Slashdot Mirror
Firefox Advances Do-Not-Track Technology
CowboyRobot writes "Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers. 'We're trying to change the dynamic so that trackers behave better,' Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post. According to NetMarketShare, 21% of the world's computers run Firefox. Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites. Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default."
about:config
NSA=false
I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.
Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*
But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.
The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.
#fuckbeta #iamslashdot #dicemustdie
This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla.
As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.
I remember the article about MS implementing DNT by default. It was actually one of the few occasions around here where they got praised. Normally they're so anticonsumer rights they don't deserve it.
Well, the advertisers could market their own browser that explicitly tracks and will not block ads.
How well do you think that would do Mr Advertiser?
Watch those corners
Safari blocks third party cookies by default, but they don't set DNT header unless you say so.
It's the tyranny of the default. Most people don't know about it.
It's the same reason why advertisers want DNT to be off by default, because most users don't know that they can opt out.
So when's the backlash coming against them like with IE?
Why would there be?
I see this as a good thing.
I only back lash against IE that I know of was that it was for years very insecure and didn't follow WWW standards. Now, IE is pretty nice browser - I still prefer Firefox for various personal quirks, though.
In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.
I suppose if you're dumb enough to disregard the gratuitous warnings on the download page, the application itself, the configuration file, the manual, and every internet site that offers a 'how to', all of which lay out in explicit detail what an exit node is, and why enabling one on your personal home internet connection is very bad, then you deserve a punch in the face. But you won't go to jail over it. Not even in Canada... no more than running an open wifi will. And yes, that's been to court. And yes, the guy shit bricks. But he was found guilty only of criminal stupidity.
The correct way to configure Tor in a way that helps everyone and avoids this problem is to set it up as a relay, thus any traffic that comes and goes through your system is encrypted, there is no way for you (or anyone else) to tell what its contents are, and stays within the Tor network.
But by all means, we should all just give in to having our privacy violated by corporations, governments, and anyone with slightly more technical finesse than this Anonymous Coward does... all because a very tiny fraction of the population wants to look at child porn/terrorist websites/whatever is politically unpopular this week.
#fuckbeta #iamslashdot #dicemustdie
Don't run tor as an exit node. Problem solved.
Do you even lift?
These aren't the 'roids you're looking for.
Can we get a standard profile to defeat this form of tracking:
https://panopticlick.eff.org/
(browser profiling, unique in my case to at least 1 in 2.5 million, and thus able to identify one person behind a session based NAT out of 2.5 million others).
Also first-time-exchange public keys for Thunderbird. There's a lot of things in privacy that Mozilla can do, that Google and others won't.
This is why man has crated the Tor Browser
An apt typo. You cannot know whether the exit node is dead or alive until you get results, and must treat it as both.
Neither sending a DNT request, nor compiling a list of known trackers requires any new technology. Blocking third-party cookies is relatively efficient already, but doesn't work when the site collaborates with the advertisers to track you. Coming up with a solution to that would be actual development.
Making some settings default is simply a business decision, and a bad one at that. Users who don't take the trouble of changing a few settings probably don't care much about their privacy.
Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.
They already disabled IE10s dnt. I was surprised by the la k of outrage here but people defended the advertisers who fund apache as they hate ms more than Apache caving in to advertisers
http://saveie6.com/
.
Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?
Safari is used as the default on the 18 kajillion iPhones and iPads out there.
In other news, Microsoft Windows users are now covered under the Americans with Disabilties Act...
Every domain name needs to be fully isolated from each other. This includes blocking link referrers (that misspelled Referer header), as well as cookies, that provide any info to one domain about another. So if you click on a link that takes you to another site, it should NOT include the Referer header at all, unless you opt in to that (which should allow opt-ing per domain).
now we need to go OSS in diesel cars
And then you have to enable the develop menu in the preferences, then go to the develop menu & select 'Send Do Not Track HTTP Header'
There are two types of people in the world: Those who crave closure
Microsoft's approach to DNT was especially terrible. It does nothing to stop tracking, but it does give advertisers a legal loophole where they can say "even though there was a DNT:1 request header that doesn't necessarily mean the user opted out of tracking".
