Slashdot Mirror
Yahoo Will Ignore IE 10's "Do Not Track"
dsinc writes "And so it begins... Yahoo has made it official: it won't honor the Do Not Track request issued by Internet Explorer 10. Their justification? '[T]he DNT signal from IE10 doesn't express user intent" and "DNT can be easily abused.'" Wonder what percentage of users would rather be tracked by default.
See now, the trouble here is that all of these privacy settings rely on corporate "good will", when there is no such thing.
Really, the only way to ensure your privacy is extreme paranoia. Sorry.
To ignore Yahoo till it dies a nice slow death....
Even Apache doesn't honor DNT if it has been issued by IE10
http://www.pcworld.com/article/262150/apache_web_servers_will_ignore_ie10s_do_not_track_settings.html
Is it really a surprise that a failing business like Yahoo! would ignore its users in an attempt to make money?
Look, the obvious lesson here is that no business can be trusted to keep secrets. Also: Water is wet, fire is hot. Don't give out anything you don't want to get out there, no matter what some PHB promises you.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Yahoo leads the way forward, whether it is in their innovative email platform with intuitive ui (ads), their reporting (entertainming/advertising) with an insightful comments from the community (tea partying racists), or their home page that I haven't visited but I hear has relevant content (ads) - Yahoo is the future. We can't expect anything less than a rejection of IE's fascist desire to make advertising less lucrative. After all, users want nothing more than for the advertising they see to be as intrusive and lucrative for companies as possible.
They should have made a huge startup dialog "Do you want to be tracked" and achieved 90+% block without these complaints. They might still have ignored it but at least it would have been clearly a DNT violation
Changing the DNT request text from: "DNT (Default)" to "DNT (User's Choice)" Now Yahoo! will be ignoring the wishes of the user.
The rule on private property is that you do not have permission to use it unless and until the property owner says you do. If he doesn't say anything, you don't have permission.
The rule about inviting yourself into someone else's home is that you don't have the right to unless they say you can. If they don't say, you don't have permission.
Our world's full of things where a lack of explicit permission means you don't have permission. Now, as far as the site itself is concerned I don't object to them tracking what I do on that site. It's their site, I can't expect to access it without them knowing what I'm doing. But a third party, it's not their site. Why should the rule not be that, absent my express permission for them to track my comings and goings, they do not have permission?
Can't beat their sports coverage, live score tracking, and their collection of sports writers. Yahoo is still the best if you are trying to track numerous college or pro football games on Saturday or Sunday. CBSsports.com is a close second. ESPN's website is too flash-heavy, and slow to load most pages.
What browser makers really need to do to prevent tracking is to simply clear cookies when you close your browser. For good measure also clear flash and silverlight cookies. That prevents persistent tracking. It works perfectly for me. I've never needed do not track.
How do you know they aren't tracking you by IP address and habit of sites you visit?
Look where all this talking got us, baby.
What's yahoo?
And I definitely won't use them now. They can rot.
Now I know to do full ad and cookie blocking for yahoo sites.
Thanks Yahoo, you made my decision easier.
What's even more shocking is that there's people still using Yahoo.
When working on any neophytes or old persons computer Yahoo is there under IE with the default homepage 80% of the time. Reason being is the crapware that OEMs install as well as ISP software both reset the users homepage too it for $$$ cash back.
Ones with MSN as the default page are typically corporate users. If MS decided not to be retarded and capture the market from Google they would put it in the Windows contract to not change the homepage at the OEM level. ... anyway I can see why Yahoo would be threatened by this as smart users like us who go to sites like slashdot use an alternative browser. Or if we do use IE we change the homepage to Google or something similar. Yahoo is the oldschool portal that regular people use who are not into computers very reminiscent of AOL back in the day 10 years earlier.
http://saveie6.com/
They do that even with the DNT cookie, DNT is purely a do not send me targeted ads, they are still allowed to track you even while honouring DNT. The whole DNT thing is pointless and whoever came up with it as a way to move forward should be lined up and shot.
DNT+, Ghostery these are all out there. Frankly there's probably very few websites now that don't track your IP address and other details with multiple
trackers.
Hell go to cnn.com and Ghostery blocks 10 trackers alone. Two of those are )(*@!@)*# Facebook trackers. Frankly, the amount of information people are collecting about our web browsing activities is becoming staggering and I for one won't rely on a company saying they'll honor "Do not Track" options from the browsers.
