An Overview of the Do Not Track Debate

jonathanmayer writes "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. Quoting: 'With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?' The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."

nice summary, shite website

you want me to read about privacy on a website with no less than 4 web bugs and tracking code up the wazoo, not to mention all their shitty adverts
get off my web

Re:nice summary, shite website

[dmacleod808]

My positive contributions to Slashdot has allowed me to disable adverts.

An Expanding Internet

[TheGreatDuwanee]

As I remember it, things were expanding quite quickly even before every little click was tracked. I imagine things might slow down with Do-Not-Track, but they will keep growing.

why so much energy around DNT?

DNT is useless. You WILL be tracked if you give sites information that is useful in tracking you. The very best you can do is chase the tracking out of your legal jurisdiction and into other countries or underground.

The only effective way to stop tracking is client side. It's like the analog of MMPORG games, where the client cannot be trusted, because it must be assumed to be in malicious hands. Here, the server cannot be trusted not to track you, because it must be assumed to be in malicious hands.

DNT is actively harmful, because it makes tech-illiterates think that if they set it in their browser, they will not be tracked. We have already seen that is not the case.

Re:why so much energy around DNT?

[TheRealMindChild]

Do-Not-Track seems useless, but when the browser vendors find someone not playing nice, you may see a complete block of any accessible information from anywhere outside of the current domain of the webpage. This puts a burden on the website to funnel all computational and tracking related functions to the current domain. They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have popcorn.

Re:why so much energy around DNT?

[Beerdood]

Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless. A little header where "DNT=1" in the html and... Presto! No more tracking!

Except that there's no way to actually enforce that companies won't track
Except that we still won't know if our browsers will give out our information even with this flag on
Except that [the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," ]
Except that there's too much money at stake to just prevent sites from gathering your data. Even if your data is anonymized (meaning you set the flag on, and you don't see targeted ads as a result) - there's no guarantee that your data isn't still being collected by 3rd parties from the sites you go to. This is why there was such a fuss over the decision to make IE10 do-not-track's setting off by default. The only way you can guarantee your data isn't being used is to prevent it from being sent in the first place, or somehow falsify the data being sent back to the server

Re:why so much energy around DNT?

[dshk]

They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have popcorn.

It will be indeed interesting. Latency between USA and EU is about 120 ms...

Re:why so much energy around DNT?

[rgbrenner]

I think what you're trying to say is that the DNT folks took their inspiration from the evil bit, not realizing it was an april fools joke.

Re:why so much energy around DNT?

[Tom]

Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless.

Really?

So, you've read all the W3C papers? You've been to the workshops? You are aware of the discussions inside the Tracking Protection Working Group?

No, wait, you just have an opinion based on reading a few badly researched online magazine articles.

Re:why so much energy around DNT?

[Lennie]

Actually the idea behind DNT is that it works when it is combined with laws.

As an example the EU already has an opt-in law (well ok, most countries in the EU have created a law based on what was agreed up on at the EU level).

Re:why so much energy around DNT?

[ChatHuant]

So, you've read all the W3C papers?

Your argumentum ad verecundiam fails. An obviously bad design remains obviously bad no matter who may have come up with it. Accepting it blindly, without looking at its technical merits, just because it has been blessed by the W3C is silly (not to mention that the authority you appeal to, the W3C, has one of the worst track records in regards to coming up with reasonable and feasible designs).
 
But I think you can reach some interesting conclusions by looking at the originators of the proposed standard - they're Google and Mozilla. And if you really expect Google, whose main source of income is tracking people to put a lot of effort into designing an efficient way for people to avoid being tracked, I got this great opportunity for you to enter the glamorous and fast growing world of bridge owners!

Re:why so much energy around DNT?

[fatphil]

Well, I know that Fielding published a new version of the DNT standard with changes to the "defaults" section exactly 1 month *after* he submitted the patch to change Apache's behaviour; and that change to the standard supported his patch, whereas the origins of the DNT standard explicitly preclude his patch. And the topic of defaults wasn't in the agenda of any of the WG mettings since the previous version of the standard.

Not coming up with the conclusion that Fielding is a corrupt shill is quite difficult at this stage. Yes, that's litotes.

Don't care.

