Fail

[benjymouse]

microsoft.com honors DNT ... Oh wait, they don't, it's just another way for them to screw with Google. Microsoft tracks you anyway, IE has it on by default in violation of the specification, guess only the people who honor it get screwed.

No, it is NOT on by default. The user chooses between express settings and advanced settings. The screen *clearly* states that IF you choose express THEN do-not-track will be set to on.

By choosing express settings the user has made an informed choice. Or would you argue otherwise in a court?

Chrome is infuriating for privacy

[DrXym]

I like Chrome as a browser but got does it suck for privacy and settings in general. I want my browser to never rememer my browser history clear the cache automatically on exit. Does chrome do this? Possibly but damned if I can find the setting. Privacy is buried under "Advanced settings" and there is nothing that corresponds to clear on exit or don't remember history. Yes I can explicitly clear history but I dont always remember to do this and it's not acceptable I should have to either. Firefox can clear history on exit, why can't Chrome? I also note that if you use the sync service that all your bookmarks and other settings are sent to google in the clear. There is an option to encrypt them but that's not the default. Compare and contrast to Firefox where everything is encrypted before it gets sent up so Firefox is limited in what it knows.

So I stick with Firefox. It's a shame since Chrome actually works better on Linux than Firefox does but I'm not going to compromise my privacy or waste time writing scripts to workaround this deliberate deficiency in its privacy behaviour.

Re:Chrome is infuriating for privacy

[Confusador]

It's admittedly unintuitive, but if you run chrome with the --incognito flag it does what you're looking for.

Re:Chrome is infuriating for privacy

[DrXym]

I don't want to run incognito. Incognito disables add ons and has other limitations in functionality that I actually want. I just don't want the thing leaving a history of what I am looking at all over the place and would appreciate if it were able to do what other browsers like Firefox and Opera manager. Two settings - one to specify the number of days / urls to remember as history and another to clear on exit.

When will iPad Chrome get YouTube?

Very few YouTube videos work on iPad Chrome, and it doesn't even have the decency to offer an "open in YouTube app" option. Most annoying.

Take it a step further for privacy

Private browsing/Incognito mode should also be turned on by default.

Isn't this just client-side evil bit?

Honestly, how is DNT supposed to work? This strikes me as a browser saying "pretty please don't track me" and then hoping that a server doesn't decide to do so anyways. This is just the evil bit all over again.

Resume the interrupted downloads first

[visionofarun]

The browser should get an option to resume the interrupted downloads ahead of any other new feature. Firefox was able to do this since version 2.2, if I remember correctly.