As Navin Johnson said "It's out there, see a doctor get rid of it" - The Jerk
Harrison's Postulate - "For every action there is an equal and opposite criticism"
The W3C DNT spec explicitly says that a browser should not set this by default, yet Microsoft is completely ignoring the spec and turning it on by default. What Yahoo is doing it 100% correct - it's the only right answer to Microsoft completely ignoring the DNT spec, both in it's intent as well as it's actual words. Every other major web property WILL do the same. Apache already has a patch to ignore DNT from IE10, now Yahoo is doing the same, and the rest will follow.
.
It's the same way that political polls and statisticians can lie with numbers: you can ask the same question in ways that can "force" or "prompt" a particular answer. (See also episodes of Yes, Prime Minister for examples.
It makes me feel good inside to know that I am creating revenue for the website that I visit, which helps cover the cost of providing that website. Tracking a user and giving targeting advertising increases the value of the advertising campaigns, which translates into more money for the website.
If we didn't have this, the web is going to become subscription-only very quickly.
Slashdot gives me the option to "Disable Advertising" for having positive Karma, but I choose not to use this.
What is annoying, is that the tracking wouldn't be an issue if the online advertising industry would be more honest to consumers about their practices from be beginning so that it would have been accepted early on, and also not give online advertising a bad name by not tricking websites into displaying ads that the web developer has said not to, and also allowing intrusive or misleading advertising (like how many fake 'Download' buttons do you see on Download sites for example).
If you want us to stop using tracking and ad blockers, you might want to put pressure on companies (like, say, Yahoo) that make us use them.
Sincerely, your user.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is anyone else bothered by the fact that MICROSOFT gives more of a shit about the end user than everyone else?
All that Microsoft did achieve...and all it could achieve is to have others ignore the functionality. They actually destroyed its functionality by embracing it. If Microsoft gave a shit it would be using Tor, or creating similar technology...or even just making their own OS less spyware. I was shocked at how much information Windows 8 wanted from me.
If I just could opt out of that delusion of safety. In return, I promise I won't complain if the boogeyman du jour (is it still terrorists? I lost interest a while ago) kills me.
Agreed? No? Gee, why not?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I don't think this company knows what a standard is because they seem to fight them every chance they get. They think they're getting brownie points for being "Pro Consumer", but as always they just end up looking like fools in the end. This is nothing but a PR campaign to prop their lousy browser back into relevance after being embarrassed repeatedly by Chrome.
Not really, actually, it's logical. For MS, we're the customer. For Yahoo, we're the product.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Does Yahoo honour the Do Not Track of any browser?
If so, which?
If I have to choose between 1 targeted ad, and 10 random ads, I'll take the tracking.
- the details and specificity of your browser of choice as indicated by your browser agent,
- your browser settings,
- your screen real estate in pixels,
- your system fonts,
- your browser plug-ins,
- and the content of your HTTP_ACCEPT headers,
- your time-zone,
- and your javascript-abilities. My browser as set gives out 18.43 bits of identifying information as calculated by the EFF at
.
https://panopticlick.eff.org/
.
Click on their Test Me link to see how much information your browser gives away, and how well you could be tracked even if you opt-out of cookies, and tracking, and Flash cookies, and use Ghostery etc. A lot of your identifying information leaks out anyway.
Actually, for MS, Dell is the customer. Except for their advertising department (aka Bing) where you are the product.
Disable third-party cookies and install the Do Not Track Plus and NoScript extensions. Then to really fuck with the assholes, set up AdBlock Plus and disable its bullshit "non-intrusive advertising" whitelist, and to make sure your point finally sinks in, go into your browser's preferences and enable Do Not Track. In this case, since the Do Not Track header is worse than worthless because it will always will fail miserably to actually do what it claims, the header itself will act as sort of a "fuck off" header instead.
Maybe we need to enhance the "standard" by allowing something like: DNT=FUCK_OFF ...which would be used by people who have their own set of privacy tools. Would this proposed update to the standard pass? After all... dumber things have been approved. Like, say, the DNT standard itself. I would consider a FUCK_OFF flag a massive improvement to such a pathetic standard... at least it would allow you to not only express your desire not to be tracked, but also to tell them what you really think of their joke of a standard.
If my browser featured this, hell... I'd turn it on.
http://www.youtube.com/watch?v=G0ZZJXw4MTA
They are now showing the world, what it is like to use a setting, where the obedience of the websites is voluntary. And they have their cross-site-tracking detection feature.
written from firefox with DNT on, noscript and adblockplus with no-tracking blacklist (no ghostery, as its rather dubious and ABP can do the same with the right lists)
Obvious incompetence is not malice. They have plenty of both, but let us not confuse one for the other. They lack the skill to hide this many backdoors so well. Occam's razor demands we attribute these to simple innocence of security best practice established in the 1970's, or inability to understand and implement these principles.