[pla]

Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

Have fun fulling your DB with useless crap trying to "track" me, Marketers.

Re:Don't care.

[fuzzyfuzzyfungus]

Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

Have fun fulling your DB with useless crap trying to "track" me, Marketers.

Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...

I've personally found the EFF's little http://panopticlick.eff.org/ test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.

Re:Don't care.

[c]

Exactly.

The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously? If these people gave a single, pathetic thought about what consumers did or did not want, they'd be out of a career.

AdBock/Ghostery/NoScript/etc means you don't have to trust any website not to track anything.

Re:Don't care.

[TheRealMindChild]

People don't all use Beverly Hills, CA 90210?

Re:Don't care.

[Tom]

Strange how it did work for the do-not-call list, you know?

Even if DNT works only for 1% of sites - it still works better than your solution, which seems to involve throwing your hands into the air, running around and crying "the sky is falling, it is all hopeless".

Re:Don't care.

[c]

> Strange how it did work for the do-not-call list, you know?

The do-not-call list didn't do a thing for me. Of course, I'm in an entirely different jurisdiction, along with the majority of the rest of the planet.

> Even if DNT works only for 1% of sites - it still works better than your solution

The solution(s) where I explicitly take control over what goes from my browser to 100% of sites? I have to admit, I like my odds a lot better than yours.

Re:Don't care.

[kermidge]

Thanks for the link - I'd forgotten about this. Took the test:

"Your browser fingerprint appears to be unique among the 2,452,354 tested so far."

Short conclusion: I'm screwed.

Re:Don't care.

[c]

> It's about hoping some of them they might respect the flag.

Well, yes. It's a proposed Internet standard; obviously it's based on a large degree of hope with a side order of anticipated disappointment.

> It's a "social" solution, and possibly the best social solution possible.

A "social" solution for what's essentially sociopathic behaviour? You're right, I just don't understand DNT.

Re:Don't care.

[Tom]

The solution(s) where I explicitly take control over what goes from my browser to 100% of sites?

really ?

Re:Don't care.

[Tom]

It's unenforceable and unverifiable.

I agree it's not that easy.

You get much better chances with AdBlock/URL filter/hosts file/whatever than with DNT.

Yeah, because spam filters have put an end to spam. Uh... wait... why is 80%+ of e-mail traffic spam if filtering and blocking work so well? Oh yes, because they don't.

Re:Don't care.

[Dwedit]

Hard to lie about your zip code when they can Geolocate you. Need to use a proxy to get around that.

Re:Don't care.

[pla]

Short conclusion: I'm screwed.

That depends...

If you count as "unique" every single time, it means you have avoided getting matched to a preexisting profile. A random user agent will have that effect.

If, however, you count as 1/x the first time, 2/x the second time, 3/x the third time, and so on, it means they can actually match you to a unique previous visitor - yourself. Not so good, in that case.

The trackers want you to look as unique as possible, but the same each time you visit. You, OTOH, want to look either as common as possible, or unique every time.

Re:Don't care.

[pla]

Hard to lie about your zip code when they can Geolocate you. Need to use a proxy to get around that.

I show up as coming from somewhere in Georgia (US state, not a former Soviet satellite). Presumably, my ISP joins the rest of the outside world there.

Except... That missed my actual location by about 1500 miles.

So, not really all that tough - If you trust IP-based geolocation to tell you where I live, you wouldn't believe me if I really told you.

Re:Don't care.

[philofaqs]

Bit tricky outside of the US, still, wanted to use the Queens's postcodefor a while, until I kept getting adverts for Nazi memorabilia 1st mention of Godwin gets 3 whooshes on either side of face. Hard

Re:Don't care.

[Tom]

I have ABP, Ghostery and BetterPrivacy installed, and the EFF's little toy can still identify me uniquely.

NoScript isn't really an option for anyone who doesn't live in a bubble, because tons of sites use JS for completely benign purposes these days. And lots of sites that are really useful do both need JS and track you - try using Google maps without javascript. And no, I don't plan on spending half my waking hours on fine-tuning exactly which scripts are allowed to run and which aren't.

So, yes, you can keep your privacy. If you work for it. And it gets harder over time, because the ad industry pours tons of money into improving tracking and identification. A DNT flag, while technically ineffecient, changes the game.