It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.
Chrome
... whatever
Nice spin. In truth, they simply made the default 1. Your null argument is weak since null would have been treated like 0. Now null is treated like 1 and users have to opt-in. Advertisers didn't want that, they wanted opt-out so now they feel justified in not playing.
It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.
No. It was Microsoft making your decision for you, making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference. And more likely it had squat to do with them championing privacy and more to do with screwing over Google and other advertisers.
I'm sure a browser could pose the question with some information the first time the browser is launched to make the preference an explicit user choice.
LOL, so your traffic will go in a perpetual loop around the world with no where to get out. Reminds me of the X.25 days...
Harrison's Postulate - "For every action there is an equal and opposite criticism"
There are alternatives where the TOR traffic is clearly not related to the user who set up the exit node. One thing to come to mind is some Amazon cloud program thing that acted as an exit node. I think it was that, anyway, I didn't pay much attention to it.
According to my Ghostery window right now for this page. I have blocked:
Three Double Clicks.
One Google Adwords
One Google Analytics
One Scorecard Beacon
and Four Jainrain
Anybody ever try it on Weather.com or CNN.com? Everybody is into tracking..
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Heres the difference, and its really not so complicated.
IE announced that it was going to turn on the "please dont track me" flag which requests a website not track the browser. Such a setting only has an effect if the website in question honors it. Websites might honor that request if it was clear that the user intentionally turned it on, indicating that they perhaps cared enough to not visit said site or use an adblocker if it was not honored. By making it the default setting, it is not farfetched to think that most sites will now NOT honor the flag, since it doesnt indicate much of anything except that the user is on the newest browser. Theres also the question of whether that was exactly MS's plan.
Mozilla here is announcing what amounts to the inclusion of Ghostery lite or something similar in Firefox. This isnt something a website can say "no" to. There are other issues that this can cause, certainly, but theyre not "ruining" anything for everyone else the way IE is; any issues this causes would be on the end-user side (rendering, broken pages, etc).
making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference
This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital". No-one wants to be tracked, everyone wants privacy.
I suppose MS could have just asked the question up-front when installing IE 10, like they ask about default search engines and that kind of stuff, but I imagine the advertisers would still have had a hissy fit. They were fine with it as long as only the minority who also run AdBlock and Ghostery and disable 3rd Party Cookies and regularly clean their browser data out were turning it on, the millisecond it became mainstream it was unacceptable.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No it's in the regular preferences. Under Privacy, Website tracking. Select the checkbox right next to "Ask websites not to track me."
Indeed, considering the various sociopathic methods that advertisers are willing to enact to get their message heard, regardless of whether the end user wants to hear it, I say fuck them. The DNT wouldn't be necessary if they were satisfied with an opt in set up or we had any idea as to who the people doing the tracking were. But, that isn't the case.
They've given us malware in ad banners that use code hosted on 3rd party sites, those annoying flash ads that cover content and randomly crash, the intellitext that randomly disrupts our browsing and not to mention those hidden ads that get activated when you click on seemingly blank space on a site.
I'd personally suggest that they made their bed, and now it's time for them to lie in it. But, I think they might take that as permission to lie to me if they're actually in bed.
As opposed to the advertisers opting you in without your consent? All MS was doing there was making sure that people had to opt in, rather than being tracked by god only knows whom all over the net, without any particular way of knowing who was doing it.
Which is as it should be.
The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out. So, measures like this became necessary. At this point, you have to go to extremes if you don't want to be tracked, and there is no informed consent for most people, you have to be constantly following their methods if you wish to opt out. And do things like blocking 3rd party cookies, javascript, flash, constantly clearing your cache etc.
I'd rather that Mozilla not need to do this, but it's abundantly clear that the advertising industry will not stop of its own accord. We people that browse the web didn't start this war, the advertisers did, and until we get a consistent way of opting into all this tracking, this kind of method is going to be necessary.
