Slashdot Mirror
Advertisers Never Intended To Honor DNT
First time accepted submitter oldlurker writes "After much discussion where many hoped a voluntary Do Not Track standard was agreed with advertisers, it turns out the advertisers already had a very different interpretation than most of us on how to practice it: 'Two big associations, the Interactive Advertising Bureau and the Digital Advertising Alliance, represent 90% of advertisers. Downey says those big groups have devised their own interpretation of Do Not Track. When the servers controlled by those big companies encounter a DNT=1 header, says Downey, "They have said they will stop serving targeted ads but will still collect and store and monetize data."'"
Isn't that missing the entire point? Or is the do-not-track specification one of those Orwellian-titled things whereby the net effect is exactly the opposite of the name?
...they will still track.
What ads? I use noscript and adblock.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Wasn't the whole point of this to encourage advertisers to not track and if they do you have a leg to stand on in a court because you specifically made it clear you did not want to be tracked?
"Please don't eat me, brother Wolf!" cried the Rabbit. "Aw, all right." said the Wolf, rolling his eyes. "I'll just trade you to brother Fox for some hens. Is that ok with you?"
It's do not track not cover up track. I think these fellas need a course in remedial grammar.
There are times I do want, say, Google to keep my data, and I don't care if they share it -- like if I search for Minecraft stuffs, I want MC stuff to appear on my search. Or if I search a topic and I'd rather be swayed towards more reliable sources that I would frequent rather than like, "HOMEOPATHY MAGIC QUANTUM JUICE PANACEA MAKE MONEY FROM HOME."
For everthing else, there's Duck Duck Go
I have my browsers not respect their wishes on page composition and ad presentation, so I don't really expect them to respect my do-not-track header either. Their domains would first have to make it past my DNS blackhole anyway.
They keep showing me adds for 127.0.0.1, but I can't seem to find where to by this great product. Anyone has any idea?
and that is why i use and will continue to use adblock. the advertisers have given me no reason to trust them.
Water is wet.
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
Let me add on that nobody is forced to go to websites that serve ads. The websites allow them on their sites for a reason. If you don't like it, install ad blocking software. If you don't like them on principal, then avoid those sites. Yes, those are plentiful, but it is possible. How many websites did you browse in 1985?
From the moment I saw the Do not Track idea come up, I was telling people that advertisers will not car and not honor it. the ONLY way you can set your own do not track is by using adblockers and other tools to strip out their crud. IF they wont honor your do not track, you no longer have to honor seeing their ad's. The only thing they can track by now is your IP address and the browser string if you install all the privacy plugins for firefox or Chrome. it strips their bugs, cookies, etc... and I am waiting for someone to start randomizing the browser string to further make their tracking harder.
Do not look at laser with remaining good eye.
>"Advertisers Never Intended To Honor DNT"
Um.... Duh???
Did anyone really expect anything else?
Advertisers are ignoring what the user wants and using your data any way they see fit just because they can?
Know what else they're tracking and selling to other advertisers? Your do-not-track setting.
Most interesting and profitable to track because they don't want to be tracked.
It's like putting a kid in front of a big red button and saying "DON'T TOUCH THAT BIG RED BUTTON". Seriously, did anyone expect anything less?
My ism, it's full of beliefs.
The scum (advertisers, government agencies, et. al.) will continue to use it. Three cheers for ghostery.com.
Please do not read this sig. Thank you.
Gentlemen, start your ad blockers.
I'm very carefull with those as I'd like to keep my free ad-financed sites, but this is a short-cut to my blacklist.
As is content-obscuring ads, any kind of noise and excessive blinking.
bickerdyke
'Cause I'm D.N.T., I'm dynamite
(D.N.T.) and I'll win the fight
(D.N.T.) I'm a power load
(D.N.T.) watch me explode
I'm dirty, mean and mighty unclean
I'm a wanted man
Public enemy number one
Understand
So lock up your daughter
Lock up your wife
Lock up your back door
And run for your life
The man is back in town
So don't you mess me 'round
rewriting history since 2109
It's very difficult to communicate with someone when their livelihood is dependent on not understanding.
Water is wet, grass is green and space is big.
Honestly, you have to be quite naive and downright stupid to expect anything else.
If you provide your attacker (advertisers), who have a vested interest in ignoring the flag, with the means to ignore the flag, it's not going to work.
If Alice asks Charlie, a known snooper, to deliver a message to Bob and she expects Charlie not to take a peek, it's going to take more than writing "don't look, Charlie, tee hee hee!" at the top of the message.
