Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Overview of the Do Not Track Debate

Posted by Soulskill on from the no-means-no dept.

jonathanmayer writes "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. Quoting: 'With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?' The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."

23 of 108 comments (clear)

  1. nice summary, shite website by Anonymous Coward · · Score: 3, Informative

    you want me to read about privacy on a website with no less than 4 web bugs and tracking code up the wazoo, not to mention all their shitty adverts
    get off my web

  2. An Expanding Internet by TheGreatDuwanee · · Score: 2

    As I remember it, things were expanding quite quickly even before every little click was tracked. I imagine things might slow down with Do-Not-Track, but they will keep growing.

    --
    Save early, Save often ... no telling when the fickle finger of Gate's is gonna point at YOU!
  3. why so much energy around DNT? by Anonymous Coward · · Score: 3, Insightful

    DNT is useless. You WILL be tracked if you give sites information that is useful in tracking you. The very best you can do is chase the tracking out of your legal jurisdiction and into other countries or underground.

    The only effective way to stop tracking is client side. It's like the analog of MMPORG games, where the client cannot be trusted, because it must be assumed to be in malicious hands. Here, the server cannot be trusted not to track you, because it must be assumed to be in malicious hands.

    DNT is actively harmful, because it makes tech-illiterates think that if they set it in their browser, they will not be tracked. We have already seen that is not the case.

    1. Re:why so much energy around DNT? by TheRealMindChild · · Score: 2

      Do-Not-Track seems useless, but when the browser vendors find someone not playing nice, you may see a complete block of any accessible information from anywhere outside of the current domain of the webpage. This puts a burden on the website to funnel all computational and tracking related functions to the current domain. They can throw it to the cloud, but I can also say "Kill all connections that don't return within 20ms". This is a move, which I think is anticipating the bluff called. Good thing I have popcorn.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    2. Re:why so much energy around DNT? by Beerdood · · Score: 4, Insightful

      Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless. A little header where "DNT=1" in the html and... Presto! No more tracking!

      Except that there's no way to actually enforce that companies won't track
      Except that we still won't know if our browsers will give out our information even with this flag on
      Except that [the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," ]
      Except that there's too much money at stake to just prevent sites from gathering your data. Even if your data is anonymized (meaning you set the flag on, and you don't see targeted ads as a result) - there's no guarantee that your data isn't still being collected by 3rd parties from the sites you go to. This is why there was such a fuss over the decision to make IE10 do-not-track's setting off by default. The only way you can guarantee your data isn't being used is to prevent it from being sent in the first place, or somehow falsify the data being sent back to the server

      --
      Global warming and other natural disasters are a direct effect of the shrinking number of pirates - Gospel of the FSM
  4. Don't care. by pla · · Score: 4, Informative

    Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

    Have fun fulling your DB with useless crap trying to "track" me, Marketers.

    1. Re:Don't care. by fuzzyfuzzyfungus · · Score: 5, Insightful

      Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

      Have fun fulling your DB with useless crap trying to "track" me, Marketers.

      Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...

      I've personally found the EFF's little http://panopticlick.eff.org/ test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.

    2. Re:Don't care. by c · · Score: 3, Insightful

      Exactly.

      The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously? If these people gave a single, pathetic thought about what consumers did or did not want, they'd be out of a career.

      AdBock/Ghostery/NoScript/etc means you don't have to trust any website not to track anything.

      --
      Log in or piss off.
    3. Re:Don't care. by Tom · · Score: 2

      Strange how it did work for the do-not-call list, you know?

      Even if DNT works only for 1% of sites - it still works better than your solution, which seems to involve throwing your hands into the air, running around and crying "the sky is falling, it is all hopeless".

      --
      Assorted stuff I do sometimes: Lemuria.org
    4. Re:Don't care. by pla · · Score: 2

      Short conclusion: I'm screwed.

      That depends...

      If you count as "unique" every single time, it means you have avoided getting matched to a preexisting profile. A random user agent will have that effect.

      If, however, you count as 1/x the first time, 2/x the second time, 3/x the third time, and so on, it means they can actually match you to a unique previous visitor - yourself. Not so good, in that case.