The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out
Some clarification is necessary, for folks who dont really get how websites work.
You are going to www.somesite.com and saying "please, server, send me whatever data you have published". That site may be publishing a website with content from a bunch of advertising networks, so thats what your request gets. Theres nothing inherently evil about this, as a lot of the time those ads generate the revenue which pays the server bills. DNT is your browser saying "please send me whatever youre publishing, but try not to send the advertising stuff". Whether the server complies with (or even understands) that request is going to be up to the site operator.
Of course, as the end user, you have ALWAYS had the freedom to strip out or modify whatever content you receive; or even modify the server's response such that third-party data is never pulled in at all. This appears to be what Firefox will now do by default, and there is again nothing wrong with this except that it will change the dynamic of how ad-supported sites serve data to firefox customers; they may decide to respond by blocking browsers which block ad data.
The biggest mistake people make is thinking that site operators HAVE to cater to you, and thus that we can force them to give us their site, sans the ads. They can very well decide that you dont actually make them any money, and that you therefore wont be getting the ads OR the site. Remember that old saying, be careful what you wish for-- you want no ads, you may end up with no content either.
Sending whatever data you have published is not the same thing as giving permission to send my data to third parties.
I cannot conceive of how you would even think that the two are the same thing. Ads are fine, I understand that free things need to be paid for in some fashion, but targeted ads based upon tracking information are not the only way to go. Ads existed prior to targeting and tracking and commercial bandwidth costs less now than it did before tracking techniques were available.
If they need to track people without their knowledge or permission, then it's probably for the best that these sites go under. Because they're being run by scum bags.
BTW, I don't block ads, but by running software to protect me from malware I end up blocking a lot of ads on various sites. If the site operators would be hosting their ads and running responsible ads their ads wouldn't be blocked. I have no problem with tasteful text ads that aren't targeted at me, but if I don't know what it is and where it's coming from, I block it.
WOW can MS ever be the good guys here on slashdot I mean ever??
They can cure cancer and someone will bash them and find a reason it seems.
No MS never caved in. Apache did as greedy companies like Godaddy and Rackspace threatened they would go with IIS or some other web serving software if they didn't try to stomp on the will of the consumers immediately!! The standards bullshit is just that. The coders who patched it worked for advertising companies that contributed and the ISP market felt threatened customers would not be willing to pay as much to host sites if they can't generate revenue with annoying ads.
MS did nothing wrong here at all!
http://saveie6.com/
You wanted to lose the ability to opt out of tracking?
This is how DNT works normally
DNT:0 indicates that the user has consented to tracking
DNT:null does not indicate whether or not the user has consented
DNT:1 indicates that the user has opted out
Now on IE10 DNT:1 behaves like DNT:null, DNT:null is effectively DNT:0 and there is no way left to actually request not to be tracked.
I wanted to default to not being tracked. The sites choosing not to honor the setting are the ones who are against me. They are the ones who violate the protocol.
So I will continue to use other means to not even fetch their content in the first place. Sites carrying their ads get no revenue. Clients buying ad space on their network get no impressions. I get faster, safer browsing.
This is true, but it still doesn't address the essential problem of exit nodes. Adding relays enhances Tor's usability, but not very much its security. More exit nodes do.
Yes, and?
When we're talking about what someone else's computer internally does with the information you choose to send to it, they liter-- uh -- analogously do have the right (and more importantly: the POWER, even if you disagree about the right) to get away with away with the attitude that you just described. If it helps, think of them as Powerful Assholes Who Have The Law On Their Side.
Sure, PAWHTLOTS are going to let most people bleed to death. The weird strange thing that happened, though, is that while they're all always free to let everyone bleed to death (whether they want to go to the hospital or not), a few of the .. shall we say.. evil-yet-honorable PAWHTLOTS said they'd take people to the hospital if those people said "I thought about it and decided I would prefer to go to the hospital" as opposed to two other choices (the other choices were "I don't care" and "I thought about it and would prefer to die").