This was dumb idea from the very beginning and destined to explode on the launch pad. Besides, browsers already have an in-built functionality to reject third-party cookies, which pretty much takes care of the problem. Yes, there are some clever and covert ways of doing it without cookies (hidden iframes, forms and whatnot), but there's no reason browsers can't reject those on a whitelist basis (some online software will use these hidden elements legitimately).
The point of DNT was to address the most serious privacy concerns about advertising without simply blocking ads (because people have this idea that advertising is paying for the web; I have my doubts). Supposedly advertisers would be compelled to comply, because otherwise people will see that the advertisers do not respect their wishes and then they will install things like ABP.
Now we see that advertisers are not respecting DNT, so now we should get back to making sure everyone installs ABP.
Palm trees and 8
being able to browse the internet is a form of free speech.
I propose that our PAC lobby congress for its proper free speech rights.
blocking ads is a form of free speech.
please donate to Browsers United so we can get our voices heard.
--
"It is now safe to switch off your computer."
Blocking ads is censorship and anti-capitalistic
rewriting history since 2109
DNT was never going to work in any practical way. Advertisers weren't going to change because of a voluntary system. So were the proponents naive idealists or playing politics? DNT has made an issue out of data tracking (people++) but also given industry and politicians years of cover (theman++) while it's debated.
I can't help but see this as a near total victory for industry: they haven't actually changed at all. The core issue hasn't been debated in any technical sense (what counts as tracking? how long can data be kept?...) There's little to no discussion about civil rights and privacy. No discussion about security or the legal status of the data (what happens when lawyers want tracking data for a divorce case?).
DNT is an April Fools joke (evil bit) transformed into a mock-policy discussion.
tomorrow who's gonna fuss
Consider the alternative. Would you rather pay for the 10 or so sites that you visit on a daily basis? That's been tried and tried and tried and has always failed so far. Maybe someday in the future the magic combination of micro transactions and transparency will be stumbled upon, but it hasn't happened yet. That, and the advertising forces still believe that advertising works. A lot of people don't care about being advertised to, and in some cases they actually prefer it. So for significantly large values of stupidity or apathy, the advertising companies aren't wrong.
The technically able and the ones who care about being subjected to unhealthy amounts of lowest common denominator dreck have tools they use (Firefox, adblock plus, noscript, ghostery, etc.) to avoid the worst of it. Fortunately for them, their mostly free and unfettered access is payed for mainly by those who don't and the small percentage of overlap between the 2 sets.
Being a geek is fun and in this case healthier.
We're a couple decades into the general public into this inter-tube-network-doohickey. /., gimme a beer would'ja?...
It's been my observation that when advertisers get too smug, they lose their ass to mass protest and activism.
Some group with an opposing idea of privacy to the corporate norm will probably be glad to trade DNT for DOS.
All I have to do is sit back and keep readin'
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
So they don't care what you want, because they want to run their ever larger, bloated, growing websites.
Unless we get a greed cap.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
You have to use reverse psychology on the advertisers. It should have been named "Do Track."
The information that you don't wish to be tracked is useful and ought to be worth something to someone. So sites will need to keep an eye on such visitors, right?
In other words, DNT is predicated on the idea that advertisers will actually respect user wishes, because otherwise users will respond by blocking ads. The point of this article is that advertisers have shown that they do not respect user wishes; the logical conclusion should be that browsers start including things like ABP by default, until advertisers start respecting DNT again (but that won't happen, so we'll just make ad blocking a standard browser feature). Browser makers must include ad blocking or else DNT will truly be pointless; users, by and large, will not install ad blocking extensions on their own.
Palm trees and 8
How about we just go back to pushing ad blocking software? The point of DNT was to show that ad blocking is not necessary, because advertisers will respect users if they can just get a little feedback. Now we see that that is untrue, so let's ditch DNT and get back to ABP etc.
The whole argument for DNT is that advertisers will be compelled to follow it, because if they do not do so then users will start blocking ads. Advertisers are not respecting DNT, so we have to deploy ad blockers now, or else DNT was truly pointless.
Palm trees and 8
Advertisers had a choice: DNT or ABP. DNT is a lot less damaging to advertisers than ABP, since at people will still see advertisements under DNT. DNT was created so that ad blocking would not become a standard feature in browsers; remember when website owners were calling ABP users "thieves?"
Now we follow the game to its conclusion: the advertisers chose to reject DNT, so now we need to install ad blockers everywhere and make ad blocking a standard feature in browsers.