You don't need to understand why it does, and I can't explain it very well, need to structure my thoughts some more on that. But even if you don't understand at all, the fact that the ad industry is going in a rampage against DNT should be a very, very strong clue that something is so right about the approach that it has them frightened.

Re:Don't care.

[kermidge]

Thanks, guys.

I'm getting killed by user agent (1 in 46k), plugins (unique), and system fonts (1 in 82k). Were I to switch to, for example, Win7, the big three browsers, and a small common set of plugins I'm guessing it'd be a lot better. Instead, like a thorough-going idiot, I run 64-bit Linux, Opera, and what I had thought to be a standard set of media plugins. I hadn't intended this to be useful for some un-bidden data miner. I've been totally naive about fonts; so far as I knew I just had the standard package that came with Ubuntu.

Sheesh, this is kinda weirding me out. Ah, well, life on the modern Web, eh?

Re:Don't care.

[Tom]

The do-not-call list works because there are legal repercussions for disobeying its mandate. Companies that called people on the list and were not exempt were liable for hefty fines.Obeying the strictures of these regulations was mandatory, by force of law. It was not optional.

Agreed.

The obvious next step for DNT is to make it mandatory. The fact that the ad companies are running amok over it shows that a) we're on the right track and b) it needs to be mandatory or they'll ignore it.

But it can only be in this order. You can't pass a law without the DNT flag, because advertisers would whine that some people really want to be tracked.

Re:Don't care.

[Tom]

I'm not opposed to the DNT flag at all - I have it set - and I think it's a good idea to be able to set up a digital "No Trespassing" sign. I'm still locking my door though.

Couldn't agree more. Even with DNT and even if DNT were mandatory, I would still leave AdBlock enabled.

Cliff notes:

[fuzzyfuzzyfungus]

Team Marketing is on tactical thermonuclear crack. I don't know where the hell they got it; but damn if it isn't the good stuff. Consider the below, from a 'Rachel Thomas' working on behalf of the "Direct Marketing Association":

"Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.

Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.

Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years."

Yes, she actually said that. In public.

Re:Cliff notes:

[Tom]

Where's a crowdfunding assassination site when you need one? Is hitstarter.com still available?

Re:Cliff notes:

[Tom]

No, it isn't. It is... fuck me sideways with a chainsaw... an advertisement company.

Is it the end of the universe ?

Firefox community

[Synerg1y]

Has got you covered... some what:

https://addons.mozilla.org/en-US/firefox/addon/firegloves/
https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)

Re:Firefox community

[dshk]

Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)

It is even more hilarious that you look pron on your friends' laptops. The average site explicitly disables - actually does not enable - pron ads. Pron ad is enabled only on other pron and similar, non-family-friendly sites.

Re:Firefox community

[inetsoftsocial]

That has happened to me before as well.... lol http://www.inetsoft.com/

Re:Firefox community

[Synerg1y]

Megaupload (was) & rapidshare are a mixed bag of stuff with plenty of legit uses. Being new to the internet however... that's just inexcusable on slashdot.

"Fate of economy"

[Dunge]

If the economy depends on private corporations analyzing the behaviors of citizens, fuck the economy. Seriously, people will still buy the things they need without having ads thrown in their faces every 2 seconds.

NoScript

[digitalaudiorock]

The thing that pisses me off the most about most (even supposedly reputable) web sites these days, is the eye opener you get if you run NoScript. The fact that the home pages of supposedly reputable sites are trying to pull in javascript from like a dozen or more unrelated sites is just fucking inexcusable, and it seems to get worse every day.

Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

Re:NoScript

[nerky]

I have similar charred arse reaction; Ghostery reveals more cross-marketing shite.

Re:NoScript

[Tom]

I do wish, though, that NoScript were a little less aggressive.

I use javascript libraries pulled from CDNs on some of my sites, simply because it saves me the trouble of constantly keeping local copies up-to-date and the other usual CDN reasons.

And not for tracking or advertisement. I'm talking about stuff like jquery, OpenLayers, etc. - presentation stuff.

Re:NoScript

Some websites now even detect that you have blocked javascript and cookies and actively refuse to work until you enable them (e.g., I'm looking at you Target.com).