Microsoft came out with a medical bracelet, where the "I'd rather go to the hospital" and "I don't care" part was smudged, so that people trying to read the card can't tell the difference.
If you are trying to read such a bracelet, I think you're going to say "well, they clearly don't say they'd prefer to die" and I think you're going to take that person to the hospital. But what do you predict an evil-yet-honorable PAWHTLOTS will do?
The people who invented the DNT medical bracelet thought about that last question and were very explicit that people who make bracelets should use care in making sure the bracelets don't display ambiguous information, but Microsoft blew it.
Look at it another way: we all want this bullshit to be opt-in. But we send information to trackers, where they get to decide how it works. And they want it to be opt-out. It's their computer, so they win, period. If we work within opt-out, some of us can get some of what we want. If we defy it, then we haven't opted out.
This, BTW, is half of the tracking issue. The other half of the issue is that we leak so much damn information, which is what has put so much power into the adversaries hands. And FWIW, this actual Firefox story is about that. So there's at least something to be cheerful about. I prefer technical means to dealing with the problem, but DNT was a brilliant social prong of the action too, and MS has spoiled it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Hahahaha! Best one I've seen all week!
Or you browse .onion hidden services only. Much more secure, if somewhat limited. There are .onion gateways to other anonymous nets like I2P as well, and vice versa.
"Some clarification is necessary, for folks who dont really get how websites work."
Agree with hedwards. It seems that maybe you are the one who needs education.
This whole thing isn't about the site you visit. It's about 3rd parties tracking you when you visit those sites.
Here's how it works: you are person or company hosting website A. I am advertising company B. You create a website. On that website you include a link to an ad that is hosted on my server. Often they are buried in a mess of javascript, but in the simplest case that's what it amounts to.
When user X goes to your website (A), the browser requests the page from your server. In the content of that page, it includes links to images on my server at B. In order to display those images, your browser makes a request to server B. User X has not given prior or informed consent for this. But it happens nevertheless.
Since your browser made a request to MY server at B (even though the user only intended to visit a page on A), guess what information I can retrieve? Rather than trying to explain, just go here to the Panopticlick Project (make sure javascript is turned on, because it is for most people) and see.
And that doesn't even count the referrer, which any server can get and which tells me (at B) exactly what web page you visited, and when. So the upshot is: without your prior knowledge or consent, when you go to ANY SITE that has my ad on it, without your knowledge or prior (or informed) concent, at B I can tell where you were, and when.
That is true of EVERY site that has a Fecebook "like" button, or Reddit link, or AddThis or Google+ button, or ad from DoubleClick, and on and on and on, ad nauseum. Every one of them.
And that's WITHOUT even going into the subject of cookies! Cookies are not necessary to do that. But cookies can do more. And then there are Flash "cookies", and "local storage"...
The problem is FAR bigger than you have recognized.
Oh... and here's another thing, just to top it all off: IT IS ILLEGAL in the U.S. to track anyone who is younger than 13 years of age. But they do it all the time, for the simple reason that they CAN'T know in advance who they're tracking. They can only tell afterward, and they usually don't bother to even find out.
Bull fucking shit. The user is given the chance to look over the defaults and answer either "yes" or "no" when asked if everything looks okay before even using the browser for the first time. Nothing is stopping them from clicking "no" and choosing to click the button saying, "yes, please tell all the scummy cocksucking advertising companies out there to monitor everything I do on the Internet while using my computer." Preferably with a very descriptive paragraph of what they really do and what they use it for, to prevent anyone from *ever* turning it on. Then Microsoft would be sued for telling the facts, and their browser's DNT would still be blacklisted, but at least then everyone would realize what a bunch of god damn crooked assfucks the people in the advertisement business are.
By default, a browser should not give a referrer, unless explicitly told to do so. Eg. RefControl for Firefox.
By default, a browser should not accept cookies, unless explicitly told to do so. Eg. CookieMonster for Firefox.
