Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Advances Do-Not-Track Technology

Posted by Soulskill on from the just-barely-able-to-track-their-progress dept.

CowboyRobot writes "Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers. 'We're trying to change the dynamic so that trackers behave better,' Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post. According to NetMarketShare, 21% of the world's computers run Firefox. Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites. Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default."

148 comments

  1. Backlash by Anonymous Coward · · Score: 0, Insightful

    So when's the backlash coming against them like with IE?

    1. Re: Backlash by Vanderhoth · · Score: 2

      I remember the article about MS implementing DNT by default. It was actually one of the few occasions around here where they got praised. Normally they're so anticonsumer rights they don't deserve it.

    2. Re:Backlash by Anonymous Coward · · Score: 1

      So when's the backlash coming against them like with IE?

      Why would there be?

      I see this as a good thing.

      I only back lash against IE that I know of was that it was for years very insecure and didn't follow WWW standards. Now, IE is pretty nice browser - I still prefer Firefox for various personal quirks, though.

    3. Re: Backlash by Anonymous Coward · · Score: 0, Insightful

      Microsoft's approach to DNT was especially terrible. It does nothing to stop tracking, but it does give advertisers a legal loophole where they can say "even though there was a DNT:1 request header that doesn't necessarily mean the user opted out of tracking".

    4. Re: Backlash by Anonymous Coward · · Score: 1

      Microsoft's approach to DNT was especially terrible. It does nothing to stop tracking, but it does give advertisers a legal loophole where they can say "even though there was a DNT:1 request header that doesn't necessarily mean the user opted out of tracking".

      It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.

    5. Re: Backlash by Anonymous Coward · · Score: 0, Insightful

      You wanted to lose the ability to opt out of tracking?

      This is how DNT works normally
      DNT:0 indicates that the user has consented to tracking
      DNT:null does not indicate whether or not the user has consented
      DNT:1 indicates that the user has opted out

      Now on IE10 DNT:1 behaves like DNT:null, DNT:null is effectively DNT:0 and there is no way left to actually request not to be tracked.

    6. Re: Backlash by Anonymous Coward · · Score: 1

      Nice spin. In truth, they simply made the default 1. Your null argument is weak since null would have been treated like 0. Now null is treated like 1 and users have to opt-in. Advertisers didn't want that, they wanted opt-out so now they feel justified in not playing.

    7. Re: Backlash by DrXym · · Score: 4, Insightful

      It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.

      No. It was Microsoft making your decision for you, making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference. And more likely it had squat to do with them championing privacy and more to do with screwing over Google and other advertisers.

      I'm sure a browser could pose the question with some information the first time the browser is launched to make the preference an explicit user choice.

    8. Re: Backlash by Anonymous Coward · · Score: 0

      That's.. ridiculous. It is not your choice either way. If a person doesn't know of the option, then they're not making a choice no matter what the default is.

      The only correct way to implement this would be to ask the user to educate themselves, or err on the side of serving the user first, rather than those trying to make money off of them.

    9. Re:Backlash by LordLimecat · · Score: 1

      Heres the difference, and its really not so complicated.

      IE announced that it was going to turn on the "please dont track me" flag which requests a website not track the browser. Such a setting only has an effect if the website in question honors it. Websites might honor that request if it was clear that the user intentionally turned it on, indicating that they perhaps cared enough to not visit said site or use an adblocker if it was not honored. By making it the default setting, it is not farfetched to think that most sites will now NOT honor the flag, since it doesnt indicate much of anything except that the user is on the newest browser. Theres also the question of whether that was exactly MS's plan.

      Mozilla here is announcing what amounts to the inclusion of Ghostery lite or something similar in Firefox. This isnt something a website can say "no" to. There are other issues that this can cause, certainly, but theyre not "ruining" anything for everyone else the way IE is; any issues this causes would be on the end-user side (rendering, broken pages, etc).

    10. Re: Backlash by AmiMoJo · · Score: 1

      making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference

      This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital". No-one wants to be tracked, everyone wants privacy.

      I suppose MS could have just asked the question up-front when installing IE 10, like they ask about default search engines and that kind of stuff, but I imagine the advertisers would still have had a hissy fit. They were fine with it as long as only the minority who also run AdBlock and Ghostery and disable 3rd Party Cookies and regularly clean their browser data out were turning it on, the millisecond it became mainstream it was unacceptable.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    11. Re: Backlash by hedwards · · Score: 3, Interesting

      Indeed, considering the various sociopathic methods that advertisers are willing to enact to get their message heard, regardless of whether the end user wants to hear it, I say fuck them. The DNT wouldn't be necessary if they were satisfied with an opt in set up or we had any idea as to who the people doing the tracking were. But, that isn't the case.

      They've given us malware in ad banners that use code hosted on 3rd party sites, those annoying flash ads that cover content and randomly crash, the intellitext that randomly disrupts our browsing and not to mention those hidden ads that get activated when you click on seemingly blank space on a site.

      I'd personally suggest that they made their bed, and now it's time for them to lie in it. But, I think they might take that as permission to lie to me if they're actually in bed.

    12. Re: Backlash by hedwards · · Score: 1

      As opposed to the advertisers opting you in without your consent? All MS was doing there was making sure that people had to opt in, rather than being tracked by god only knows whom all over the net, without any particular way of knowing who was doing it.

    13. Re:Backlash by hedwards · · Score: 4, Insightful

      Which is as it should be.

      The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out. So, measures like this became necessary. At this point, you have to go to extremes if you don't want to be tracked, and there is no informed consent for most people, you have to be constantly following their methods if you wish to opt out. And do things like blocking 3rd party cookies, javascript, flash, constantly clearing your cache etc.

      I'd rather that Mozilla not need to do this, but it's abundantly clear that the advertising industry will not stop of its own accord. We people that browse the web didn't start this war, the advertisers did, and until we get a consistent way of opting into all this tracking, this kind of method is going to be necessary.

    14. Re:Backlash by LordLimecat · · Score: 2

      The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out

      Some clarification is necessary, for folks who dont really get how websites work.

      You are going to www.somesite.com and saying "please, server, send me whatever data you have published". That site may be publishing a website with content from a bunch of advertising networks, so thats what your request gets. Theres nothing inherently evil about this, as a lot of the time those ads generate the revenue which pays the server bills. DNT is your browser saying "please send me whatever youre publishing, but try not to send the advertising stuff". Whether the server complies with (or even understands) that request is going to be up to the site operator.

      Of course, as the end user, you have ALWAYS had the freedom to strip out or modify whatever content you receive; or even modify the server's response such that third-party data is never pulled in at all. This appears to be what Firefox will now do by default, and there is again nothing wrong with this except that it will change the dynamic of how ad-supported sites serve data to firefox customers; they may decide to respond by blocking browsers which block ad data.

      The biggest mistake people make is thinking that site operators HAVE to cater to you, and thus that we can force them to give us their site, sans the ads. They can very well decide that you dont actually make them any money, and that you therefore wont be getting the ads OR the site. Remember that old saying, be careful what you wish for-- you want no ads, you may end up with no content either.

    15. Re:Backlash by WarOfTheNerd4850 · · Score: 0

      MS did not enable DNT by default! FFS what is wrong with these advertising people, they enable it if you choose Express but if you deploy without following the wizard, it's off by default... That's not default, it's easy to configure by clicking one button on first install but it's NOT THE DEFAULT! *nerdrage*

    16. Re:Backlash by hedwards · · Score: 1

      Sending whatever data you have published is not the same thing as giving permission to send my data to third parties.

      I cannot conceive of how you would even think that the two are the same thing. Ads are fine, I understand that free things need to be paid for in some fashion, but targeted ads based upon tracking information are not the only way to go. Ads existed prior to targeting and tracking and commercial bandwidth costs less now than it did before tracking techniques were available.

      If they need to track people without their knowledge or permission, then it's probably for the best that these sites go under. Because they're being run by scum bags.

