Yahoo Stops Honoring 'Do-Not-Track' Settings

An anonymous reader writes "When web browsers started implementing 'do-not-track' settings, Yahoo got some respect for being the first of the huge tech companies to honor those settings. Unfortunately, that respect has now gone out the door. As of this week, Yahoo will no longer alter their data collection if a user doesn't want to be tracked. They say there are two reasons for this. First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track. Second, they don't think do-not-track is viable. They say, '[W]e've been at the heart of conversations surrounding how to develop the most user-friendly standard. However, we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.' It looks like this is another blow to privacy on the web."

Code words for...

[FlyHelicopters]

That is corporate speak for, "we decided we could make more money this way, so here is a bs reason for us to change, when we really just want more money."

Surprise, anyone?

[Gaygirlie]

Has it ever been a surprise to anyone that a measure that service-providers must voluntarily follow would not be followed? I mean, if by not following the measure you can generate more cash than by following it then why would you choose to do it, especially if no one else does it either? No, do-not-track was doomed all the way from the beginning.

Re:Yahoo, kill yourself!

[Sloppy]

So you are arguing that privacy/security on by default is a bad thing?

Nobody's arguing that. The mistake is in thinking of DNT with a privacy/security mechanism. If that's what it were, Microsoft's decision would be defensible or even good. But DNT is something totally different. I'd argue two things:

1) DNT is for expressing a user's preference. Not even just a preference, but the user's preference. It is impossible for any application's default setting to express a user's preference for anything. (Your editor can default to a white background, but it can't, out of the box, honestly tell other people that YOU prefer swiss cheese over provolone. The person who wrote your editor might have some strong opinions and could even show some polling information, but in the end, he doesn't really know what kind of cheese you want. He can only take a guess.) MSIE's default DNT:swiss header is a communication between a web server and Microsoft Corporation, rather than a communication between a web server and a user.

Yes, a DNT:swiss default is a bad thing (just as bad as a DNT:provolone default). By doing that, Microsoft undermined DNT and helped the ad industry justify ignoring it. If you're a user, you should be angry at MS about this (at least so far as DNT is important at all).

2) DNT is nearly useless for protecting a user's security. If you want security, then you must deny capability to your adversary, or put costs on things, not merely politely ask him to behave in a certain manner. That means having your browser not initiate certain connections, or not send certain things (or send noise) over those connections, or .. whatever.

I have to say "nearly" useless because at least DNT could signal that some users care, but just don't care enough to stop sending intell. But it looks like this subtlety was lost on .. damn .. nearly everyone, I think.

Up to now I've thought of DNT as a basically good idea (a weak one, but still positive), but maybe it's time to accept that if nobody understands DNT then it can't possibly communicate anything meaningful.