Help stamp out iliturcy.
Wonder what percentage of users would rather be tracked by default.
According to a 2012 Pew Internet study, 73% of search engine users said they were against tracking by the search engines, and 68% were against targeted advertising.
The corollary is that respecting DNT even for IE 10 matches what over 70%(*) of the users want, while ignoring it only satisfies the wishes of 28%(**) of the users.
(*) I'm starting with the 'targeted ads' numbers which are the more conservative ones. The survey shows 28% of the users want them and 68% oppose them. Furthermore another study shows that, when they have to manually hunt and set DNT, 5 to 6% of the overall population turns it on. Given that we know 68% favor DNT that means 7 to 9% of the users will go through the hassle. So if DNT is on by default on IE 10 we can expect 7 to 9% of the I-want-targeted-ads crowd to turn it back off which translates to 2 to 2.5%. So if DNT is honored for IE 10 these 2 to 2.5% users will get what they want as well as the 68% who are fine with the default setting, yielding a total of 70 to 70.5% users getting what they want.
(**) Or, conversely, going against the wishes of 68% of the users (the remaining 4% don't know what they want).
Posting as AC makes you a fairly questionable source, as such, I don't feel the need to believe anything you say.
Change is certain; progress is not obligatory.
Slew? You only really need two: NoScript and AdBlock (or any of its forks.) You can't stop people from making bad decisions or to think selfishly. Thinking you can, even with any sort of regulation in place, is pretty dumb. There isn't much soul selling involved here - especially if you use a fork of AdBlock that isn't explicitly being 'donated to' by a big advertisement company. NoScript itself also pretty much funded by donations from users and is otherwise done as a 'spare time' project by its authors.
I think I prefer it this way rather than a truly regulated WWW, honestly. That alternative is a potentially very scary one.
Nobody cares what the CAPTCHA for your post was.
It's not Yahoo that's at fault here, at least not all by itself. Microsoft chose to implement an "on by default" DNT feature in IE10, which goes against the agreed intention of DNT. Microsoft can fix this in many ways, the simplest of which could be to offer the user a choice upon first using IE10 - heck, they can even have the "activate Do Not Track" option selected by default, so people will only have to click "OK".
Why, do you think, did Microsoft choose not to do this? Do you really think that removing that choice from the first use degrades the user experience so much that it validates ignoring a standard and risking justified behavior from parties like Yahoo? Or could it be that it is Microsoft that would like to see DNT marginalized and sees this as the perfect way of doing so: embrace (done), extend (done), extinguish (in 3.. 2.. 1...)
That sounds like something to add on a proxy.
Thanks for the pointer to that "Yes, Minister" clip. That is exactly the scene I was thinking of! The scary part seems to be that much of politics probably plays out the same way even today. The rest of the episode is amazing, and there's pretty much something to learn (at least for me) in every episode of that series. And something in every episode is "spot on" relevant to politics in SD at the city level, or CA at the state level, or the USA at the national level.
Really, how can you abuse DNT? OMG! That browser allows that person to surface completely anonymously, thats abuse of the DNT system. Users shouldn't be allowed to be completely anonymous. IE10's DNT feature isn't the user's intent? Hmmm I click a button or use a switch that enables Do Not Track. That doesn't mean I don't want to be tracked though. I don't know what i'm doing. I just like hitting buttons. I'm pretty sure there is a whole lot more to it than this but seriously? The way the summary is worded, yahoo is saying we are all idiots and don't know options that we want and not being able to be tracked is a abuse of power.
TFA doesn't say anything at all about Firefox, but I'm going to block Yahoo at the firewall anyway. Just to be sure. Thanks for the heads-up, Yahoo.
regardless what you think of DNT and DNT with IE10, but thats a choice, the tracking webapp needs to make. When apache filters IE10 DNT-headers, the webapp CANNOT decide to honor them even when its a default. So apache limits the choice of the tracking-software implementors to honor it. Thats filtering on the wrong layer.
Change the user agent string of IE10.
Yahoo: We are going to abuase DNT because DNT can be easily abused.
What.
I'm a good cook. I'm a fantastic eater. - Steven Brust
The plan is complete.
1. Society recognizes problem with unregulated market segment
2. Society asks market to please regulate itself
3. Market tries to come up with a solution
4. Market decides, hey, fuck customers and ethics, it's all about the Benjamins suckas!
5. Legal regulation
Having reached step 4, we can now move on to step 5. I am glad about this. Congressional action will merely extend the protections currently enjoyed by Americans to the realm of targeted advertising. Sometimes legal action isn't required. For instance, the movie industry has successfully used their rating system to satisfy the public and stop Congress from getting involved. Sadly, only rare industries do that successfully.
did anyone really expected DNT to work?
srsly?