That's more than just making sure your website gracefully degrades. That's purposefully spiting people who are security conscious.

Well, their loss. Plenty of other stores out there that are willing to take my money...

Re:NoScript

[digitalaudiorock]

You're fucking kidding right?? Like code being pulled from packages I chose to install on MY computer is the same as a website I'm visiting choosing to make ME run code from sites I never even heard of?? What exactly is your point, aside from proving your astonishing ignorance??

Re:NoScript

[BenoitRen]

Agreed. On my oldest computer I have JavaScript turned off so it doesn't get bogged down with the tons of badly crafted JavaScript that is often found on websites these days.

On some of them simple things like search forms will not work unless JavaScript is enabled. Examples are the well-known play.com website and the package courier Kiala's website.

Another baffling example is your list of saved adverts on a website I regularly visit where people sell their used stuff. After ticking the checkboxes of the adverts you want to remove from your list, you can't click the "Remove" button because it's disabled. It was designed to be enabled by JavaScript when at least one checkbox was checked. They clearly didn't think this through.

Re:NoScript

[robsku]

Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

I've actually been thinking of writing a short rant about this for last couple days - what's especially annoying is when you do the "Temporarily allow all from this page" (I usually resort to this to see the comment thread on pages, many which don't even show hints of such even existing before you allow several domains) and instead of getting a working site after enabling 3-5 domains you now get "scripts partially allowed" with those 3-5 allowed and something like 4-8 new domains introduced by these 3-5 ones - that's usually when I just go the "Revoke temporary permissions" and leave for good strategy.

It's already shame how badly sites ungracefully degrade without scripting, but this is absolutely intolerable.

On or Off

[MyFirstNameIsPaul]

I haven't read about the full spec of DNT, but in Piwik I am provided with only the option of not tracking people who are requesting not to be tracked, and the instructions around that particular option (within the GUI) state that it should be left checked. But I disagree with this. My website is my private property, and I should be allowed to track what users do so that I can make my site perform better for my users. This is why I feel there should be options in DNT, which I also don't see in my FF browser options. Options would be something like:

• I don't want to be tracked by anyone ever.
• I don't want third parties to track me, but tracking my usage of a website for its owners to make better is fine.
• Let anyone track me.

Re:On or Off

[NatasRevol]

So, you want a DNT=2 - track locally only.

Submit it to the W3C.

Re:On or Off

[Lennie]

Tracking on your website isn't the real issue here anyway. Most people don't seem to understand that very well.

The real issue is advertisement company tracking you all over the web and combining that information because they have ads on a lot of the websites out there. Then you are talking about things like: Online Behavioral Advertising

Re:On or Off

[MyFirstNameIsPaul]

Submitted to mailing list (not sure where else to submit to):

I don't know if this is the correct place to post this suggestion, but as a very small website operator and consumer, I would like to request a third option in the Do Not Track standard.

I have observed through options in Piwik and Firefox that the implementation of DNT seems too absolute. In the browser I can only select to never be tracked or to always be tracked, and in my analytics software I can only select to never track or to ignore tracking requests.

As a consumer I actually like that owners of websites I frequent want to track me and make the site work better for me. Similarly, as a website operator I feel the site is my private property and those people who use my site would benefit from my tracking them and making the site work better based on this data.

However, under the standard there is no way for me as a consumer to communicate to the websites I visit that I approve of their using my tracking data to improve the site, and the reverse is true for me as a website operator in that users cannot communicate to me that they approve my tracking of their usage of my website.

If I understand the standard correctly, what I would like to see is a DNT-2 option to track locally. With this option selected the website operator would not be authorized to share the data for any reason other than to improve the site itself.

Thanks!

Paul

Interesting...

Just taken the EFF test.

With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(

With JS disabled: 1 in 70 000 :)

Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/

Re:Interesting...

[godel_56]

Just taken the EFF test.

With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(

With JS disabled: 1 in 70 000 :)

Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/

If you don't want to be tracked, you want to be 1 in a million, not one in 100.

I got: Your browser fingerprint appears to be unique among the 2,452,130 tested so far. Meaning if anyone sees my browser fingerprint at one place and then again at another place, they know it was the same browser.

