Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Stops Honoring 'Do-Not-Track' Settings

Posted by Soulskill on from the doesn't-fit-the-new-logo dept.

An anonymous reader writes "When web browsers started implementing 'do-not-track' settings, Yahoo got some respect for being the first of the huge tech companies to honor those settings. Unfortunately, that respect has now gone out the door. As of this week, Yahoo will no longer alter their data collection if a user doesn't want to be tracked. They say there are two reasons for this. First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track. Second, they don't think do-not-track is viable. They say, '[W]e've been at the heart of conversations surrounding how to develop the most user-friendly standard. However, we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.' It looks like this is another blow to privacy on the web."

41 of 300 comments (clear)

  1. Yahoo, kill yourself! by Anonymous Coward · · Score: 2, Insightful

    Horrible decision, a standard isn't being honored "EVERYWHERE" so you decide to undermine it entirely without replacement? What's the REAL reason, money?

    Sell your assets and gtfo!

    1. Re:Yahoo, kill yourself! by joe_frisch · · Score: 5, Informative

      Google and Yahoo make money by selling information that they collect from users. Microsoft makes money by selling software. The typical person is a Microsoft customer, but a Google / Yahoo product.

    2. Re: Yahoo, kill yourself! by Scowler · · Score: 2

      Maybe they see the irony in maintaining a list of people who don't want to be tracked.

    3. Re:Yahoo, kill yourself! by nmb3000 · · Score: 5, Informative

      Horrible decision, a standard isn't being honored ANYWHERE so you decide to undermine it entirely without replacement?

      FTFY.

      The simple fact is that Do-Not-Track was a damned bogus idea from the outset. Saying to the massive web of advertising conglamorates and third parties -- all of which make more money the more they can identify you down to an individual -- "Won't you kindly not track me? That would just be great, thanks" is akin to asking the mob nicely not to burn your place down when you refuse to pay protection money, or calling up the NSA and asking them nicely to stop spying on your personal affairs.

      If you don't want to be tracked, you need to take steps to make it happen yourself. The tools are there -- use them. If enough people start blocking all forms of advertising, perhaps the intrusiveness and privacy violation will recede. Or maybe the entire advertising industry will collapse (one can always dream).

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    4. Re:Yahoo, kill yourself! by rudy_wayne · · Score: 3, Interesting

      Horrible decision, a standard isn't being honored "EVERYWHERE" so you decide to undermine it entirely without replacement? What's the REAL reason, money?

      Sell your assets and gtfo!

      As far as I know Google doesn't honor it either on their services, but Microsoft do, which is an interesting situation

      That's because Microsoft, despite whatever flaws they may have, makes all their money selling actual products -- Windows, Office, Games for Xbox, etc.......

      Companies like Google and Yahoo, on the other hand, have no actual products. Their revenue depends entirely on advertising. YOU are the product and you are being sold to advertisers.

      Nothing surprising at all about Google and Yahoo not honoring Do Not Track.

    5. Re:Yahoo, kill yourself! by ShanghaiBill · · Score: 4, Insightful

      Google and Yahoo make money by selling information that they collect from users. Microsoft makes money by selling software.

      Microsoft is losing the battle for online advertising, so they are instead trying to poison the market. In MSIE 10 and 11, the "do not track" is on by default, which means the user never actually made a decision to set it. Microsoft's original plan was to diminish the ability of ad agencies like Google to collect information. But instead, they gave those agencies an excuse to ignore the setting, since no human made a decision to set it. Some more ethical ad agencies check the browser ID and only ignore the setting if it is MSIE. Unfortunately, ethics and advertising seldom go together.

    6. Re: Yahoo, kill yourself! by rudy_wayne · · Score: 3, Insightful

      That's not how it works, it's not a list unless they make a list. Not to mention they championed the idea and were early adopters.

      Yahoo pretended to support Do Not Track only because they figured anyone stupid enough to actually use Yahoo for anything was too stupid to figure out how to turn it on.