By default, a browser should not execute scripts or run plugins unless explicitly told to do so. Eg. NoScript for Firefox.
By default, a browser should not provide the info panopticlick obtains, such as the detailed user agent. That should be outright blank or generic and immutable from now on.
No, you don't need to know which browser and os i use; design your sites adhering to standards, period. To hell with stats, privacy first.
By default, a browser should not display images, unless explicitly told to do so. There was a time when this used to be the case, there was even a button to load images only when needed.
All these whitelist options should have the "accept from same server only"; or explicitly "whitelist server X" option.
There are also a plethora of little tricks advertisers (and others) use to track you, things Ghostery, and Adblock Edge both help to block.
If you tell me Firefox is going to provide these by default, or via a privacy setting, then we are talking.
Face it, the web is hostile. You just can't go out browsing without taking these measures anymore.
Also performance, don't laugh at the tracking some sites do; most won't even show you the page until every little last of the trackers get your info first, unless you block them from doing so in the first place. Often, one of the 3rd party servers is lagged or down.
And using the "Do not Track Lists" is begging for the opposite effect, it's like flagging "here i am", it's precisely why you never ever reply to spam emails, especially instructions to "unsubscribe" from their mailing lists, it will just confirm you and sell your email as valid to others.
As for revenue models and showing ads, i have said so before: serve (host) your own ads or be blocked, period. Syndicated (third party) ads are the first to be blocked by ad-blockers.
Artix
Your Linux, your init.
Advertisers make their living on loopholes and weasel words. They would have said that no matter what.
The simple fact, whether they like it or not, is that a great many people find being tagged and tracked like animals by a creepy corporate stalker to be distasteful in the extreme. Of the rest, practically none actually think being tracked is cool and even less would object to DNT being set.
The purpose of default settings is to make the vast majority happy enough. And that dictates setting DNT.
Frankly, even if you sent them a video of you signing a do not track request form literally carved in stone and have it notarized, they would claim you just didn't fully understand the issue and so your opt out wasn't genuine.
What backlash? I and many others here found ourselves in the odd position of applauding something MS did.
Too many times I have to wait for the ads to load on a web page. If the ads and cookies were hosted on the parent web site, I think pages would load faster. Mozilla doing this, I believe, does not solve the tracking problem but it may speed things up. Mozilla should also include same domain ads with the cookies.
Um... BULLSHIT.
There's a dialog in IE10 on first run that asks you, among other things, whether you want to enable DNT. It's true that Microsoft made DNT the recommended setting (meaning, if the user selects "give me the recommended settings", it will be enabled), but the user is informed what those recommended settings are beforehand, and they don't have to accept them. Microsoft they certainly didn't make the decision for you. Grow the fuck up.
There's no place I could be, since I've found Serenity...
The open source philosophy*, apparently:
*Note: I use quite a lot of open source software, and have contributed to a few projects and published a couple of my own. I do it pragmatically, not out of zealotry, though.
There's no place I could be, since I've found Serenity...
Ha, indeed. Too bad I already moderated here.
There was a thread in the discussion of Microsoft's YouTube app (for WP8) not showing ads. Some fool suggested that Google update Chrome to block all Microsoft ads, and see how they like it. The problem is, the slice of Microsoft's income that comes from ads is smaller than the (tiny) slice of Google's income that *doesn't* come from ads. If Google did what that airhead had suggested, Microsoft would simply have resonded in kind... which would have been a huge blow to Google's business model.
Before anybody shouts "but but MONOPLY!!!", please bear in mind that at this time, Chrome and IE are about neck-and-neck for market share in most of the world, and such an update would likely only target the newer IE versions (the ones with some ad filtering capability already built in).
There's no place I could be, since I've found Serenity...
Great to see some support for block-by-deafult from another Browser. IE was going it alone and taking all the heat. Now the pressure is on Google to do the same for Chrome.
Go google past news stories last year?
Yes Apache ignores DNT by default even if the user/browser requests it. Apache claimed its users were in an uproar! Its users being advertisers, ISPs, and others. Godaddy uses Apache as well and many felt without ads the demand for hosting sites would go down and threatened to cut funding if Apache didn't ignore DNT in future releases.