ALL browsers should enable Do Not Track by default!!!
switch IE10 into IE9 compatibility mode.
All the more reason to use it!
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
If Microsoft gave a shit it would be using Tor, or creating similar technology...or even just making their own OS less spyware.
Let me introduce you to In-Private Browsing and Anti-Tracking Lists
" their mail is unusable on my system "
You Are Doing It Wrong.
I read my accumulation of Yahoo and Gmail and other accounts using Thunderbird (on Linux) and Thunderbird Portable (on Windows, I copy it from my USB key, use it, then cut/paste it back for speed or leave the program folder on permanent installs. Can't beat the ease of backup!)
I don't see Yahoo or Google mail pages or deal with their annoying layour, let alone their adverts. Doing so would not serve me.
Fuck 'em with George Carlin's proverbial Big Rubber Dick. :-)
http://portableapps.com/apps/internet/thunderbird_portable
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
a whole bunch of RFC's, and mails to their abuse account.
What else is new?
The standard is stupid; in fact, it's so stupid that it makes less sense when used in a fable. So...
Once upon a time, there was a group of 4 sheepherders that tended to their sheep in the far far away land of internetia. Farmer Bill, Steve, Larry and Gary tended their flocks and would try to draw more sheep with either better grass, or shelter from the weather, or protection from predators. it got so competitive that sheep from other farms would jump the fences because some farms offered better comforts than others.
One day, a large pack of wolves (Genus: advertis infectus) started eating the sheep. The farmers responded accordingly. Farmer Bill first bought a "Tracking Protection" Caliber Shotgun. Which sometimes killed some wolves but would take about 10-30 shots before it killed them. Farmer Gary built a doghouse in which the sheep hired a German adblockplus and a Dutch noscript to protect them, which worked very well. Farmer Larry also built a doghouse, but was not as nice as Farmer Gary's doghouse. Eventually a German Adblockplus moved in, but it would get sick due to the cold getting into the doghouse and some wolves would get to the sheep. Eventually, Farmer Bill saw how well the sheepdogs worked and finally built a kennel by his own design to attract sheepdogs directly, but it was so badly designed that very few sheepdogs took the opportunity to live in it, and the few that did couldn't do their job well because they were sick all of the time. Farmer Steve didn't seem to do anything worthwhile and the sheep we so enamored by Steve's aura and immaculate looking farm that they didn't seem to care.
The wolves, losing many a comrade to the Sheepdogs, decided they needed to take action. First they asked the grass to stop growing if the sheepdogs protected the sheep that hired the sheepdogs, but the grass didn't stop growing. Finally the Wolves went to the World Carnivore Collection Consortium (W3C) and proposed the following treaty.
The farmers would have a can of Red Paint handy that the Sheep could use to put a Red X on their back. Any Sheep with the red X on their back would not be touched by the wolves. However, according to the rules, the Farmer could not paint the sheep themselves.
Farmer Gary and Steve adopted the practice quickly. Some Astute sheep noticed that the sheep with the Red X never got attacked by wolves and put the Red X on themselves, while other sheep didn't trust the wolves and still hired the sheepdogs. Farmer Larry wasn't too fond of the paint, since he secretly had a wolf as a pet, but eventually he made the red paint available as well as built a better doghouse for the Sheepdogs.
Farmer Bill, on the other hand, saw an opportunity to turn this into a feature that could protect his sheep and draw some sheep from other farms, since so many sheep jumped his fence to go to the nicer pastures of Firefox Ranch and Chrome Acres. But he had to find a way to follow the rules but get as many Sheep to put on the Red X as possible. Then he had the solution. His solution was to ask the sheep if they wanted the default pasture experience. If they wanted the Experience, all they had to do was put a Red X on their back. Eventually all of the sheep in the 10th pasture had a red X on their back.
The wolves noticed all of the Red Xs at the IE Corral and started crying foul. When Farmer Bill said he was following the rules and wouldn't change the policy, they first changed the treaty to forbid what Farmer Bill did, but the damage was already done, So the wolves decided to take a different approach to combat the problem. First they went to the Apache Fertilizer Co. and convinced them to add something to their fertilizer that when ingested by any Sheep in the IE corral, that it would dissolve the red X on their back. Other Wolves, such as the one named 'Yahoo' decided to ignore the Red X on the IE sheep altogether and started attacking the sheep Regardless if they had paint on their back or not.