      The trackers want you to look as unique as possible, but the same each time you visit. You, OTOH, want to look either as common as possible, or unique every time.

  5. Cliff notes: by fuzzyfuzzyfungus · · Score: 4, Informative

    Team Marketing is on tactical thermonuclear crack. I don't know where the hell they got it; but damn if it isn't the good stuff. Consider the below, from a 'Rachel Thomas' working on behalf of the "Direct Marketing Association":

    "Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.

    Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.

    Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years."

    Yes, she actually said that. In public.

  6. Firefox community by Synerg1y · · Score: 2, Informative

    Has got you covered... some what:

    https://addons.mozilla.org/en-US/firefox/addon/firegloves/
    https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
    https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

    Is it just me who's thought it f'in hilarious to be on a friends computer hit a website and get porn based ads & pop-ups? :)

  7. "Fate of economy" by Dunge · · Score: 2, Insightful

    If the economy depends on private corporations analyzing the behaviors of citizens, fuck the economy. Seriously, people will still buy the things they need without having ads thrown in their faces every 2 seconds.

  8. NoScript by digitalaudiorock · · Score: 4, Interesting

    The thing that pisses me off the most about most (even supposedly reputable) web sites these days, is the eye opener you get if you run NoScript. The fact that the home pages of supposedly reputable sites are trying to pull in javascript from like a dozen or more unrelated sites is just fucking inexcusable, and it seems to get worse every day.

    Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

    1. Re:NoScript by Tom · · Score: 2

      I do wish, though, that NoScript were a little less aggressive.

      I use javascript libraries pulled from CDNs on some of my sites, simply because it saves me the trouble of constantly keeping local copies up-to-date and the other usual CDN reasons.

      And not for tracking or advertisement. I'm talking about stuff like jquery, OpenLayers, etc. - presentation stuff.

      --
      Assorted stuff I do sometimes: Lemuria.org
  9. tl;dr by sootman · · Score: 2

    Summary: Advertisers are assholes and do not give a fuck about what you want.

    Did I miss anything?

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  10. I've adapted the "spam solutions" list for DNT by sootman · · Score: 3, Funny

    It's much shorter. :-)

    Your post advocates a

    (x) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting tracking. Your idea will not work. Here is why it won't work.

    (x) Dude, fucking seriously. A checkbox to say "Hi marketers, please don't track me!"? What are you, on crack? You've got better odds walking through a bad neighborhood wearing gold chains and a "Please don't mug me" shirt.

    Furthermore, this is what I think about you:

    (x) This is a stupid idea, and you're a stupid person for suggesting it.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
    1. Re:I've adapted the "spam solutions" list for DNT by Sloppy · · Score: 2

      That's stupid, because it implies a technical approach to fighting tracking won't work. And technical approaches are, in fact, very likely to work to a great degree.

      We know this, because back in the 1990s we-the-users had better tech, so tracking us was harder.

      WHAT?! B-B-Better tech?! Yes.. from TFA:

      When you visit a site — say, The Verge, your browser loads content that is served directly by The Verge (the first party), like our articles and images. It also loads content served by third parties, like embedded videos from YouTube, the Facebook "Like" button, and advertising content.

      Anyone else remember when browser preference windows actually had a "load images" option, which you turned off sometimes? And remember when it wasn't even a checkbox, but a three-way switch, where the middle one was something along the lines of only loading images from the same domain as the page?

      Naturally, with current tech, this switch is not just applied to images, but any other external resource, such as scripts or iframe or SWFs or .. hey, wait a minute. I can't find this browser preference at all!

      Chrome: not there. Safari: not there. Firefox: not there, seriously?! Et tu, Firefox?

      We are choosing to run software which we know leaks uniquely identifiable information, does it without explicit direction from the user, and leaks it to parties not shown in the UI. It's all stuff that anyone alive 15 years ago could have told you is obviously a bad idea, which is why, back then, many of us rather effortlessly chose to abstain from doing it, rather than doing it. (Ok, back then it was partly for performance reasons so your USR Courier could keep up with what you were doing, but c'mon -- even back then, we all knew what tiny 1x1 transparent "web bugs" were really about.) Today, we choose to do these insane things, and we're complaining about who does what with the leaked intell?!