      BTW, I don't block ads, but by running software to protect me from malware I end up blocking a lot of ads on various sites. If the site operators would be hosting their ads and running responsible ads their ads wouldn't be blocked. I have no problem with tasteful text ads that aren't targeted at me, but if I don't know what it is and where it's coming from, I block it.

    17. Re: Backlash by Billly+Gates · · Score: 2

      WOW can MS ever be the good guys here on slashdot I mean ever??

      They can cure cancer and someone will bash them and find a reason it seems.

      No MS never caved in. Apache did as greedy companies like Godaddy and Rackspace threatened they would go with IIS or some other web serving software if they didn't try to stomp on the will of the consumers immediately!! The standards bullshit is just that. The coders who patched it worked for advertising companies that contributed and the ISP market felt threatened customers would not be willing to pay as much to host sites if they can't generate revenue with annoying ads.

      MS did nothing wrong here at all!

      --
      http://saveie6.com/
    18. Re: Backlash by Anonymous Coward · · Score: 1

      You wanted to lose the ability to opt out of tracking?

      This is how DNT works normally
      DNT:0 indicates that the user has consented to tracking
      DNT:null does not indicate whether or not the user has consented
      DNT:1 indicates that the user has opted out

      Now on IE10 DNT:1 behaves like DNT:null, DNT:null is effectively DNT:0 and there is no way left to actually request not to be tracked.

      I wanted to default to not being tracked. The sites choosing not to honor the setting are the ones who are against me. They are the ones who violate the protocol.

      So I will continue to use other means to not even fetch their content in the first place. Sites carrying their ads get no revenue. Clients buying ad space on their network get no impressions. I get faster, safer browsing.

    19. Re: Backlash by Anonymous Coward · · Score: 0

      The decision they were making was the one I want.

      The people whose business model depends on gathering information about me and selling it, along with showing me targeted ads, are the ones who disagreed with that decision. I, for one, welcomed it.

      Instead, because the Apache Software Foundation is headed by a sellout who sided with the advertisers, I continue to resort to other means of opting out, including but not limited to DNS blackholing several domains.

    20. Re: Backlash by Sloppy · · Score: 1

      This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital"

      Yes, and?

      When we're talking about what someone else's computer internally does with the information you choose to send to it, they liter-- uh -- analogously do have the right (and more importantly: the POWER, even if you disagree about the right) to get away with away with the attitude that you just described. If it helps, think of them as Powerful Assholes Who Have The Law On Their Side.

      Sure, PAWHTLOTS are going to let most people bleed to death. The weird strange thing that happened, though, is that while they're all always free to let everyone bleed to death (whether they want to go to the hospital or not), a few of the .. shall we say.. evil-yet-honorable PAWHTLOTS said they'd take people to the hospital if those people said "I thought about it and decided I would prefer to go to the hospital" as opposed to two other choices (the other choices were "I don't care" and "I thought about it and would prefer to die").

      Microsoft came out with a medical bracelet, where the "I'd rather go to the hospital" and "I don't care" part was smudged, so that people trying to read the card can't tell the difference.

      If you are trying to read such a bracelet, I think you're going to say "well, they clearly don't say they'd prefer to die" and I think you're going to take that person to the hospital. But what do you predict an evil-yet-honorable PAWHTLOTS will do?

      The people who invented the DNT medical bracelet thought about that last question and were very explicit that people who make bracelets should use care in making sure the bracelets don't display ambiguous information, but Microsoft blew it.

      Look at it another way: we all want this bullshit to be opt-in. But we send information to trackers, where they get to decide how it works. And they want it to be opt-out. It's their computer, so they win, period. If we work within opt-out, some of us can get some of what we want. If we defy it, then we haven't opted out.

      This, BTW, is half of the tracking issue. The other half of the issue is that we leak so much damn information, which is what has put so much power into the adversaries hands. And FWIW, this actual Firefox story is about that. So there's at least something to be cheerful about. I prefer technical means to dealing with the problem, but DNT was a brilliant social prong of the action too, and MS has spoiled it.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    21. Re:Backlash by Jane+Q.+Public · · Score: 1

      "Some clarification is necessary, for folks who dont really get how websites work."

      Agree with hedwards. It seems that maybe you are the one who needs education.

      This whole thing isn't about the site you visit. It's about 3rd parties tracking you when you visit those sites.

      Here's how it works: you are person or company hosting website A. I am advertising company B. You create a website. On that website you include a link to an ad that is hosted on my server. Often they are buried in a mess of javascript, but in the simplest case that's what it amounts to.

      When user X goes to your website (A), the browser requests the page from your server. In the content of that page, it includes links to images on my server at B. In order to display those images, your browser makes a request to server B. User X has not given prior or informed consent for this. But it happens nevertheless.

      Since your browser made a request to MY server at B (even though the user only intended to visit a page on A), guess what information I can retrieve? Rather than trying to explain, just go here to the Panopticlick Project (make sure javascript is turned on, because it is for most people) and see.

      And that doesn't even count the referrer, which any server can get and which tells me (at B) exactly what web page you visited, and when. So the upshot is: without your prior knowledge or consent, when you go to ANY SITE that has my ad on it, without your knowledge or prior (or informed) concent, at B I can tell where you were, and when.

      That is true of EVERY site that has a Fecebook "like" button, or Reddit link, or AddThis or Google+ button, or ad from DoubleClick, and on and on and on, ad nauseum. Every one of them.

      And that's WITHOUT even going into the subject of cookies! Cookies are not necessary to do that. But cookies can do more. And then there are Flash "cookies", and "local storage"...

      The problem is FAR bigger than you have recognized.

      Oh... and here's another thing, just to top it all off: IT IS ILLEGAL in the U.S. to track anyone who is younger than 13 years of age. But they do it all the time, for the simple reason that they CAN'T know in advance who they're tracking. They can only tell afterward, and they usually don't bother to even find out.

    22. Re: Backlash by UltraZelda64 · · Score: 1

      Bull fucking shit. The user is given the chance to look over the defaults and answer either "yes" or "no" when asked if everything looks okay before even using the browser for the first time. Nothing is stopping them from clicking "no" and choosing to click the button saying, "yes, please tell all the scummy cocksucking advertising companies out there to monitor everything I do on the Internet while using my computer." Preferably with a very descriptive paragraph of what they really do and what they use it for, to prevent anyone from *ever* turning it on. Then Microsoft would be sued for telling the facts, and their browser's DNT would still be blacklisted, but at least then everyone would realize what a bunch of god damn crooked assfucks the people in the advertisement business are.

    23. Re: Backlash by sjames · · Score: 1

      Advertisers make their living on loopholes and weasel words. They would have said that no matter what.

      The simple fact, whether they like it or not, is that a great many people find being tagged and tracked like animals by a creepy corporate stalker to be distasteful in the extreme. Of the rest, practically none actually think being tracked is cool and even less would object to DNT being set.

      The purpose of default settings is to make the vast majority happy enough. And that dictates setting DNT.

      Frankly, even if you sent them a video of you signing a do not track request form literally carved in stone and have it notarized, they would claim you just didn't fully understand the issue and so your opt out wasn't genuine.

    24. Re:Backlash by sjames · · Score: 1

      What backlash? I and many others here found ourselves in the odd position of applauding something MS did.

    25. Re: Backlash by Anonymous Coward · · Score: 0

      MS did nothing wrong here at all!

      Aside from attacking the Do Not Track standard by making those who opt out of tracking indistinguishable from those who did not, while at the same time failing to do anything at all to actually prevent tracking. Do you honestly believe that all the DNT-supporting privacy advocates who complain about how Microsoft implemented DNT do so purely because they are Microsoft, and would have given Mozilla, Apple, Opera or Google a free pass if one of those companies had pulled such a stunt?