Some Sheep as well as the other three farmers, start to hate what
In Soviet Russia, Trojan exploits YOU!
has had it's meaning stretched against all meaning before. Could we stretch it a little more to prosecute companies who ignore the DNT flag?
Up until now, the Internet has basically been run by the people who have the websites. If you visit their website, you are going to get anything they want to give you. If they wanted to be fussy, they might have a TOS that says something like "by visiting this website, you agree to allow us to track you".
There has never been a way for the consumer of the information to tell the website what they were authorized to transmit to the consumers machine. Now there is, Do Not Track. It can interpreted to mean the website is authorized to do anything it wants except, track the user. If the website tracks the user, after receiving a DNT flag, they have accessed the Consumer's PC beyond their authorization.
Each individual violation is very small damages, but in aggregate, when they ignore the flag on millions of visits, it could potentially be big fines/damages. Perfect territory for a Class Action Lawsuit or an adventurous DA trying to make a name for himself. They even open themselves up for this type of lawsuit by publicly announcing they will ignore the flag.
This is a battle for power. The consumer is trying to grab a little power and privacy back from the websites with DNT. The major advertisers are freaking out about even this minor shift in the balance of power.
Companies don't need to put tracking bits on our computers, they can pool information and mine everything which they'll do if it's the only way forward for them.
Don't trust a "legislative" solution to a technical problem. DNT is a polite suggestion, nothing more; implementation is on-your-honor (or dishonor, in this case). Is anyone *that* surprised about stories like this?
Now begin (or should) the technical countermeasures. Suggestions to MS for IE 10.01: If *.yahoo.com in domain:
* Expiry for all cookies and cache resources from this domain set to 7 days or the end of a session (browser exited), whichever comes first. "Cache resources" includes without limitation caches maintaned by plugins (e.g. Flash persistent storage).
* Cookie and cookie-equivalent data retrieval sandboxed by clickstream. E.g. hit yahoo.com - sets cookie. Click to yahoo.com/link - cookie readable (same clickstream scope). User opens a new window and manually browses to yahoo.com - cookies set in first window's session unreadable (out of scope) to 2nd window's session. This behavior may have to extend to cache objects (see "evercookie" and friends)
Caveat Emptor is not a business model.
The point of DNT is not itself to stop tracking, but to give the user a voice about their preference. The difference is a bit subtle, but you can understand it in less than 30 seconds if you try.
Before DNT, you did not have a way to say whether you preferred that companies not track you or you preferred that they track you and give you delightfully relevant targeted advertising. Now you have a way to express this to the sites you visit. DNT is your choice voice.
Giving your preferences a voice is valuable.
It doesn't mean that the sites who get the message are going to obey it. It's an expression of your preference, not a magical spell to cause them to act a certain way. However, when this protocol for expressing choice becomes adequately standardized, when we know that DNT expresses the actual user's desires (rather than is automatically set), we can then enact laws to coerce businesses into complying with users' desires.
I believe the issue with Apache (and I suspect any other web server software service) is that to honor the "Do Not Track" would break its architecture. To do its own internal work Apache must TRACK the request as it handles the request.
The real issue is that DNT requires a "trust" when there is no mechanism for trust. On the web client side there is no mechanism to make sure the server honors the request. On the server side there is no reason why it would honor a remote setting over its own configuration. We might as well implement the GOOD setting in HTTP as well so servers know that when GOOD is enabled that information is not allowed to be stolen.
...to figure out how to change to a better browser, they're probably too stupid to notice they're being tracked
while
The rest of the world will ignore Yahoo.
There are two rules for success:
1. Never tell everything you know.
Someone please mod Yahoo +5 for ironic as fuck. Tracking internet users has no potential for abuse at all right Yahoo? Microsoft and IE are obviously trying to cut into your market share by deploying rogue technology against you.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
The DNT standard was based on good faith of all parts, and it's better than the previous situation in which you had to use drastic measures to opt out of tracking. If browsers turn the flag on by default, websites will just ignore it and you will be right back where you started.
Not much hope of IP address tracking if you're using 3G mobile internet in the UK. You're lucky if your IP address stays the same for more than an hour or so - even in a single location (so it's not related to the tower you're connected to).
Sigs are so 1990s. No way would I be seen dead with one.
OMG, despite the fact that I knew about all this in theory I really had to see the difference with firefox + torbutton in non-tor mode vs. tor-mode, let alone tor-mode with noscript blocking scripts - the difference was staggering.
In capitalist USA corporations control the government.