Palm trees and 8
I'm curious how they came to the conclusion Do Not Track didn't actually mean Track and instead meant Advertise.
Problem is, these companies are honouring it just enough to make it difficult to figure out which ones are honouring it or not.
Better solution is to assume, as I have always done, that everyone will track given the opportunity, and simply not give anyone the opportunity. I block all ads.
Ed Bott says that Sarah Downey (Privacy Advocate) says that the IAB says that the IAB membership "will continue to monetize data".
Except that to become an IAB member, a company must comply to the IAB code of conduct, which includes the self-regulatory program for online behavioral targeting. This includes the requirement of providing a consumer choice mechanism, which has been implemented for the industry at www.aboutads.info.
I guess fact checking was too much for Ed...
Stopping serving targetted ads is more of a response than I'd expected.
When you live in a sick society, just about everything you do is wrong.
And I told them that all they are doing is adding their name to a list that someone can download and call...
There are three kinds of people in the world. Those that can count, and those that can't.
That's libertarianism for you. If you don't want to be tracked don't go to those websites.
DNT is a starting point (an egg) it could grow into something useful or die. Failure is not "egg on your face" because you have to take the 1st step for the possibilities to open up.
One possible solution:
Politicians pass a law saying how ad corps must respect DNT. It is far less likely to pass such a law without the technology in place; they have a hard time making industry implement any features.
Democracy Now! - uncensored, anti-establishment news
Okay, then.
Is there any open source software that I can use/modify that will allow me to screw with that data collection? In other words, make stuff up, change it and/or send out repetitive and incorrect information? Maybe build a huge pile of useless information that looks good to the trackers, but hides the 'real' me. Can I make myself undesirable to those that want to track me?
Advertising companies make a big deal about "notice" and "choice." Unfortunately, while they claim to give users the ability to "opt out" of Online Behavioral Advertising (OBA), all they really do is give users the ability not to see ads. They don't necessarily give users the ability not to be tracked. Here's an entire paper about it. http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11005.html
Here is a radical solution.
I would be less against advertisements being shown but the advertisers not knowing who is seeing the ads.
The only way to do so is for the ads to not be served by advertisers directly, but to be stored either at the publisher, the isp or on the user's computer.
This would be technically feasible, allows publishers like slashdot to pay for costs via advertising, and is desirable because the advertisers have been shown to be untrustworthy.
IF you don't want to be tracked, & to get your speed/bandwidth back you paid for (as well as electricity, CPU cycles, RAM, & other forms of I/O as well), better "layered-security"/"defense-in-depth", reliability (vs. DNS poisoning redirection OR being "downed"), & even anonymity (to an extent vs. DNS request logs) + being able to "blow by" what you may feel are unjust blocks (in DNSBL's) & more...
---
APK Hosts File Engine 5.0++ 32-bit & 64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
---
Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):
---
1.) Blocking out malware/malscripted sites
2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware
3.) Blocking out Bogus DNS servers malware makers use
4.) Blocking out Botnet C&C servers
5.) Blocking out Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
8.) Added "anonymity" (to an extent, vs. DNS request logs)
9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
10.) Blocking out TRACKERS
11.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
12.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
13.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.
---
* There you go... & above all else IF you choose to try it for the enumerated list of benefits I extolled above?
Enjoy the program!
APK
P.S.=> Of course, THIS is NOT going to "go well" with 3 types of people out there online, profiting by advertising & nefarious exploits + more @ YOUR expense as the consumer:
---
A.) Malware makers & the like (botnet masters, etc./et al)
B.) ADVERTISERS - the TRULY offended ones, as it is their "lifeblood" in psychological attack galore, tracking, & more, etc.!
C.) Possibly webmasters (who profit by ad banners, but fail to realize that those SAME adbanners suck away the users' bandwidth/speed, electricity, CPU cycles, RAM, & other forms of I/O they PAY FOR, plus, adbanners DO get infested with malicious code, & if anyone wants many "examples thereof" from the past near-decade now? Ask!)
---
... apk
The only way they will comply is if they are forced too by laws. Want an example? Do not call list. nuf said
Jack of all trades,master of none
Is there even any good proof that all this tracking is even more effective for the advertiser's customers, than not tracking?
-- Who am I? How did I get here? My God, what have I done?!
Guys, sometimes the pace of "innovation" is slow. Do Not Track was Innovative. No one ever said Innovative had to be actually effective, though it helps public perception more when it is.