      Apache did as greedy companies like Godaddy and Rackspace threatened they would go with IIS or some other web serving software if they didn't try to stomp on the will of the consumers immediately!!

      Is that a fact? Did that really happen or are you just making it up? Do you have any references? Are you not aware that Godaddy already uses IIS for its servers, and for hosting uses whatever its customers order? Or that Apache is a non-profit organisation, and that the Apache server is free of charge? Or that Rackspace is known mainly for their OpenStack infrastructure - how could they threaten to move from Apache server to IIS? Honestly, why would either of those two companies even care? And who would need Apache to change code when tracking isn't even being done there - it happens in server-side scripts, which Apache has nothing to do with.

      What is a fact is that the patch in question was submitted to Apache by one of the authors of the Do Not Track standard.

    26. Re: Backlash by cbhacking · · Score: 1

      Um... BULLSHIT.

      There's a dialog in IE10 on first run that asks you, among other things, whether you want to enable DNT. It's true that Microsoft made DNT the recommended setting (meaning, if the user selects "give me the recommended settings", it will be enabled), but the user is informed what those recommended settings are beforehand, and they don't have to accept them. Microsoft they certainly didn't make the decision for you. Grow the fuck up.

      --
      There's no place I could be, since I've found Serenity...
    27. Re:Backlash by cbhacking · · Score: 1

      The open source philosophy*, apparently:

      Chois is good, but $DEITY help the closed-sourse software that recommends a choice even if it's the most user-friendly one!

      *Note: I use quite a lot of open source software, and have contributed to a few projects and published a couple of my own. I do it pragmatically, not out of zealotry, though.

      --
      There's no place I could be, since I've found Serenity...
    28. Re:Backlash by Anonymous Coward · · Score: 0

      Yes, this happens. I've never seen an instance of a site going down where the owner/admin wasn't being a douche trying to screw over the users for revenue though. And in those instances, we always came back with another community and let that one squander. It's not a sin to collect ad revenue for your site, but you also shouldn't be an abusive ass about it and try to coerce your user's machine into working against them just so you can squeeze a bit more out.

    29. Re: Backlash by Billly+Gates · · Score: 1

      Go google past news stories last year?

      Yes Apache ignores DNT by default even if the user/browser requests it. Apache claimed its users were in an uproar! Its users being advertisers, ISPs, and others. Godaddy uses Apache as well and many felt without ads the demand for hosting sites would go down and threatened to cut funding if Apache didn't ignore DNT in future releases.

      TO me that is the most atrocious of all. You need to hack and edit config or .h files in the source code to get it to even respect the standard. So really you have other forces out there opting you out of DNT and opting you in to psychological manipulation from advertisers instead.

      On slashdot everyone stood up for Apache for some reason and bashed MS yet again. I was under the impression rackspace offers both as well since they did buy SGI and have lots of unix hosting logically.

      --
      http://saveie6.com/
    30. Re: Backlash by Billly+Gates · · Score: 1

      I remember the article about MS implementing DNT by default. It was actually one of the few occasions around here where they got praised. Normally they're so anticonsumer rights they don't deserve it.

      Funny what happens when you have competition. Google Chrome would become just as bad and evil if no competion were around. Same in Firefox. I was really worried a decade ago that MS would still own 90% of the market with IE 6 today, but glad Firefox was there to stop it.

      Now we see a better browser

      --
      http://saveie6.com/
    31. Re:Backlash by LordLimecat · · Score: 1

      Perhaps I wasnt clear enough. When you request data from a website's server, the response often includes pointers to data not hosted on that server. Sometimes it is images, sometimes JS (ie, google analytics, or discus, or SSO). Sometimes those pointers pull in ad data. But all of it was done with the explicit approval of the site owner, who you requested data from; and unless you are using DNT, your request was explicitly that that website give you everything that it had published, 3rd-party data and all.

      That is true of EVERY site that has a Fecebook "like" button, or Reddit link, or AddThis or Google+ button, or ad from DoubleClick, and on and on and on, ad nauseum. Every one of them.

      Yes, and ALL of those are on sites which gave their explicit OK. You are visiting a site which has explicitly included 3rd party data. The solution? Either block it on your end, or stop requesting "everything published" from that website-- ie, dont visit that site.

      For the record, the first option is unbelievably easy in Chrome and Firefox, with Ghostery and Adblock.

    32. Re: Backlash by countach · · Score: 1

      Maybe I'm naive, but I don't care about being tracked so I can be served useful ads. As a choice between seeing useful ads and non useful ones, I'd prefer to see useful ones. Remind me again why I should care?

    33. Re:Backlash by Anonymous Coward · · Score: 0

      The backlash from the Apache people who were employed by advertisers and hosting companies for one.

    34. Re:Backlash by Jane+Q.+Public · · Score: 1

      "Yes, and ALL of those are on sites which gave their explicit OK. You are visiting a site which has explicitly included 3rd party data."

      I understand. It seemed to me in your other comment as though you were referring to the end user, not the site owner.

      But regardless, while the site owner has wittingly or otherwise, approved the 3rd-party content someone visiting the site does not know it is there in advance. So there is no informed consent on the part of the user. That was my point.

      And this is why "opt-out" strategies cannot work effectively. First, you cannot know in advance what you want to opt out of. Second, finding where and how to opt out can be a big problem. Third, often (unless you are using additional tools than a "standard" browser) you have no way of even knowing who is tracking you, and when. (Some are obvious, like Facebook "like" buttons. Some are not.)

      So the ease of blocking is mostly irrelevant to the discussion. That blocking should not be necessary in the first place, in order to prevent unwanted, intrusive tracking by third parties. That is an overt, intrusive act on the part of someone else, and does demonstrable harm to you in the form of invading your privacy.

      So saying "just don't go to that site" is not good enough. Because you don't know what's on that site in advance. Therefore a strict "opt-in only " policy should be the law.

      And there is still the problem of tracking those who are under 13. Again, it's not possible for either party to know in advance whether they are doing that. (For example: if company X knows that person with a cookie containing ID #12345b67cdf is under 13, so don't track them... they have to KNOW that party visited that site by looking at the cookie, before they can even NOT track them... it's a catch-22.) A strict opt-in ONLY policy would prevent this.

    35. Re: Backlash by Barefoot+Monkey · · Score: 1

      That's the thing. We'd all like not to be tracked. Well, most of us, at least. However DNT does not control whether or not you are tracked - it merely conveys whether the user has specifically asked not to be tracked (or to be tracked, in the case of DNT: 0). This is useful because it is a necessary component in other means to stop tracking. For example, some countries might manage to get a law passed forbidding tracking unless the user has opted in, in which case a DNT:0 request header could be a convenient legal requirement for tracking. Another place might pass a law forbidding tracking users who have opted out. This would be difficult because how would you know if someone has opted out without some degree of tracking? Well, looking for a DNT:1 header would do the trick. Another situation would be if some privacy-motivated coalition negotiated a deal with major advertisers where the advertisers wouldn't track users that send a DNT:1 header provided that browsers don't send DNT:1 by default.

      Now, what are the effects of IE's approach? First off, that deal actually managed to happened, but it broke down because IE send DNT:1 by default. The other two cases are hypothetical.

      If it were law that tracking someone who has opted out of tracking is illegal, and an advertiser is caught tracking IE users who send DNT:1 the advertiser could argue that they have no reason to believe that the user has opted out at all, and point to the fact that IE sends DNT:1 regardless of whether the user has asked not to be tracked - and that the only users who don't send DNT:1 are those who edited the setting from the default and explicitly asked requested their browser NOT to request no tracking. Someone who asked not to be tracked would have DNT:1, but someone who didn't would ordinarily be sending DNT:1 too, and there's no way tell the difference - but some statistics could be provided showing that the majority of users don't try to opt out of tracking and therefore DNT:1 headers correlate mainly with users who did not opt out (and if the browser says otherwise then it is simply lying). They might go to court and they might lose that argument, but there's also a rather good chance that they would win it and become exempt from having to respect DNT headers, assuming they even get caught in the first place.