      What happens to the leaked intell isn't what's interesting. The fact that we're leaking it, and to whom and how we're doing it, is what's interesting.

      A technical approach (stop leaking so much!) will go a long way toward fixing the problem.

      Of course, I'm one of those damn fool idealists who thought a technical approach could beat spam too. ;-) Everyone, just sign your emails! Alas, that technical solution just creates a social problem...

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  11. Based on a wrong assumption by dshk · · Score: 2

    The article is based on the assumption that the total ad revenue of the industry would not be significantly less even if they have to show random ads to everybody again. The author thinks that the ad budgets does not really change, only they are spent on different methods. I have my experience which contradicts this assumption. We had a paid product and tested Google Adwords. The result was not good enough. We only managed to have a zero balance: the money we spent on ad was about the same as the additional revenue we got. At the end we have not started a real campaign. If the effectiveness of the ads were only a bit better, than obviously we were able to allocate a significant amount of money. So no, the assumption is not valid, the ad budgets does depend and may hugely depend on the effectiveness of the ad systems.

  12. Re:The application of common sense by Tom · · Score: 2

    A few minutes of quiet reflection and the liberal application of common sense will result in the following:

    Because a few minutes of your thinking are more valuable than the various workshops, meetings and discussions of the W3C Tracking Protection Working Group and all its associates and members?

    You really think this wasn't discussed by a hundred people before the current draft was written? Really?

    Nothing I've read has changed my conclusions one bit.

    So what is it that you have read? Half-arsed magazine articles? Or have you read the actual papers of the actual W3C, the workgroup members, the various parties? Allow me to guess...

    --
    Assorted stuff I do sometimes: Lemuria.org
  13. Re:The application of common sense by Sloppy · · Score: 3

    Not set doesn't mean "ok to track." Yes, they will track you, but the difference from DNT:0 is when it's not set, they're tracking you without your consent (nobody said you're ok with it). With DNT:0, you are consenting.

    And the difference between that and DNT:1 (where most of them also track you) is that when it's not set, they have plausible deniability that they resisted your preference. With DNT:1, you're not consenting and they can't credibly say "I didn't know you had a problem with that."

    (Unless you're running MSIE10, in which case if you send DNT:1, they can say "I didn't know you had a problem with that.")

    Maybe this is the best way to look at it. DNT is "plausible deniability by default." It's not about tracking; it's about the relationship, and it provides a previously-missing piece of the model, representing the level to which hostility has escalated.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  14. Re:Interesting... by godel_56 · · Score: 2

    Just taken the EFF test.

    With JS enabled: 1 in 2 500 000 browsers have a similar configuration :(

    With JS disabled: 1 in 70 000 :)

    Thank you, NoScript ;) https://addons.mozilla.org/en-US/firefox/addon/noscript/

    If you don't want to be tracked, you want to be 1 in a million, not one in 100.

    I got: Your browser fingerprint appears to be unique among the 2,452,130 tested so far. Meaning if anyone sees my browser fingerprint at one place and then again at another place, they know it was the same browser.

    My fingerprint showed up as unique both with and without NoScript. :(

    I run the Zemana anti-logger program and it was somehow able to see that, which surprised me. With JS on, it's the huge numbers of fonts that give you away, especially if you have any kind of desk top publishing program or strange word processor installed.

  15. Re:Debate? by wierd_w · · Score: 2

    I mean..

    I realize network neutrality is the defacro norm (at least for the time being), but let's say backbone provider A has a peering agreement with downstream provider B, and advertising company C.

    Downstream B gets lots of traffic through their pipe from advert company B, pumped into the through backbone connction A.

    The adverts have to traverse intermediate networks to reach the "recipient".

    That same 900kb of data takes bandwidth on many networks, and is not exactly free to transmit.

    What I was asking, is if the amount of traffic sent by advertisers through downstream networks could be considered abusive. (Eg, what percentage of traffic is unsolicited advertisements lobbed at users, just for trying to use a web service, especially compared to the amount of data that web service would consume all by itself.)