      Then Microsoft made it on by default in Internet Explorer, still the most widely used browser and probably used by 98% of the people stupid enough to use Yahoo for anything. All of a sudden, Yahoo didn't think Do Not Track was such a good idea any more.

    7. Re:Yahoo, kill yourself! by CreatureComfort · · Score: 4, Insightful

      So you are arguing that privacy/security on by default is a bad thing?

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    8. Re:Yahoo, kill yourself! by Bengie · · Score: 2

      I agree, asking a remote server to not record the data you send it means you trust the server. If you do not trust it, then either to not use it or do not send it they data you're sending it.

    9. Re:Yahoo, kill yourself! by Anonymous Coward · · Score: 3, Insightful

      Not really. What you're thinking of as a 'product' is more accurately described as 'bait'. Calling it a 'product' is akin to calling a fisher's lure or net the product, rather than calling the *fish* the product.

    10. Re:Yahoo, kill yourself! by joe_frisch · · Score: 5, Interesting

      Part of the problem is what I believe to be a flawed business model for marketers. They feel that they need to somehow "steal" people's information and use it to "force" adds on them. The phrase "targeted" adds suggests a hostile approach. My impression is that most people want to see informative adds for products that they might buy. If it were easy for customers to craft their on online profiles so that they would see adds of interest to them, advertisers would be able to directly provide relevant information.

      Right now I'm not in the market for a car - all the adds in the world won't do any good. In a few years when I am ready to buy, I will want to see information on the types of cars that I might consider buying. The way things are set up now, immediately after I buy a car I will be flooded with car adds - despite the fact that a recent purchases is the least likely to buy again.

    11. Re: Yahoo, kill yourself! by Anonymous Coward · · Score: 2, Insightful

      When the privacy/security decision is left up to the advertiser, it is deeply flawed and an unfeasible solution. Additionally the DNT header grants the tracker additional entropy for which your identity can be singled out with.

      It was a really silly idea, nobody really expected these guys would honer this, even if it did have legislative backing.

    12. Re:Yahoo, kill yourself! by Monoman · · Score: 3, Insightful

      Privacy/Security != Anonymity

      There are subtle differences depending on the interpretations.

      --
      Keep the Classic Slashdot.
    13. Re:Yahoo, kill yourself! by sjames · · Score: 2

      Defaults should represent a best guess as to what most people will want. For once, for whatever reason, I'd say MS got it right.

      If the ad agencies don't believe that to be the will of the users, they are deluding themselves. Nobody likes to be stalked.

    14. Re: Yahoo, kill yourself! by ShanghaiBill · · Score: 2

      It was a really silly idea, nobody really expected these guys would honer this

      Except that they were honoring it, before Microsoft poisoned the well.

      ... even if it did have legislative backing.

      The laws/regulations required them to honor "user requests" not "browser settings". Once the browser setting is on by default, it no longer indicates a "user request" and there is no legal requirement to honor it.

    15. Re:Yahoo, kill yourself! by ShanghaiBill · · Score: 3, Insightful

      Very few people want to be tracked by strangers.

      If you ask "Do you want to be tracked by strangers?", then of course nearly everyone will say "no".

      If you ask "Do you want web services personalized to your needs and preferences?", most people will say "yes".

    16. Re: Yahoo, kill yourself! by Somebody+Is+Using+My · · Score: 4, Informative

      "On by default" is not an entirely accurate description. When you first run a version of Internet Explorer that supports DNT (IE8), or Windows 7 or 8, you are presented with several configurable options, one of which asks if you want to allow tracking by advertisers. While the "yes" radio-button is pre-selected, users do have to actively accept this choice. It is not as if Microsoft invisibly enabled this feature without alerting the users.