      If it were law that tracking requires opt in, they could easily argue that lack of opt-out qualifies as opt-in for the same reason as above - that the user went out of his way to specifically not ask not to be tracked. Thus consent is implied even if there is no DNT header at all.

      The DNT header is meant to be a way to indicate whether the user has opted in or out. IE opting out on the users behalf unless they specifically asked for tracking to be allowed gives slimy advertisers the opportunity to claim that apparent opting out implies not opting out, and that not opting in or out implies opting in - leaving nothing at all to imply actually opting out.

      Microsoft's decision does absolutely nothing to block tracking (actual blocking - as opposed to DNT requests - is the topic of TFA in fact); all it does is remove any way for a user to unambiguously opt out.

      If you really don't want to be tracked then we need 2 things: a law that compels advertisers to respect opt-ins and opt-outs, and for browsers not to send fake opt-outs on behalf of the users. If Microsoft actually wants to protect users from tracking then it should look into blocking trackers like Mozilla is doing here, and informing users that they can opt out of tracking instead of doing so automatically and leaving users with only the option of stopping the opt-in requests.

    36. Re:Backlash by sjames · · Score: 1

      Imagine that, paid shills objected to something adverse to their employer. That's not normally considered backlash.

    37. Re: Backlash by perryizgr8 · · Score: 1

      I'm sure a browser could pose the question with some information the first time the browser is launched to make the preference an explicit user choice.

      that's exactly what happens when you install/update ie. it tells you its going to set some settings, and it mentions setting do not track to on. and then you can click yes, or you can customize.

      --
      Wealth is the gift that keeps on giving.
    38. Re: Backlash by Anonymous Coward · · Score: 0

      historical axiom: any power that can be abused sooner or later will be.

      the kind of data advertisers track is the kind of data the stazi would've killed for. How many stories have we seen the last couple of years of US goverment spying on everyone? The whole tracking thing is bound to end badly, I give it 20 years tops before big abuse happens.

    39. Re: Backlash by Anonymous Coward · · Score: 0

      apache didn't cave in, someone posted a configuration snippet for apache to make it work the way the advertisers wanted.

    40. Re: Backlash by DrXym · · Score: 1

      Bogus analogy is bogus.

    41. Re: Backlash by DrXym · · Score: 1

      MS did plenty wrong. They subverted an explicit user preference that said DO NOT TRACK by turning it on by default thereby eliminating that explicit preference and any reason advertisers might choose to honour it. They would have been better off to pose the explicit question during setup and if the user skipped the question then assume enable.

    42. Re: Backlash by DrXym · · Score: 1
      The decision they were making has managed to destroy the do not track function entirely. Second, just because you Mr Anonymous Coward wanted that setting is by pure luck since they didn't bother to ask. Most people probably don't care as much as you do about the setting, and most people if they did care would appreciate a straightforward "Do you want to enable tracking question?" to make the choice explicit.

      I expect Apache "sided" with advertisers is because they recognized the brokenness of a privacy setting which the user did not consent to. It would be very easy to fix and make the preference an explicit user choice.

    43. Re:Backlash by Anonymous Coward · · Score: 0

      The open source philosophy*,

      this is the main difference between 'open source' and 'free software',

      open source shares code because it is a more efficient to code, they don't really give a damn about the users opinion
      free software shares code because it is best for the user (yes even the non-programmers, they too benifit indirectly from more people having the ability to fix bugs)

    44. Re: Backlash by DrXym · · Score: 1

      Yes and you can skip it. As many people doubtless do. If you bothered to read the tracking preference draft spec you would see it is meant to represent an explicit user preference with a default behaviour of "unset". By defaulting to something else Microsoft have broken the spec and emasculated it. They could have posed the question in the setup and if the user skipped the question, then abide by the spec and use the default unset value.

    45. Re: Backlash by nukenerd · · Score: 1

      I don't care about being tracked so I can be served useful ads. As a choice between seeing useful ads and non useful ones, I'd prefer to see useful ones. Remind me again why I should care?

      Sounds like you do care - you care that you should receive ads useful to yourself.

      That is why there should be a choice. You will choose tracking, fine. I will refuse it.

  2. Easy Peasy by NoNonAlphaCharsHere · · Score: 1

    about:config
    NSA=false

    1. Re:Easy Peasy by ZDroid · · Score: 0

      Oh, also add spies=false. And you will be free digital American. :D

    2. Re:Easy Peasy by TheRealMindChild · · Score: 4, Funny

      Don't you mean browser.privatebrowsing.allowNSASpying=false?

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  3. Ad industry will protest against this by Anonymous Coward · · Score: 0

    But doesn't Safari already do it? But Safari is not used as widely as Firefox is.

    1. Re:Ad industry will protest against this by kthreadd · · Score: 1

      Safari blocks third party cookies by default, but they don't set DNT header unless you say so.

    2. Re:Ad industry will protest against this by renimar · · Score: 1

      Safari is used as the default on the 18 kajillion iPhones and iPads out there.

      --
      In other news, Microsoft Windows users are now covered under the Americans with Disabilties Act...
    3. Re:Ad industry will protest against this by NatasRevol · · Score: 1

      And then you have to enable the develop menu in the preferences, then go to the develop menu & select 'Send Do Not Track HTTP Header'

      --
      There are two types of people in the world: Those who crave closure
    4. Re:Ad industry will protest against this by Anonymous Coward · · Score: 0

      Browser market share

    5. Re:Ad industry will protest against this by kthreadd · · Score: 1

      No it's in the regular preferences. Under Privacy, Website tracking. Select the checkbox right next to "Ask websites not to track me."

    6. Re:Ad industry will protest against this by voidphoenix · · Score: 1

      That links to Desktop Browser Market Share. He said "iPhones and iPads", i.e. not desktop: Mobile/Tablet Browser Market Share.

      --
      Excuse me, wtf r u doin?
  4. girlintraining advances do not track tech MOAR. by girlintraining · · Score: 4, Interesting

    I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.

    Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

    But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.

    The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:girlintraining advances do not track tech MOAR. by ebno-10db · · Score: 4, Interesting

      Good idea. There's something interesting about Tor I didn't realize before reading the the Wikipedia article:

      Originally sponsored by the U.S. Naval Research Laboratory ... As of 2012, 80% of the Tor Project's $2M annual budget comes from the United States government, with the Swedish government

      Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

    2. Re:girlintraining advances do not track tech MOAR. by arth1 · · Score: 1

      Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

      That's a very strange captcha.

    3. Re:girlintraining advances do not track tech MOAR. by fustakrakich · · Score: 1

      Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes.

      See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:girlintraining advances do not track tech MOAR. by girlintraining · · Score: 1

      See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

      See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other.

      -_- Dude, this isn't a problem with Tor. It's a problem with certain for-profit companies that hate anonymity. An exit node contains a sampling of all the Tor traffic in aggregate. Sure, the exit nodes are published... but so are your ISP's BGP routes. The difference is that unlike your ISP's traffic, which has your IP address tacked to every request, what comes out of an exit node doesn't.

      --
      #fuckbeta #iamslashdot #dicemustdie
    5. Re:girlintraining advances do not track tech MOAR. by Anonymous Coward · · Score: 1

      It's a problem with certain for-profit companies that hate anonymity.

      It's not just for-profit, I've banned all exit nodes on several non-profit community sites, because all TOR-traffic was bad traffic nobody wants.

    6. Re:girlintraining advances do not track tech MOAR. by Anonymous Coward · · Score: 0

      Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

      This is why you must use end-to-end encryption, they won't know it's you unless it's your Facebook or Bank of course.

      Slashdot blocking exit-nodes for logging in is lame, however it makes perfect sense blocking them for AC users.