TO me that is the most atrocious of all. You need to hack and edit config or .h files in the source code to get it to even respect the standard. So really you have other forces out there opting you out of DNT and opting you in to psychological manipulation from advertisers instead.
On slashdot everyone stood up for Apache for some reason and bashed MS yet again. I was under the impression rackspace offers both as well since they did buy SGI and have lots of unix hosting logically.
http://saveie6.com/
I remember the article about MS implementing DNT by default. It was actually one of the few occasions around here where they got praised. Normally they're so anticonsumer rights they don't deserve it.
Funny what happens when you have competition. Google Chrome would become just as bad and evil if no competion were around. Same in Firefox. I was really worried a decade ago that MS would still own 90% of the market with IE 6 today, but glad Firefox was there to stop it.
Now we see a better browser
http://saveie6.com/
Perhaps I wasnt clear enough. When you request data from a website's server, the response often includes pointers to data not hosted on that server. Sometimes it is images, sometimes JS (ie, google analytics, or discus, or SSO). Sometimes those pointers pull in ad data. But all of it was done with the explicit approval of the site owner, who you requested data from; and unless you are using DNT, your request was explicitly that that website give you everything that it had published, 3rd-party data and all.
That is true of EVERY site that has a Fecebook "like" button, or Reddit link, or AddThis or Google+ button, or ad from DoubleClick, and on and on and on, ad nauseum. Every one of them.
Yes, and ALL of those are on sites which gave their explicit OK. You are visiting a site which has explicitly included 3rd party data. The solution? Either block it on your end, or stop requesting "everything published" from that website-- ie, dont visit that site.
For the record, the first option is unbelievably easy in Chrome and Firefox, with Ghostery and Adblock.
Maybe I'm naive, but I don't care about being tracked so I can be served useful ads. As a choice between seeing useful ads and non useful ones, I'd prefer to see useful ones. Remind me again why I should care?
"Yes, and ALL of those are on sites which gave their explicit OK. You are visiting a site which has explicitly included 3rd party data."
I understand. It seemed to me in your other comment as though you were referring to the end user, not the site owner.
But regardless, while the site owner has wittingly or otherwise, approved the 3rd-party content someone visiting the site does not know it is there in advance. So there is no informed consent on the part of the user. That was my point.
And this is why "opt-out" strategies cannot work effectively. First, you cannot know in advance what you want to opt out of. Second, finding where and how to opt out can be a big problem. Third, often (unless you are using additional tools than a "standard" browser) you have no way of even knowing who is tracking you, and when. (Some are obvious, like Facebook "like" buttons. Some are not.)
So the ease of blocking is mostly irrelevant to the discussion. That blocking should not be necessary in the first place, in order to prevent unwanted, intrusive tracking by third parties. That is an overt, intrusive act on the part of someone else, and does demonstrable harm to you in the form of invading your privacy.
So saying "just don't go to that site" is not good enough. Because you don't know what's on that site in advance. Therefore a strict "opt-in only " policy should be the law.
And there is still the problem of tracking those who are under 13. Again, it's not possible for either party to know in advance whether they are doing that. (For example: if company X knows that person with a cookie containing ID #12345b67cdf is under 13, so don't track them... they have to KNOW that party visited that site by looking at the cookie, before they can even NOT track them... it's a catch-22.) A strict opt-in ONLY policy would prevent this.
That's the thing. We'd all like not to be tracked. Well, most of us, at least. However DNT does not control whether or not you are tracked - it merely conveys whether the user has specifically asked not to be tracked (or to be tracked, in the case of DNT: 0). This is useful because it is a necessary component in other means to stop tracking. For example, some countries might manage to get a law passed forbidding tracking unless the user has opted in, in which case a DNT:0 request header could be a convenient legal requirement for tracking. Another place might pass a law forbidding tracking users who have opted out. This would be difficult because how would you know if someone has opted out without some degree of tracking? Well, looking for a DNT:1 header would do the trick. Another situation would be if some privacy-motivated coalition negotiated a deal with major advertisers where the advertisers wouldn't track users that send a DNT:1 header provided that browsers don't send DNT:1 by default.
