Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Not Track Ineffective and Dangerous, Says Researcher

Posted by samzenpus on from the best-intentions dept.

Seeteufel writes "Nadim Kobeissi, security researcher, describes the Do Not Track standard of the W3C as dangerous. 'In fact, Google's search engine, as well as Microsoft's (Bing), both ignore the Do Not Track header even though both companies helped implement this feature into their web browsers. Yahoo Search also ignored Do Not Track requests. Some websites will politely inform you, however, of the fact that your Do Not Track request has been ignored, and explain that this has been done in order to preserve their advertising revenue. But not all websites, by a long shot, do this.' The revelations come as Congress and European legislators consider to tighten privacy standards amid massive advertiser lobbying. 'Do not track' received strong support from the European Commission."

6 of 207 comments (clear)

  1. Re:Legislation by jazman_777 · · Score: 5, Informative

    Most big companies see it in their best interest to use the government to crush their competitors, all while the government gives them a free hand.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  2. Re:trivial, 99% effective fix by dririan · · Score: 3, Informative

    They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.

    AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you especially if you include your IP address (but that's not always reliable).

    I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.

    There's already a solution for that. Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.

  3. Re:Killer 'Do Not Track' App? by alostpacket · · Score: 3, Informative

    Interesting, but I am pretty sure DNT was Mozilla's Idea. And frankly, it always seemed like a waste of time. Given all the ways that one can be tracked though, a technical solution seems difficult as well.

    - Cookies
    - JavaScript
    - tracking pixels
    - HTML local DBs
    - Flash objects
    - fonts
    - screen size/colors
    - plugin config/versions
    - User agent
    - IP address
    - and now.... "DNT" toggle...

    It almost seems as the only way to keep from being tracked is via the TOR browser incognito mode in a freshly wiped VM or something. I honestly wonder if the 'net need to move more towards mesh/tor/ad-hoc networking. Basically if the "darknet" should be the "mainnet".

    Anyways, some info:

    EFF tool to see how well you can be tracked (fingerprinted)
    https://panopticlick.eff.org/index.php?action=log

    NAI (Network Advertising Initiative)
    Tracking opt out of 99 of some of the largest ad networks, including Google and MS (but guess who isn't there?)
    http://www.networkadvertising.org/choices/

    Apple iAd opt out
    http://support.apple.com/kb/HT4228

    --
    PocketPermissions Android Permission Guide
  4. Re:Poisoning the well by Anonymous Coward · · Score: 2, Informative

    You might want to think a bit more about the meaning of the word signature.

  5. Re:No kidding by azalin · · Score: 3, Informative

    There is an "allow unobtrusive adds" feature in ABP which might provide a solution to this dilemma. It provides reasons and rewards for playing nice. Should this idea take hold in a big way (yeah, the day pigs learn to fly) companies might actually choose the static, boring but seen by everyone ad over the fancy, super tracking, animated attention whore add seen only by the few slobs who don't have blocking yet.
    Of course the whole thing will be gamed and I have no idea, if it will ever take off.

  6. Re:Legislation by hairyfeet · · Score: 3, Informative

    I hate to break the news to ya sparky but in case you ain't kept up on current events the courts ruled "money equals speech" so your ballot box is worth jack and squat.

    You honestly think the best candidates anybody could come up with were Obama and Romney? Even though I don't believe in libertarianism you might want to look up "Jon Stewart Ron Paul" to see how badly the media is rigged, they treated Paul as "he who shall not be named" and the video ends with a reporter talking to an anchor and the reporter says "Here we are talking about Palin and Christie, who aren't even running, and not saying anything about paul who is doing good in the polls here" and the anchor gets a douchebag smirk and says "if you get any footage of Christie or Ppalin send it in, you can keep the Paul stuff"

    And THAT, that right there, is why your vote isn't worth used toilet paper. the media chooses which two shills you get, its coke in a can VS Coke in a bottle, because only pre-bought shills need apply. if you think voting would ever do anything ask yourself these questions: How many protested against the wars? How many sat out there in the cold during occupy? Think those people don't vote? of course they do but when your choice is Coke in a can VS in a bottle it don't really matter who you choose, its just different corporate masters. Obama is owned by the media cartels and his VP is the biggest media shill in DC, Romney was owned by Wall Street, 6 of one, half dozen of the other, either way you are fucked.

    --
    ACs don't waste your time replying, your posts are never seen by me.