      Admittedly, many users will just accept the defaults and press "OK", but they are still making that choice. Given the choice people generally do not like being tracked, and - although most people have been trained to just press OK - were they properly educated about the issue most would likely enable DNT anyway. Moreso, few people complain that Microsoft also includes software to avoid phishing sites (e.g., SmartScreen) which are enabled by "default" similar to DNT; these capabilities are added because the end-users find them useful. Microsoft is just protecting users from skeevy internet marketing, and just because some firms depend on this sort of underhanded tracking in no way excuses them from their deceitful practices. Features like "Do Not Track" were created because advertisers pushed too hard in one direction; now they ignore user's attempts to bring balance to the equation. I have no sympathy for the Googles and Yahoos and Facebooks; they broke the social contract first.

    17. Re:Yahoo, kill yourself! by AC-x · · Score: 3, Informative

      Microsoft is losing the battle for online advertising, so they are instead trying to poison the market. In MSIE 10 and 11, the "do not track" is on by default, which means the user never actually made a decision to set it

      It's on by default, but it is also part of the setup questionnaire when you first start up Windows 8 so it's not like the user isn't presented with the choice...

    18. Re:Yahoo, kill yourself! by Sloppy · · Score: 5, Insightful

      So you are arguing that privacy/security on by default is a bad thing?

      Nobody's arguing that. The mistake is in thinking of DNT with a privacy/security mechanism. If that's what it were, Microsoft's decision would be defensible or even good. But DNT is something totally different. I'd argue two things:

      1) DNT is for expressing a user's preference. Not even just a preference, but the user's preference. It is impossible for any application's default setting to express a user's preference for anything. (Your editor can default to a white background, but it can't, out of the box, honestly tell other people that YOU prefer swiss cheese over provolone. The person who wrote your editor might have some strong opinions and could even show some polling information, but in the end, he doesn't really know what kind of cheese you want. He can only take a guess.) MSIE's default DNT:swiss header is a communication between a web server and Microsoft Corporation, rather than a communication between a web server and a user.

      Yes, a DNT:swiss default is a bad thing (just as bad as a DNT:provolone default). By doing that, Microsoft undermined DNT and helped the ad industry justify ignoring it. If you're a user, you should be angry at MS about this (at least so far as DNT is important at all).

      2) DNT is nearly useless for protecting a user's security. If you want security, then you must deny capability to your adversary, or put costs on things, not merely politely ask him to behave in a certain manner. That means having your browser not initiate certain connections, or not send certain things (or send noise) over those connections, or .. whatever.

      I have to say "nearly" useless because at least DNT could signal that some users care, but just don't care enough to stop sending intell. But it looks like this subtlety was lost on .. damn .. nearly everyone, I think.

      Up to now I've thought of DNT as a basically good idea (a weak one, but still positive), but maybe it's time to accept that if nobody understands DNT then it can't possibly communicate anything meaningful.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  2. Code words for... by FlyHelicopters · · Score: 5, Insightful

    That is corporate speak for, "we decided we could make more money this way, so here is a bs reason for us to change, when we really just want more money."

  3. People still use Yahoo? by genner · · Score: 5, Funny

    Anyone savvy enough to care about this issue stop using Yahoo long ago anyway.

    1. Re:People still use Yahoo? by knotprawn · · Score: 5, Funny

      I know some people who still use Slashdot

    2. Re:People still use Yahoo? by ShanghaiBill · · Score: 4, Insightful

      Anyone savvy enough to care about this issue stop using Yahoo long ago anyway.

      You are equating "care about this issue" with "don't want to be tracked". That is not always true. I care very much about my privacy. But, in most cases, I want to be tracked. I get a more personalized experience, and I see fewer ads that are irrelevant to me. When I want privacy, I open a new private browser window. There is a tradeoff between privacy and personalization, and not every informed user wants, or should want, 100% privacy 100% of the time.

    3. Re:People still use Yahoo? by AvitarX · · Score: 2

      Yes, thank you.

      I agree 100%, I see ads of things I actually want, from brands I don't know.

      The google cards on my phone are great, finding information about products I searched for, and news updates about subjects.