My fingerprint showed up as unique both with and without NoScript. :(

I run the Zemana anti-logger program and it was somehow able to see that, which surprised me. With JS on, it's the huge numbers of fonts that give you away, especially if you have any kind of desk top publishing program or strange word processor installed.

Best part about DNT

It adds another bit to your browser fingerprint and so, together with IP, user agent string, Accept: headers etc., makes it just a little easier to track you even in absence of cookies.

tl;dr

[sootman]

Summary: Advertisers are assholes and do not give a fuck about what you want.

Did I miss anything?

The application of common sense

The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin.

Not for me.

A few minutes of quiet reflection and the liberal application of common sense will result in the following:

(1) DNT=1 needs to be set by the user to be useful. It doesn't make sense for the browser distributor to set it, because he's not the guy who's actually using it.

(2) Of course, there needs to be a default setting for DNT if the user hasn't specified it yet. If it defaults to DNT=1, then that's tantamount to a small handful of guys who create browsers for a living, in unison, giving the finger to the advertising industry. Common sense says that the advertising industry will be uninterested in that, and will have no reason to respect DNT. So DNT=0 is the only default that's practicable.

(3) To educate people about the fact that DNT is now available, there probably needs to be a popup during the first-time launch that asks the user what he wants his DNT flag to be. I'm not comfortable with that conclusion, because I hate it when software asks me about shit I don't care about. But this is the first issue since the birth of the browser that's probably important enough to warrant a popup, and it might very well be the last.

(4) No matter what DNT flag is sent, there will be a bunch of advertisers who don't give a fuck about it. And there will be another big bunch of advertisers who will (either deliberately or not) misinterpret what it means. What exactly does "track" mean, anyway? Expect the interpretation of that word to get bent and twisted like crazy as this gets rolled out.

(5) If enough advertisers don't respect it, or if enough of them misunderstand what "track" means, then the whole scheme will collapse, and DNT won't mean dick. Given the fact that there's no real downside to ignoring DNT, I would bet a nice sum of money that DNT will end up being a total joke, when all is said and done.

I'm not a friggin' genius. Pretty much anyone can figure this out if they just reflect on it a bit. The above conclusions are exactly what I predicted when I first heard about DNT a long time ago. Nothing I've read has changed my conclusions one bit.

Re:The application of common sense

[0123456]

DNT=1 needs to be set by the user to be useful.

Are you seriously claiming that you really, honestly believe that the majority of people want to be tracked by a zillion advertising sites all across the web, and only a minority object to that?

With a default of 'do not track', those who really want to be tracked can still turn it off.

Re:The application of common sense

[NatasRevol]

The problem with (1) is that DNT=0 is the same as DNT isn't set.

Both say it's ok to track, in different ways. 0 means I say yes to tracking, so track. No setting says I say nothing to tracking, so track.

Very few users actually want to be tracked.

So why is 'it's ok to track' the default?

Re:The application of common sense

[Tom]

A few minutes of quiet reflection and the liberal application of common sense will result in the following:

Because a few minutes of your thinking are more valuable than the various workshops, meetings and discussions of the W3C Tracking Protection Working Group and all its associates and members?

You really think this wasn't discussed by a hundred people before the current draft was written? Really?

Nothing I've read has changed my conclusions one bit.

So what is it that you have read? Half-arsed magazine articles? Or have you read the actual papers of the actual W3C, the workgroup members, the various parties? Allow me to guess...

Re:The application of common sense

[Sloppy]

Not set doesn't mean "ok to track." Yes, they will track you, but the difference from DNT:0 is when it's not set, they're tracking you without your consent (nobody said you're ok with it). With DNT:0, you are consenting.

And the difference between that and DNT:1 (where most of them also track you) is that when it's not set, they have plausible deniability that they resisted your preference. With DNT:1, you're not consenting and they can't credibly say "I didn't know you had a problem with that."

(Unless you're running MSIE10, in which case if you send DNT:1, they can say "I didn't know you had a problem with that.")

Maybe this is the best way to look at it. DNT is "plausible deniability by default." It's not about tracking; it's about the relationship, and it provides a previously-missing piece of the model, representing the level to which hostility has escalated.

Re:The application of common sense

[Lennie]

Actually the default DNT is no header. The user did not make a choice.