Now, what are the effects of IE's approach? First off, that deal actually managed to happened, but it broke down because IE send DNT:1 by default. The other two cases are hypothetical.
If it were law that tracking someone who has opted out of tracking is illegal, and an advertiser is caught tracking IE users who send DNT:1 the advertiser could argue that they have no reason to believe that the user has opted out at all, and point to the fact that IE sends DNT:1 regardless of whether the user has asked not to be tracked - and that the only users who don't send DNT:1 are those who edited the setting from the default and explicitly asked requested their browser NOT to request no tracking. Someone who asked not to be tracked would have DNT:1, but someone who didn't would ordinarily be sending DNT:1 too, and there's no way tell the difference - but some statistics could be provided showing that the majority of users don't try to opt out of tracking and therefore DNT:1 headers correlate mainly with users who did not opt out (and if the browser says otherwise then it is simply lying). They might go to court and they might lose that argument, but there's also a rather good chance that they would win it and become exempt from having to respect DNT headers, assuming they even get caught in the first place.
If it were law that tracking requires opt in, they could easily argue that lack of opt-out qualifies as opt-in for the same reason as above - that the user went out of his way to specifically not ask not to be tracked. Thus consent is implied even if there is no DNT header at all.
The DNT header is meant to be a way to indicate whether the user has opted in or out. IE opting out on the users behalf unless they specifically asked for tracking to be allowed gives slimy advertisers the opportunity to claim that apparent opting out implies not opting out, and that not opting in or out implies opting in - leaving nothing at all to imply actually opting out.
Microsoft's decision does absolutely nothing to block tracking (actual blocking - as opposed to DNT requests - is the topic of TFA in fact); all it does is remove any way for a user to unambiguously opt out.
If you really don't want to be tracked then we need 2 things: a law that compels advertisers to respect opt-ins and opt-outs, and for browsers not to send fake opt-outs on behalf of the users. If Microsoft actually wants to protect users from tracking then it should look into blocking trackers like Mozilla is doing here, and informing users that they can opt out of tracking instead of doing so automatically and leaving users with only the option of stopping the opt-in requests.
That links to Desktop Browser Market Share. He said "iPhones and iPads", i.e. not desktop: Mobile/Tablet Browser Market Share.
Excuse me, wtf r u doin?
Imagine that, paid shills objected to something adverse to their employer. That's not normally considered backlash.
I'm sure a browser could pose the question with some information the first time the browser is launched to make the preference an explicit user choice.
that's exactly what happens when you install/update ie. it tells you its going to set some settings, and it mentions setting do not track to on. and then you can click yes, or you can customize.
Wealth is the gift that keeps on giving.
Bogus analogy is bogus.
MS did plenty wrong. They subverted an explicit user preference that said DO NOT TRACK by turning it on by default thereby eliminating that explicit preference and any reason advertisers might choose to honour it. They would have been better off to pose the explicit question during setup and if the user skipped the question then assume enable.
I expect Apache "sided" with advertisers is because they recognized the brokenness of a privacy setting which the user did not consent to. It would be very easy to fix and make the preference an explicit user choice.
Yes and you can skip it. As many people doubtless do. If you bothered to read the tracking preference draft spec you would see it is meant to represent an explicit user preference with a default behaviour of "unset". By defaulting to something else Microsoft have broken the spec and emasculated it. They could have posed the question in the setup and if the user skipped the question, then abide by the spec and use the default unset value.
I don't care about being tracked so I can be served useful ads. As a choice between seeing useful ads and non useful ones, I'd prefer to see useful ones. Remind me again why I should care?
Sounds like you do care - you care that you should receive ads useful to yourself.
That is why there should be a choice. You will choose tracking, fine. I will refuse it.