An Overview of the Do Not Track Debate

jonathanmayer writes "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. Quoting: 'With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?' The issues surrounding Do Not Track can be difficult to understand, owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."

nice summary, shite website

you want me to read about privacy on a website with no less than 4 web bugs and tracking code up the wazoo, not to mention all their shitty adverts
get off my web

why so much energy around DNT?

DNT is useless. You WILL be tracked if you give sites information that is useful in tracking you. The very best you can do is chase the tracking out of your legal jurisdiction and into other countries or underground.

The only effective way to stop tracking is client side. It's like the analog of MMPORG games, where the client cannot be trusted, because it must be assumed to be in malicious hands. Here, the server cannot be trusted not to track you, because it must be assumed to be in malicious hands.

DNT is actively harmful, because it makes tech-illiterates think that if they set it in their browser, they will not be tracked. We have already seen that is not the case.

Re:why so much energy around DNT?

[Beerdood]

Exactly, DNT is useless and the whole concept may have been deliberately designed to be useless. A little header where "DNT=1" in the html and... Presto! No more tracking!

Except that there's no way to actually enforce that companies won't track
Except that we still won't know if our browsers will give out our information even with this flag on
Except that [the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," ]
Except that there's too much money at stake to just prevent sites from gathering your data. Even if your data is anonymized (meaning you set the flag on, and you don't see targeted ads as a result) - there's no guarantee that your data isn't still being collected by 3rd parties from the sites you go to. This is why there was such a fuss over the decision to make IE10 do-not-track's setting off by default. The only way you can guarantee your data isn't being used is to prevent it from being sent in the first place, or somehow falsify the data being sent back to the server

Don't care.

[pla]

Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

Have fun fulling your DB with useless crap trying to "track" me, Marketers.

Re:Don't care.

[fuzzyfuzzyfungus]

Who cares? Adblock; Ghostery; RandomUserAgent; and always, always, ALWAYS lie when asked for things like your DOB or zip code.

Have fun fulling your DB with useless crap trying to "track" me, Marketers.

Be careful that, in your efforts to resist tracking, you do not accidentally make your browser far more atypical than it would otherwise have been...

I've personally found the EFF's little http://panopticlick.eff.org/ test to be quite eye-opening(and probably not representative of the state of the art in tracking, since the guys you really have to worry about get paid for coming up with clever new techniques). Doing unusual things can substantially increase the unusualness of your browser's signature and behavior and make it more likely that you'll stand out of the crowd, albeit not quite as easily as if you just have a doubleclick cookie with a GUID embedded.

Re:Don't care.

[c]

Exactly.

The whole premise behind DNT is stupid. Trust marketers to respect a flag in your browser? Seriously? If these people gave a single, pathetic thought about what consumers did or did not want, they'd be out of a career.

AdBock/Ghostery/NoScript/etc means you don't have to trust any website not to track anything.

Cliff notes:

[fuzzyfuzzyfungus]

Team Marketing is on tactical thermonuclear crack. I don't know where the hell they got it; but damn if it isn't the good stuff. Consider the below, from a 'Rachel Thomas' working on behalf of the "Direct Marketing Association":

"Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.

Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.

Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years."

Yes, she actually said that. In public.

NoScript

[digitalaudiorock]

The thing that pisses me off the most about most (even supposedly reputable) web sites these days, is the eye opener you get if you run NoScript. The fact that the home pages of supposedly reputable sites are trying to pull in javascript from like a dozen or more unrelated sites is just fucking inexcusable, and it seems to get worse every day.

Worse yet is that some of those simply don't work at all unless you resort to "Temporarily allow all from this page", in which case I tend to just bail and never go back. I mean seriously...WTF??? I can't tell you how that burns my ass.

I've adapted the "spam solutions" list for DNT

[sootman]

It's much shorter. :-)

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting tracking. Your idea will not work. Here is why it won't work.

(x) Dude, fucking seriously. A checkbox to say "Hi marketers, please don't track me!"? What are you, on crack? You've got better odds walking through a bad neighborhood wearing gold chains and a "Please don't mug me" shirt.

Furthermore, this is what I think about you:

(x) This is a stupid idea, and you're a stupid person for suggesting it.

Re:The application of common sense

[Sloppy]

Not set doesn't mean "ok to track." Yes, they will track you, but the difference from DNT:0 is when it's not set, they're tracking you without your consent (nobody said you're ok with it). With DNT:0, you are consenting.

And the difference between that and DNT:1 (where most of them also track you) is that when it's not set, they have plausible deniability that they resisted your preference. With DNT:1, you're not consenting and they can't credibly say "I didn't know you had a problem with that."

(Unless you're running MSIE10, in which case if you send DNT:1, they can say "I didn't know you had a problem with that.")

Maybe this is the best way to look at it. DNT is "plausible deniability by default." It's not about tracking; it's about the relationship, and it provides a previously-missing piece of the model, representing the level to which hostility has escalated.