Look at the phrase "without actual laws that limit the recording and sharing of ..... identifiable data". Doesn't that sound a lot like ... wait for it ... Copyright? And remember how they don't care where you got your copy from?
Well for the sake of the First Raindrop, I set my User Agent string to a new Creative Commons NC poem by me. So any site that decides to "keep, and massage, and exploit" it (not just sniff!) would be violating my copyright, right?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
...then I guess NoScript and AddBlock are fair game. Excellent. Advertisers should not forget that they depend on our attention, and we're not obligated to give it to them.
Copyright does not protect "identifiable data". It protects creative expression, in order "To promote the Progress of Science and useful Arts".
I would be curious to know how a court would treat someone who made an argument as frivolous as "they infringed copyright in my custom User-Agent string". I suspect most courts would settle for relatively minor sanctions, like throwing the case out and making the plaintiff pay the defense's costs. If you try it, please keep us posted!
There are more than 1 alternatives. How about advertising, but not tracking and not serving targeted ads? What's wrong with it, except that it might earn websites less money?
From my 12 years of experience running an online business, I'd still urge everyone to stop dealing with (the mostly) shady online advertising agencies. They're mostly corrupt (expecting and accepting kickback payments from websites so they do not put ads where their customers benefit most, but where they can line their own pockets best), incompetent (still using document.write in 2012 and still trying to push the most annoying ad formats down both publishers' and advertisers' throats when everyone knows that AdSense was hugely successful doing the opposite) and greedy like any other purely parasitic business that adds no value (and usually removes value).
"I love my job, but I hate talking to people like you" (Freddie Mercury)
If you do not want to be tracked, DO NOT SEND REQUESTS. ...
But sending requests with a "please handle this one but dont use it to track me" comment
Well, did anyone *really* expected that anyone would respect that?
Sorry to say that, but this whole standard never made any sense from the beginning...
Its the same like crying for the ability to make the internet "forget" dumb posts you did to facebook and co.
If you do not want them to be used against you some day in the future, dont post them at all.
mod parent up.
this is the american way of adressing a problem:
make a law, and expect all people to car about it, if they dont, sue them...
well, that might be the way in the USA, but everywhere else in the civilisated world, noone would care
THIS.
With that user agent string you are uniquely identifiable everywhere you browse...
The wolves never intended not to eat the sheep carrying a do not eat me ribbon.
Jehovah be praised, Oracle was not selected
Really? Was there ever any doubt this would happen? You have to take your privacy into your own hands, you can't trust the fox to guard the hen house. I'm going to continue running ABP, blocking third party cookies, running noscript, and blackholing known ad servers in my hosts file.
The sad part is that if they would just play nice, follow the rules, and respect me, I wouldn't go through all this trouble and I'd actually end up seeing a lot of ads.
If you build it, nerds will come. Soylentnews.org
That's the spirit, but those exact actions aren't great in practice. There is room for improvement:
That's exactly on the mark. Of course, that'll make a ton of sites out there stop working, so you need a NoScript like interface to deal with those cases. (I'd sugest naming YesScript, but this one does already exist.)
Not necessary. The same applies for the headers. If you want bowsers to stop leaking info, you'll have to put 3rd party javascript in a sandbox where it can't access any kind of identification info (like screen resolution), the stuff on headers (besides IP) isn't enough to identify someone. I'd put that sandbox as an option at the NoScript like interface. Make 3rd party JS blocked by default, with the options of sandboxing it (includes restricting cokies) or completely allowing.
Block all third party requests untill the user allow them. Put a click-to-show thumbnail in external images (like Flash Block). That'll break a LOT of sites by the way, whitelist the subdomains of the site, so it breaks less of the web. Other objects will have to be tought up one at a time. You can put a menu button for things like sound and javascript, while videos, flash and java get the click-to-show.
Put Flash Block in the browser already. There is simply no reason for not do this, I wonder what is taking Firefox so long.
Rethinking email
Exactly, but what if a piece of data is in both categories? That is what I was exploring. My string is 350 words long, containing computer code, a poem, and essay, code words, and a copyright notice, and an email for inquiries on licensing. So my point was, since that's clearly a creative work, what happens depending upon where it exists and what mechanisms retrieve it, copy it, and re-publish it?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Oh, of course.
But "who will know"? I thought for a few minutes, and picked NC-ND for the license. So mere sniffing "isn't commercial" (because that's just the server operating etc), but then the logjam should pop up if someone tries to include it in paid sales data to an ad company, because then that's both derivative and commercial.