    7. Re:girlintraining advances do not track tech MOAR. by Virtucon · · Score: 1

      "To Serve Man, ... It's a Cookbook!"

      --
      Harrison's Postulate - "For every action there is an equal and opposite criticism"
    8. Re:girlintraining advances do not track tech MOAR. by Anonymous Coward · · Score: 0

      Just looked at the tor exit addresses list at http://exitlist.torproject.org/exit-addresses - what is in that 'ExitNode' string? There must be something somewhere that explains how to decode that and get some meaningful info from it, but I can't find it.

    9. Re:girlintraining advances do not track tech MOAR. by Jane+Q.+Public · · Score: 1

      "It's called Tor, and the more people who use it, the safer it becomes."

      There's a potential problem with that.

      While it is true that the more people who use it (or more accurately, the more people who host exit-nodes) the better, as it stands the government has been singling out those who use privacy-enhancing technologies, like Tor and encryption.

      Bad, BAD Government! (Seriously, it IS bad. It's an attack on the whole "right to communicate privately" concept.)

      Having said all that, the more people who use these technologies the better. I particularly recommend Tor and OneSwarm.

    10. Re:girlintraining advances do not track tech MOAR. by Jane+Q.+Public · · Score: 1

      "See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other."

      Yes, it IS a problem with Tor. It CAN'T hide the exit nodes. The most well established of them are closely watched by government.

      There are only a couple of answers to that, and preferably a combination of both: lots more exit nodes, or switching them on and off randomly. Lots and lots more exit nodes that are switched on and off randomly would be best.

      The whole concept of Tor relies on exit nodes not being easily monitored. Easy or not, the government has been monitoring them. So make it not worth their while by multiplying the numbers of nodes.

    11. Re:girlintraining advances do not track tech MOAR. by Jane+Q.+Public · · Score: 1

      BUT... I have been saying for years that the only way to get a really safe and secure Internet is to invent a truly distributed DNS system. Anything else is too prone to government control and abuse.

    12. Re:girlintraining advances do not track tech MOAR. by chihowa · · Score: 1

      As much as I hate the Dice Holdings situation, Slashdot has banned Tor since long long before Dice bought them. At least as early as 2005, Slashdot was not allowing logins or posts from Tor exit nodes.

      Slashdot (the company) is about as luddite as a tech oriented site can get.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    13. Re:girlintraining advances do not track tech MOAR. by Anonymous Coward · · Score: 0

      Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

      NSA records and track *everything* already, I don't realize there are still people who thought otherwise.

      Yes, they recorded this post also.

    14. Re:girlintraining advances do not track tech MOAR. by tlhIngan · · Score: 2

      I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.

      Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

      But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.

      The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.

      Yeah, too bad you can be identified without your IP address.

      IP address tracking has been useless since NAT got popular because there can easily be dozens of people behind one IP address with disparate interests and tastes.

      It may be why IPv6 adoption will be heavily pushed by advertisers who can now glean both a household and a PC - most PCs aren't used by more than a few people and nowadays most people have one PC per member (at least, the people of interest to advertisers). A household can be identified by the prefix of an IPv6 address (since most ISPs give out a full prefix /64 to a subscriber), while an individual PC will have an IP address within said prefix. Might be wise to invest in NATv6...

      Even without that, your uniqueness can be gleaned from your browser - the EFF Panopticlick can identify how unique you are by your browser. Unless you use a different one while using Tor, your browser fingerprint will easily be used to link your identities together.

      In fact, if Firefox wants to upgrade privacy? They could start by standardizing the headers they send so every firefox user appears like every other firefox user. Perhaps even restrict what javascript information is allowed to be retrieved.

      I just did a test and with javascript off, my browser was 1 in 3500. With it on, its unique.

    15. Re:girlintraining advances do not track tech MOAR. by fustakrakich · · Score: 1

      Re your sig:

      You have it backwards. It is Tor that needs to work with Dice. It has to disguise itself better. That's my whole point. If Tor looks like Tor, then you're screwed.

      --
      “He’s not deformed, he’s just drunk!”
  5. Disruption by Anonymous Coward · · Score: 0

    From the first article:

    Advertisers have criticized Mozilla's move. "They're putting this under the cloak of privacy, but it's disrupting a business model,"

    If a business model is disrupted, doesn't that mean it's time to change to a new one?

    1. Re:Disruption by Dupple · · Score: 1

      Well, the advertisers could market their own browser that explicitly tracks and will not block ads.

      How well do you think that would do Mr Advertiser?

      --
      Watch those corners
    2. Re:Disruption by Cenan · · Score: 1

      Chrome

      --
      ... whatever ...
    3. Re:Disruption by cbhacking · · Score: 1

      Ha, indeed. Too bad I already moderated here.

      There was a thread in the discussion of Microsoft's YouTube app (for WP8) not showing ads. Some fool suggested that Google update Chrome to block all Microsoft ads, and see how they like it. The problem is, the slice of Microsoft's income that comes from ads is smaller than the (tiny) slice of Google's income that *doesn't* come from ads. If Google did what that airhead had suggested, Microsoft would simply have resonded in kind... which would have been a huge blow to Google's business model.

      Before anybody shouts "but but MONOPLY!!!", please bear in mind that at this time, Chrome and IE are about neck-and-neck for market share in most of the world, and such an update would likely only target the newer IE versions (the ones with some ad filtering capability already built in).

      --
      There's no place I could be, since I've found Serenity...
  6. Re: girlintraining advances do not track tech MOAR by Anonymous Coward · · Score: 0

    In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.

  7. Unilateral and therefore doomed by s1lverl0rd · · Score: 1

    This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla.

    As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.

    1. Re:Unilateral and therefore doomed by kthreadd · · Score: 1

      The problem was there from the start. Do-Not-Track is built on the premise that most users won't know about it. Only those who have enough knowledge about the situation will go to the preferences and turn it on.

      What we should have is legislation which says that you are not allowed to track unless a Do-Track header exists and is set to true. Let people opt in to tracking and see how many will do it. And if it's that important that you are able to track your visitors then by all mans check that the header is set and display a message saying that you want to track them in order to serve the content.

    2. Re:Unilateral and therefore doomed by Anonymous Coward · · Score: 0

      They're the ones who started the arms race in the first place. Did you think Microsoft did that out of the goodness of their hearts? Hardly. It was the impetus necessary for DNT to fail, and Microsoft (a huge advertising firm) was smart enough to leverage it as a win-win scenario (kill DNT *and* earn mindshare for wanted to "protect privacy").

      If trackers weren't such gluttons and behaved more responsibly as web citizens (not to mention in terms of consumer rights) they wouldn't have to whine so damn much about having their wings clipped. Their free ride is ending, and they're not happy about it. Soon they will have to ask permission before stomping all over end user's privacy to deliver them ads.

    3. Re:Unilateral and therefore doomed by Anonymous Coward · · Score: 0

      As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.

      Except, the advertising industry never intended to honor DNT anyway.

    4. Re:Unilateral and therefore doomed by kthreadd · · Score: 1

      Which is why we need legislation that says that they should.

    5. Re:Unilateral and therefore doomed by Anonymous Coward · · Score: 0

      Which is why we need legislation that says that they should.

      I agree, but saying Microsoft killed a good thing here is just bollocks.

    6. Re:Unilateral and therefore doomed by Mr.+Slippery · · Score: 1

      This will simply not work - it's a technical solution to a social problem

      When the social problem (spying on people in order to improve the mind control that is advertising) is an abuse of technology (cookies, Javascript), a technical solution can be appropriate.

      --
      Tom Swiss | the infamous tms | my blog
      You cannot wash away blood with blood
    7. Re:Unilateral and therefore doomed by Jane+Q.+Public · · Score: 2

      "This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla."

      Nonsense on both counts.

      It is not a "social problem". It's a corporate and government abuse problem. Those are 2 very different things.