If advertisers don't respect it and we are fairly sure it is going on, we'll sent lawyers because there are laws (like in the EU) which says they can't do that without consent.

Re:The application of common sense

[Vitriol+Angst]

Yes but what is the point of informing people who NEVER GET IT, with things that people already know?
The only people who assume everyone would want anonymity unless they opted in are the same people who will look for the "next step" once they find that "DNT=1" was ignored and everyone in marketing is corrupt UNLESS "GTH=1".*

*GTH stands for "Gun To Head".

This is like telling the last person that Global Warming is a problem, or that the only issue electronic voting machines solved was that of having voters who didn't like your corporate candidate. Oh, and Greenspan figuring out that there were "Greedy people on Wall Street" who would steel everything that wasn't tied down without "GTH=1".

Re:The application of common sense

[fatphil]

> So why is 'it's ok to track' the default?

Blame Fielding, who is injecting user-unfriendly paragraphs into the w3c standard with apparently no discussion and consensus at all.

I've adapted the "spam solutions" list for DNT

[sootman]

It's much shorter. :-)

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting tracking. Your idea will not work. Here is why it won't work.

(x) Dude, fucking seriously. A checkbox to say "Hi marketers, please don't track me!"? What are you, on crack? You've got better odds walking through a bad neighborhood wearing gold chains and a "Please don't mug me" shirt.

Furthermore, this is what I think about you:

(x) This is a stupid idea, and you're a stupid person for suggesting it.

Re:I've adapted the "spam solutions" list for DNT

[Sloppy]

That's stupid, because it implies a technical approach to fighting tracking won't work. And technical approaches are, in fact, very likely to work to a great degree.

We know this, because back in the 1990s we-the-users had better tech, so tracking us was harder.

WHAT?! B-B-Better tech?! Yes.. from TFA:

When you visit a site — say, The Verge, your browser loads content that is served directly by The Verge (the first party), like our articles and images. It also loads content served by third parties, like embedded videos from YouTube, the Facebook "Like" button, and advertising content.

Anyone else remember when browser preference windows actually had a "load images" option, which you turned off sometimes? And remember when it wasn't even a checkbox, but a three-way switch, where the middle one was something along the lines of only loading images from the same domain as the page?

Naturally, with current tech, this switch is not just applied to images, but any other external resource, such as scripts or iframe or SWFs or .. hey, wait a minute. I can't find this browser preference at all!

Chrome: not there. Safari: not there. Firefox: not there, seriously?! Et tu, Firefox?

We are choosing to run software which we know leaks uniquely identifiable information, does it without explicit direction from the user, and leaks it to parties not shown in the UI. It's all stuff that anyone alive 15 years ago could have told you is obviously a bad idea, which is why, back then, many of us rather effortlessly chose to abstain from doing it, rather than doing it. (Ok, back then it was partly for performance reasons so your USR Courier could keep up with what you were doing, but c'mon -- even back then, we all knew what tiny 1x1 transparent "web bugs" were really about.) Today, we choose to do these insane things, and we're complaining about who does what with the leaked intell?!

What happens to the leaked intell isn't what's interesting. The fact that we're leaking it, and to whom and how we're doing it, is what's interesting.

A technical approach (stop leaking so much!) will go a long way toward fixing the problem.

Of course, I'm one of those damn fool idealists who thought a technical approach could beat spam too. ;-) Everyone, just sign your emails! Alas, that technical solution just creates a social problem...

Re:Debate?

[dshk]

I remember the internet before all you scumbag advertisers showed up.

There is a psychological phenomenon which shows past events in better light. First, the internet without advertisements never existed. There were ads on Arpanet. Second, you would feel less nostalgy for the internet of the eighties or nineies if you actually have to use that nowdays.

must die

[shentino]

Do not track is a farce that relies on the good will of corporations acting against their own interests.

I'd far rather internet users smarten up and be careful what they do online.

The information isn't under the user's control anyhow, so I'd rather that fact be transparently known and precautions taken, rather than have gullible users live in some magical fairy world where they pretend they are safe.

the premise behind DNT

[Onymous+Coward]

The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously?.

That would be stupid, yes. But I think the point of DNT isn't that. It's to allow the user to express their desire.