Not counting the whole David and Goliath problems, isn't an infringement of a copyrighted work a penalty of X thousand dollars? What legal defense could they have, "we didn't look at the data we collected and didn't know it was a creative work?" Just because "oh, our system automatically collects those" isn't a defense - it contains a notice and an email for license inquiries.
So, if a page has ... say... one min.... Let's try Gizmodo....
Ghostery has found the following on this page:
ChartBeat
Criteo
DoubleClick
Facebook Connect
Google Analytics
NetRatings SiteCensus
New Relic
Parse.ly
Quantcast
ScoreCard Research Beacon
SkimLinks
Typekit by Adobe
Isn't that 1 infringement per advertiser that received that Creative Work in the data?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
A court would not find your "experiment" either very interesting or very amusing. To the extent that you told your computer to present your poem as the browser's identification and configuration, I expect it would be interpreted as a nearly unlimited license to do all the things that web servers normally do with browser agent strings.
That's exactly why I did my little experiment.
So a court wouldn't (supposedly) care about a song being transmitted just because it was dumped in the User Agent Field? Just change the file type at the end to .mp3? Oh, it's a Song, so it matters then, right? Sure, gimme an hour, I'll make it a Song.
This is part of my point that we're not treating all copyrighted works with the same zeal. Movies, followed by Songs, are driving Copyright. But only for Rich organizations, right? Meanwhile the rest of creative works get to suffer? I purposely posted a poem, and an essay, and computer code, and code words, and a notice. That surely makes it a creative work. Just because I stuck it in a place where "automated systems are used to copying stuff" doesn't make it okay to copy.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Well, what did people expect? A simple header flag is like putting up a "do not steal from here" sign next to the front door while leaving the keys in the lock. On the outside.
Firefox, NoScript, AdBlock. And yes, Google and Apple are about the first sites which land on my "untrusted" list. The same on the smartphone/tab AND switching GPS only on if really needed (which is about not at all for me).
Internet ain't quiet, peaceful suburbs. If there is money to make, people will do so.
Can't you just put up some ads to support the lobbying?
It is precisely because you (quite intentionally) stuck your poem in a place where automated systems are used to copying stuff that it makes it okay for automated systems to copy it. You put it there with the full expectation and intent that they would copy it, which is why I think courts would treat it as an implicit license to copy and redistribute.
just to reply to the rant no one will read in its entirety, you can disable any and all of those whitelisted you don't want to see. ad-blocking shouldn't be an automatic blacklisting thing anyways. Pay a-fucking-ttention and participate in what you block or allow.
Rewards cards used to be abundant and the financially responsible consumer could get paid well for using credit cards... The rewards were subsidized by the masses who paid fees for being irresponsible. Then feel-good laws were passed to make it more difficult for CC companies to collect fees from people who abuse credit and now rewards cards are much less rewarding. I am happy with the current situation of me browsing privately for free while the content is subsidized by the masses. And I want my 5% cash back on everything CC back.
Yeah, this makes sense. If you set up a situation where you try to make someone break a law in order to get them in trouble for breaking a lawâ¦when cops do that, it is called entrapment, and I doubt the court would look any more kindly on entrapment by a civilian than on entrapment by a police officer.
i'd hit it so hard, if you pulled me out you'd be the king of britain [bash.org]
For firefox, use this excellent add-on for white-listing sites to allow cookies. Block all cookies by default, then only click to allow when you need it (login, shopping cart, etc.) A few poorly-coded websites "require" cookies; luckily Cookie Monster has a "Temporary Allow" which lasts for the current browser instance - or until you "Revoke" the temporarily allowed cookies.
https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/
It was downloaded because it's spam copy and pasted in to almost every comment stream on the site... I don't think it has anything to do with the supposed faults it may or may not expose. and seriously, that text is so long that nobody in their right mind would read it all the way through.
Gosh, I'm shocked. Advertisers acting unethically? Inconceivable!
AC posts tend to be ignored.
You're AC, it only takes one person to mod you down to -1.
Change is certain; progress is not obligatory.
APK does not understand this. Also, expect more TL;DR type posts from him now.
Change is certain; progress is not obligatory.
If you want something done right, just do it yourself. Stop using Google (switch to DuckDuckGo) and use Firefox with Ghostery, AdBlock Plus and NoScript... you can throw in Tor, if you really want to toss a wrench into their salad... and if someone is still able to track you after that - they truly deserve to have your information. Trusting someone who stands to benefit financially to do something to limit that gain, will never work. Ever.
Bow before me, for I am root.