      And it's not implemented only by Mozilla. Safari has had the feature for a while, and there have been plug-ins that do this available on various browsers for at least a couple of years.

      Further, Firefox has had a setting to turn off 3rd Party Cookies for a long time now. It's just not turned on by default (yet), but most people with half a brain use it. The other problem is that this setting only blocks "regular" cookies. Flash cookies and other kinds of persistent cookies require other measures.

      But I have been blocking 3rd-party "regular" cookies and javascript for quite a while. And I didn't realize just how effective it was until I turned off cookie and flash blocking recently (temporarily, for technical reasons), and was inundated by 3rd-party flash ads and cookie requests and javascripts.

      They can go suck eggs. I'm a BIG fan of blocking. It makes my quality of internet life significantly better. Really, it is pretty clear by now that any form local storage without an explicit opt-in should just plain be illegal. This doesn't go that far but it's a step in the right direction.

    8. Re:Unilateral and therefore doomed by cbhacking · · Score: 1

      IE has also been able to block third-party cookies (for longer than Firefox has even existed). The capability for this is nothing new.

      --
      There's no place I could be, since I've found Serenity...
    9. Re:Unilateral and therefore doomed by FatLittleMonkey · · Score: 1

      the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default.

      Please stop regurgitating this propaganda from Apache that MS did anything wrong. Microsoft did not make DNT1 the default, they recommended it to their users by default, during the first-use setup. The user still chose whether to accept the recommendations, decline (which left DNT null), or customise the settings.

      The ad industry (and hence Apache) were never going to honour DNT once enough people knew about it. The IE10 episode merely demonstrated that. It didn't make any difference how MS presented it to users, advertisers were going to cry fowl.

      I really hope MS follows Mozilla's lead and adds a Ghostery-like tracking-blocker to IE, and I hope they do turn that on by default. (Just as every browser eventually did with pop-ups windows. Abuse the privilege and it will be taken away from you.)

      I suspect that one day, loading any content from third party servers will end up being blocked by default by all browsers. The trend is heading that way, little by little. Advertisers have abused every system they have touched.

      --
      Science is all about firing a drunk pig out of a cannon just to see what happens.
  8. *FACE PALM* by ProfessorKaos64 · · Score: 0

    We have been through this before. You can all you want at the browser level to ask the bullies to stay away, but they will just go on ignoring that and track you anyway. BOOM, rap song. Seriously, though, this is nothing new, and no slimy advert company is going to pay attention to the browser flag. Just get a Proy/VPN/Tor Connection already. For the uninitiated, just forget it. This is why man has crated the Tor Browser https://www.torproject.org/projects/torbrowser.html.en

    1. Re:*FACE PALM* by arth1 · · Score: 1

      This is why man has crated the Tor Browser

      An apt typo. You cannot know whether the exit node is dead or alive until you get results, and must treat it as both.

    2. Re: *FACE PALM* by ProfessorKaos64 · · Score: 0

      Thanks for catching me there, doh.

    3. Re:*FACE PALM* by Jane+Q.+Public · · Score: 1

      Hahahaha! Best one I've seen all week!

  9. How is this different than by Anonymous Coward · · Score: 0

    Manually unchecking "Tools | Options | Privacy | Accept third party cookies", which has been supported at least since FFv3? Just that it's now unchecked by default?

    Since most people are too lazy to configure their browser as long as they kept getting web pages, I see how advertisers would be upset by such a move. But I wouldn't call that an "advance in do not track technology".

    1. Re:How is this different than by kthreadd · · Score: 1

      It's the tyranny of the default. Most people don't know about it.

      It's the same reason why advertisers want DNT to be off by default, because most users don't know that they can opt out.

  10. Re: girlintraining advances do not track tech MOAR by Anonymous Coward · · Score: 0

    FUD

    That AC (not this AC) doesn't want you to use TOR.

  11. Re: girlintraining advances do not track tech MOAR by girlintraining · · Score: 5, Informative

    In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.

    I suppose if you're dumb enough to disregard the gratuitous warnings on the download page, the application itself, the configuration file, the manual, and every internet site that offers a 'how to', all of which lay out in explicit detail what an exit node is, and why enabling one on your personal home internet connection is very bad, then you deserve a punch in the face. But you won't go to jail over it. Not even in Canada... no more than running an open wifi will. And yes, that's been to court. And yes, the guy shit bricks. But he was found guilty only of criminal stupidity.

    The correct way to configure Tor in a way that helps everyone and avoids this problem is to set it up as a relay, thus any traffic that comes and goes through your system is encrypted, there is no way for you (or anyone else) to tell what its contents are, and stays within the Tor network.

    But by all means, we should all just give in to having our privacy violated by corporations, governments, and anyone with slightly more technical finesse than this Anonymous Coward does... all because a very tiny fraction of the population wants to look at child porn/terrorist websites/whatever is politically unpopular this week.

    --
    #fuckbeta #iamslashdot #dicemustdie
  12. Re: girlintraining advances do not track tech MOAR by larry+bagina · · Score: 1

    Don't run tor as an exit node. Problem solved.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  13. Standard Mozilla Profile by Anonymous Coward · · Score: 1

    Can we get a standard profile to defeat this form of tracking:
    https://panopticlick.eff.org/

    (browser profiling, unique in my case to at least 1 in 2.5 million, and thus able to identify one person behind a session based NAT out of 2.5 million others).

    Also first-time-exchange public keys for Thunderbird. There's a lot of things in privacy that Mozilla can do, that Google and others won't.

    1. Re:Standard Mozilla Profile by wiredlogic · · Score: 1

      Using NoScript helps reduce the amount of profiling information you leak. Granted, the fact that javascript is disabled is also a distinguishing itentifier but it plugs up more holes than it creates.

      --
      I am becoming gerund, destroyer of verbs.
    2. Re:Standard Mozilla Profile by Anonymous Coward · · Score: 0

      Or rather properly randomize the browser-fingerprint on every browser start.

  14. Not technology by Hentes · · Score: 1

    Neither sending a DNT request, nor compiling a list of known trackers requires any new technology. Blocking third-party cookies is relatively efficient already, but doesn't work when the site collaborates with the advertisers to track you. Coming up with a solution to that would be actual development.
    Making some settings default is simply a business decision, and a bad one at that. Users who don't take the trouble of changing a few settings probably don't care much about their privacy.

    1. Re:Not technology by Anonymous Coward · · Score: 0

      Users do care about their privacy, they just don't know it's being impinged-upon. They only see a bunch of ads, and rarely suspect they're actively being tracked unless they have that uncomfortable moment of silence when they were just delivered an ad that hits a bit too close to home (there is an active area of research to help prevent serving such uncomfortable ads, rather than psychologically pleasant variants).

  15. Good. Make them Squirm by Secret+Agent+Man · · Score: 2

    Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.

    1. Re:Good. Make them Squirm by Anonymous Coward · · Score: 0

      The whole point of Do Not Track was not to be turned on by default. I can't help but think that Microsoft, themselves one of the big data trackers, undermined that agreement on purpose.

    2. Re:Good. Make them Squirm by Billly+Gates · · Score: 1

      By default it is turned on. The web server software is opt in. Advertisers quickly threatened Apache and gave patches and they caved in. So again they win and decide for us

      --
      http://saveie6.com/
    3. Re:Good. Make them Squirm by wiredlogic · · Score: 1

      What will happen is that advertisers will implement systems to collect data with cooperation from site operators to eliminate the need for 3rd party cookies.

      --
      I am becoming gerund, destroyer of verbs.
    4. Re:Good. Make them Squirm by cbhacking · · Score: 1

      Some... idiots.

      Leaving aside the entire point that you're making a really stupid argument ("the whole point of a privacy feature is that it not be active by default..." WTF??) you're also flat-out wrong.

      Fact: IE does not enable DNT by default. If you dismiss the first-run dialog (not the same as clicking the "enable this enumerated list of configuration options" button) it will not send DNT.
      Fact: Right below the "enable this enumerated list of configuration options" (which of course includes the DNT option), there's a button saying "don't enable those for me; let me decide them individually".