The current default is that it's acceptable to track users. To begin to eliminate tracking you have to give users a voice, the ability to declare that they don't want to be tracked. That's what DNT is. The next step is enforcement.

Based on a wrong assumption

[dshk]

The article is based on the assumption that the total ad revenue of the industry would not be significantly less even if they have to show random ads to everybody again. The author thinks that the ad budgets does not really change, only they are spent on different methods. I have my experience which contradicts this assumption. We had a paid product and tested Google Adwords. The result was not good enough. We only managed to have a zero balance: the money we spent on ad was about the same as the additional revenue we got. At the end we have not started a real campaign. If the effectiveness of the ads were only a bit better, than obviously we were able to allocate a significant amount of money. So no, the assumption is not valid, the ad budgets does depend and may hugely depend on the effectiveness of the ad systems.

Re:Debate?

[wierd_w]

I would be interested in seeing actual transfer amount statistics, breaking down the traffic through a major backbone provider.

Exactly what percentage of internet traffic is "service", and what percentage is "advertisment related"?

(EG, what prcentage of the data transfered in a 24 hour polling period is explicitly advertisement related, vs all other uses.)

I have see some very data hungry adverts. Flash based ads especially. (Blizzard, I am looking at you. Movie studios, you too!) Give that those can easily be 900kb+ each, just how much of their hosting bill is actually being levied for serving the adverts they claim they need to serve, to pay for their hosting bill?

Would an ad-starved internet actually have cleaner pipes?

Re:Debate?

[dshk]

Last time I checked most traffic came from Netflix and YouTube. Btw. ads are hosted by the ad companies - at least for now, until there are only a few percent of visitors who block ads. If ad-blockers become a significant loss for web sites they will have to start mixing ads with their own content.

Re:Debate?

[wierd_w]

I mean..

I realize network neutrality is the defacro norm (at least for the time being), but let's say backbone provider A has a peering agreement with downstream provider B, and advertising company C.

Downstream B gets lots of traffic through their pipe from advert company B, pumped into the through backbone connction A.

The adverts have to traverse intermediate networks to reach the "recipient".

That same 900kb of data takes bandwidth on many networks, and is not exactly free to transmit.

What I was asking, is if the amount of traffic sent by advertisers through downstream networks could be considered abusive. (Eg, what percentage of traffic is unsolicited advertisements lobbed at users, just for trying to use a web service, especially compared to the amount of data that web service would consume all by itself.)

Re:Debate?

[wierd_w]

Also, in addition to the actual advert itself, if we also factored in all the inter-server communication between advertising companies as well, (eg, slashdot sends a request to the advert company server [via the user], telling the advert where the advert was displayed for payment processing, which then sends a random advert, as well as the cross-hosted script requests, and added http get requests for said files that would not have been generated without the need to serve the advert.), all those nickles and dimes surely add up?

No Honor

[UltraZelda64]

After the W3C's recent face-to-face meeting in Amsterdam, the the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," effectively saying it intends to stick to its own self-regulatory approach to user privacy.[

That's okay, Digital Advertising Alliance, because I didn't expect anyone to honor such a less-than-worthless piece of shit that is embarrassingly considered a standard. Fuck, even Apache only honors it purely at their own discretion and completely disregards certain OS and browser configurations. However, I bought and own my own computers, and they will obey their master and honor my rights and privacy that you disregard. I have my own little "self-regulatory approach" already implemented for you, no need for you to waste your time and money creating your own. It consists of such things as the disabling of all third-party cookies, the total blocking of all of your ads with AdBlock Plus and the Element Hiding Helper, the blocking of JavaScript and Flash on all sites that I do not approve of with NoScript, and Do Not Track Plus or Ghostery to further protect myself from you.

I Am Constantly Amazed

[Jane+Q.+Public]

... at how some people (particularly in certain industries) manage to make non-issues into issues.

Legislate "Do Not Track". Period. Done. End of story, end of problems. Those who make their living from tracking the comings and goings of other, innocent and unknowing people, can go suck eggs. I have no sympathy.

None.

Re:I Am Constantly Amazed

[Jane+Q.+Public]

... Then, maybe we can start getting into a REAL internet economy.