      --
      There's no place I could be, since I've found Serenity...
    5. Re:Good. Make them Squirm by khchung · · Score: 1

      Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.

      Exactly. This is no different than the police handing out "Do Not Rob" stickers to tourists, imagining that if few enough people put it on, then the thieves would spare those in return for the police focusing less effort to catch them. Anyone with half a brain will realize every tourist will put on the stickers, thus immediately making it totally pointless.

      --
      Oliver.
    6. Re:Good. Make them Squirm by thegarbz · · Score: 1

      Yes surprise surprise people stopped supporting an opt-in system by design when it became opt-out.

      Advertisers supported it when it represented consumer preference. It no longer does. You can thank one company in an attempt at standing up for your privacy in a way that only a marketing department could think of, they have effectively made privacy worse for everyone.

      But hey we shouldn't expect any improvements in any experience we get from Microsoft.

    7. Re:Good. Make them Squirm by Anonymous Coward · · Score: 0

      well, then at least the site operators won't be able to hide behind a 3th party as they'll be active participants

  16. Apache will disable it by Billly+Gates · · Score: 1

    They already disabled IE10s dnt. I was surprised by the la k of outrage here but people defended the advertisers who fund apache as they hate ms more than Apache caving in to advertisers

    --
    http://saveie6.com/
  17. Some sites block... by QuietLagoon · · Score: 1
    Some sites block you if you do not allow their cookies unfettered access. One example is target.com (the department store). You cannot get past the home page unless you open up your browser to all the cookies they want to place on your disk. It doesn't make sense for a store to prevent customers from using their website to shop.

    .
    Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?

    1. Re:Some sites block... by swillden · · Score: 1

      Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?

      Clearly, Target wants to track the users to whom they sell merchandise so they can sell them more merchandise. These aren't conflicting goals, unless users actually refuse to use Target's web site because they don't want to be tracked. But hardly any users refuse, so the net value to Target favors tracking. I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Some sites block... by mjr167 · · Score: 1

      Simple solution: do not use Target's website.

    3. Re:Some sites block... by QuietLagoon · · Score: 1

      unless users actually refuse to use Target's web site because they don't want to be tracked.

      Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

      I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

      Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

    4. Re:Some sites block... by QuietLagoon · · Score: 1

      Simple solution: do not use Target's website

      Target has already made that decision for me --- they do not allow me to use their website.

    5. Re:Some sites block... by swillden · · Score: 1

      unless users actually refuse to use Target's web site because they don't want to be tracked.

      Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

      It's the customers' choice to enable cookies.

      I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

      Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

      Sure it is, if it allows the store to profit even more from those who do come in. Are you also going to tell me that Costco is foolish for refusing entry to non-members?

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Some sites block... by Mr.+Slippery · · Score: 1

      Simple solution: do not use Target's website.

      Or use it, then delete the cookies. You are allowing only session cookies except for a handful of sites, right? Restart your browser, cookies go away.

      --
      Tom Swiss | the infamous tms | my blog
      You cannot wash away blood with blood
    7. Re:Some sites block... by Stan92057 · · Score: 1

      i have 3rd party cookies blocked and had no warnings from target. I do allow site cookies and run 2 ad blocker and nothing from Target

      --
      Jack of all trades,master of none
    8. Re:Some sites block... by Barefoot+Monkey · · Score: 1

      I recommend configuring your browser to keep cookies only until you close your browser. This is quite easy to do in Firefox - go to the options, in the Privacy tab, and under the checkbox for whether to accept cookies there's a dropdown labelled "Keep until:". Set that to "Keep until: I close Firefox". Then you can grab something like Cookie Monster to make it easy to whitelist those site where you do want persistent cookies. Which browser are you using, by the way?

    9. Re:Some sites block... by iggymanz · · Score: 1

      don't shop at their store either. vote with your dollars and your feet...

    10. Re: Some sites block... by Anonymous Coward · · Score: 0

      This just in -- most people leave their browser running for days or weeks at a times, and only restart when it crashes or a memory leak gets out of hand; of course a session can last even longer, as when you start chromium (and I assume other browsers) after a crash, it prompts you to resume the old session.

      IMO browsers should really offer more useful options for "session" cookies, such as zapping them after an adjustable time without using that site (on the order of 10 hours sounds reasonable, but let the user set any time), preserving them over the now-rare browser restart, and letting these various behaviors be overridden on a per-site basis. (Naturally the same options must be available for persistent cookies, just with different defaults.)

    11. Re:Some sites block... by cbhacking · · Score: 1

      FWIW, IE offers a different take on this: block third-party *requests* from sites you don't like/don't trust/are on EasyList (yes, EasyList for AdBlock Plus also publishes their block list for IE, as do many other such lists). I don't hugely care if a site wants to set a cookie on my browser, so long as they can't retrieve that cookie when I'm on any other sites.

      It also breaks that stupid "X of your friends of Facebook liked this! ::THUMBSUP:: if you do too!" thing that a bunch of sites use; the request from Facebook is silently ignored, so the site can't even tell if you have an account. You can also easily (it's a button on the address bar) disable this filtering on a per-site basis (same as turning off an ad-blocker, which it also works quite effectively as). The feature is called "Tracking Protection" and is present in IE9 and newer.

      --
      There's no place I could be, since I've found Serenity...
    12. Re:Some sites block... by Barefoot+Monkey · · Score: 1

      Now that's interesting - I didn't know about IE9's tracking protection, or that it let you subscribe to blocklists. Thanks for sharing.

  18. Block all third party content by Anonymous Coward · · Score: 0

    Google is tracking everyone through their "script library service", and web authors are stupid enough to believe that avoiding a single download of a 20kB file in a long time is worth serving their visitors to Google on a silver platter. There should be a warning every time a web site loads third party script, css, image or any other file, and the option to keep allowing third party content should expire every 7 days, so that users are repeatedly reminded if a web site uses treacherous content.

    1. Re:Block all third party content by Anonymous Coward · · Score: 0

      a) you clearly don't understand the difference between tracking and (possible) logging. By the way, thanks to caching, visiting several sites using same script source will mean only one request and download - which means possible tracking points will be separated by week or how much it takes for cache to expire.
      b) you clearly don't understand the difference between 1 user downloading 20kb and a million users downloading the same. 20Gb is stupid saving too? See also previous comment on caching
      c) you clearly don't understand how many CDNs are used by every site. Your proposed warning would just annoy users and get turned off by majority in no time, like UAC in Vista. Even all icons on this page are from a third-party.

    2. Re:Block all third party content by Anonymous Coward · · Score: 0

      a) Google can screw with the caching directives at any time and at least for some time they didn't actually send appropriate headers.
      b) Trying to save 20GB with a million visitors by making your entire site depend on a third party service is indeed very stupid when the size of just a single page often approaches 1MB.
      c) The web is as it is because third party content is not flagged as a potential problem. There's no reason why static content couldn't be served from the same domain as the rest of the page.

  19. Start with by Skapare · · Score: 2

    Every domain name needs to be fully isolated from each other. This includes blocking link referrers (that misspelled Referer header), as well as cookies, that provide any info to one domain about another. So if you click on a link that takes you to another site, it should NOT include the Referer header at all, unless you opt in to that (which should allow opt-ing per domain).

    --
    now we need to go OSS in diesel cars
    1. Re:Start with by Fastolfe · · Score: 1

      Think this through, for a moment.

      The advertiser and content provider are working together. The content provider wants ads on their site, and they want you to click on those ads, because the advertiser makes money, and shares that money with the content provider. The two parties have an incentive to cooperate. Both parties want those ads to be relevant to you, because that increases the chances you'll click on them.

      Today, if you are known to the advertiser, but unknown to the content provider, you get shown relevant ads, but the content provider has no knowledge of who you are or what ads you were shown. This works because the content provider can embed content from the advertiser, and your browser identifies itself to the advertiser independently of the content provider by way of these cookies.

      Without third-party cookies, advertisers and content providers are going to look for other ways to keep their ads relevant. The easiest way to do this is to work together to implement these as first-party cookies served by the content provider instead of the advertiser, and have the content provider share these identifiers with the advertiser, and be aware of the ads served to you. Do you think this is better or worse for privacy?

    2. Re:Start with by Anonymous Coward · · Score: 0

      It's better for privacy because then the content provider can't claim innocence. Make web sites responsible for the crap they include with their pages.

    3. Re:Start with by Anonymous Coward · · Score: 0

      look, it would be much better even for the site runners and the advertisers if the ads were funneled _through_ the site you're viewing and included from some other domain.

      adblocking wouldn't be as simple as it is now though, but crossite wouldn't exist.

      it would just need more code and traffic on the actual domain you're getting the content from - but, and here is a big butt, the content provider would be on the hook for compiling a database of what you do and would have to adhere to the privacy and data protection laws of wherever they are operating in. this would mean that an european site would need to adhere to local laws even in their advertising which is certainly something they are now not doing(since they are putting it as somebody elses problem because "hey, that stuff didn't come from us!").

    4. Re:Start with by Anonymous Coward · · Score: 0

      right, cause doing what they've been doing for magazines since forever would be unfeasable

      color me unconvinced

  20. Re:PETA should be against tracking. by Anonymous Coward · · Score: 0

    -1 Oh, my, found a fanboi with moderation points. Mmm, can't see down in that hole to tell which type of fanboi. Be it someone who profits from the rude and unnecessary tracking of humans? Confused PETA member? Petty government tyrant? Other? Combination of those?

    Got another point to burn? I mean at least this one, up till now, is so much more a clear and obvious target in so many ways.

    Fact remains, if you are going to track someone, they really first should have at least enough evidence to appear potentially guilty of something to get a real warrant issued or clear indications they are lost and needing rescuing and no, that don't mean by purchasing your product or service. Now a vendor tracking the purchases of a contractual customer with that customer's consent and limitations is also a possibility, but opt-in required, not opt-out required. Otherwise, leave the tracking targets to tasty animals not requiring cannibalism.

  21. Re: girlintraining advances do not track tech MOA by Anonymous Coward · · Score: 0

    If the correct way to configure TOR is to set it up as a relay, then there would be a greater strain on the exit nodes as they must serve more traffic, no? I mean, it is better for the user, definitely, but I fail to see how that can be healthy for the network as a whole.

  22. Re: girlintraining advances do not track tech MOAR by Virtucon · · Score: 1

    LOL, so your traffic will go in a perpetual loop around the world with no where to get out. Reminds me of the X.25 days...

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  23. Re: girlintraining advances do not track tech MOA by Dekker3D · · Score: 1

    There are alternatives where the TOR traffic is clearly not related to the user who set up the exit node. One thing to come to mind is some Amazon cloud program thing that acted as an exit node. I think it was that, anyway, I didn't pay much attention to it.

  24. Interesting Topic considering that on Slashdot by Virtucon · · Score: 1

    According to my Ghostery window right now for this page. I have blocked:

    Three Double Clicks.
    One Google Adwords
    One Google Analytics
    One Scorecard Beacon
    and Four Jainrain

    Anybody ever try it on Weather.com or CNN.com? Everybody is into tracking..

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  25. Apple my ass by Anonymous Coward · · Score: 0

    The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies.

    Mozilla browsers have had the option to block third party cookies since before Safari even existed.

    Don't believe crap like this unless you see a real source. A story in a newspaper--yes, even a famous newspaper--written by a journalist who doesn't know wtf he's talking about*, with no quote or citation to support it is absolutely NOT a credible source. Like corner-cutting hack journalists everywhere, he probably just heard about the Apple decision earlier and assumed they invented the idea. The stupidest part is that he had a good source right at hand--Brenden Eich!--but apparently didn't bother to ask.

    *Journalists are generalists who work on tight deadlines. Unless they happen to be experts in the field, you can assume they don't know what they're talking about.

  26. Advertisers by Anonymous Coward · · Score: 0

    are not gonna participate in anything that impedes them from collecting the user data that the want. Therefore the only way to not be tracked is to make it not possible for advertisers to track you and gather user info. All web browser developers should have done everything they could toward that end all along, starting many years ago.

  27. Microsoft killed DNT by Anonymous Coward · · Score: 0

    IE was the industry's backlash against Firefox. By removing the information content of DNT headers (making it so that it no longer expressed a nondefault user preference) Microsoft killed DNT.

  28. Re: girlintraining advances do not track tech MOAR by Jane+Q.+Public · · Score: 1

    This is true, but it still doesn't address the essential problem of exit nodes. Adding relays enhances Tor's usability, but not very much its security. More exit nodes do.

  29. Re: girlintraining advances do not track tech MOAR by jc79 · · Score: 1

    Or you browse .onion hidden services only. Much more secure, if somewhat limited. There are .onion gateways to other anonymous nets like I2P as well, and vice versa.

  30. Whitelist all by Artemis3 · · Score: 1

    By default, a browser should not give a referrer, unless explicitly told to do so. Eg. RefControl for Firefox.

    By default, a browser should not accept cookies, unless explicitly told to do so. Eg. CookieMonster for Firefox.

    By default, a browser should not execute scripts or run plugins unless explicitly told to do so. Eg. NoScript for Firefox.

    By default, a browser should not provide the info panopticlick obtains, such as the detailed user agent. That should be outright blank or generic and immutable from now on.

    No, you don't need to know which browser and os i use; design your sites adhering to standards, period. To hell with stats, privacy first.

    By default, a browser should not display images, unless explicitly told to do so. There was a time when this used to be the case, there was even a button to load images only when needed.

    All these whitelist options should have the "accept from same server only"; or explicitly "whitelist server X" option.

    There are also a plethora of little tricks advertisers (and others) use to track you, things Ghostery, and Adblock Edge both help to block.

    If you tell me Firefox is going to provide these by default, or via a privacy setting, then we are talking.

    Face it, the web is hostile. You just can't go out browsing without taking these measures anymore.

    Also performance, don't laugh at the tracking some sites do; most won't even show you the page until every little last of the trackers get your info first, unless you block them from doing so in the first place. Often, one of the 3rd party servers is lagged or down.

    And using the "Do not Track Lists" is begging for the opposite effect, it's like flagging "here i am", it's precisely why you never ever reply to spam emails, especially instructions to "unsubscribe" from their mailing lists, it will just confirm you and sell your email as valid to others.

    As for revenue models and showing ads, i have said so before: serve (host) your own ads or be blocked, period. Syndicated (third party) ads are the first to be blocked by ad-blockers.

    --
    Artix
    Your Linux, your init.
  31. All on one site, faster download by PineHall · · Score: 1

    Too many times I have to wait for the ads to load on a web page. If the ads and cookies were hosted on the parent web site, I think pages would load faster. Mozilla doing this, I believe, does not solve the tracking problem but it may speed things up. Mozilla should also include same domain ads with the cookies.

  32. Go Firefox! by elabs · · Score: 1

    Great to see some support for block-by-deafult from another Browser. IE was going it alone and taking all the heat. Now the pressure is on Google to do the same for Chrome.

    1. Re:Go Firefox! by GuB-42 · · Score: 1

      The mechanism is basically :
      - Allows cookies from sites you have already visited.
      - Blocks cookies from sites you have not visited yet.

      Because you are very likely to have visited Google. It will probably affect them less than their competitors.

  33. Wait what? by Anonymous Coward · · Score: 0

    The blocking technology is based on that used by Apple's Safari. Um.... I don't mean to be rude but firefox had this "technology" for a very long time. It just wasn't turned on by default