      The personalized experience is fantastic.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  4. Surprise, anyone? by Gaygirlie · · Score: 5, Insightful

    Has it ever been a surprise to anyone that a measure that service-providers must voluntarily follow would not be followed? I mean, if by not following the measure you can generate more cash than by following it then why would you choose to do it, especially if no one else does it either? No, do-not-track was doomed all the way from the beginning.

  5. Simple enough to fix by JudgeFurious · · Score: 5, Interesting

    Yahoo stops using "Do-Not-Track" and in response people who care about it implement "Do-Not-Yahoo". These things tend to work themselves out over time.

    --
    Appended to the end of comments you post. 120 chars.
  6. I am willing to sacrifice. by Payden+K.+Pringle · · Score: 2

    I am fine with sacrificing user friendliness for my privacy. Do not track me or I won't use your services. I have two yahoo emails which incidentally are used as account/spam dumps. I won't even use them for that if this is how Yahoo has chosen to do things.

  7. My Standard by Banichi · · Score: 5, Interesting

    >'we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.'

    Here is my 'standard'; NoScript and AdBlock Plus.

    1. Re:My Standard by Maxo-Texas · · Score: 2, Informative

      You also probably want Better privacy too. It gets rid of supercookies.

      Hopefully some more ideas will come out of this thread.

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    2. Re:My Standard by geminidomino · · Score: 3, Informative

      Just a suggestion: Consider replacing Ghostery with Disconnect. Ghostery embraces the Dark Side

  8. The WWW is dead. by Anonymous Coward · · Score: 5, Interesting

    First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track.

    But the user clearly does not want a personalised web-browsing experience.

    Ghostery, Secret Agent, CS Lite and NoScript are essential today, and nobody should EVER go online without those, or some equivalent. Let them personalise that.

    The Web has been hijacked and is now fundamentally broken. It is being transformed into a locked-in content delivery platform, something like cable TV with a camera that records your every movement. It needs to be handled with gloves and goggles, like you would when accessing a chemical weapons research facility.

    We'll need to develop another Internet, this one has been taken over by marketroids and is beyond saving.

    1. Re:The WWW is dead. by westlake · · Score: 3, Insightful

      But the user clearly does not want a personalised web-browsing experience.

      The geek may not want the personalized browsing experience. But the geek doesn't speak for everyone.

      The Web has been hijacked and is now fundamentally broken. It is being transformed into a locked-in content delivery platform, something like cable TV

      What did you expect to happen when hundred of millions of people with no preconceptions of what the web and the Internet "should be" began purchasing broadband services? You can't even assume anymore that a user is accessing the web through a general purpose computer and browser ---

      and not an HDTV, WiFi Internet radio, e-book Reader, video game console, smartphone, tablet or some other device.

      We'll need to develop another Internet, this one has been taken over by marketroids and is beyond saving.

      Go for it.

      But you are building nothing but an echo chamber, a walled garden for the geek.

      Nothing but a bubble --- and bubbles burst,

  9. Privacy only works when it's in your own hands by gsslay · · Score: 4, Insightful

    The problem with "do not track" is that it was entirely up to the website to honour the browsing session. Most don't. And the ones that you'd reallywant to not have track you are the ones that really ignore it. It's therefore useless.

    It's like a system of street privacy that relies on people being trusted to close their eyes when you walk by. Just because you ask them nicely. People will look, and you can't stop them.

    If you want privacy you have to be the one in control of what is being revealed. You can't rely on others to keep your privacy for you.

  10. Sigh: personalized web-browsing experience by fahrbot-bot · · Score: 3, Interesting

    First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track.

    This is one of the phrases and behaviors that annoy me the most about various sites, especially search sites. I search for both personal and work related things, don't want searches tailored to anything other than the specific thing for which I'm searching at that time. I generally don't care what I searched for 24h ago (looking at you Google side-bar).

    In a related rant, I can't stand the Google side-bar, Instant and Suggestions and make every attempt to disable and or strip them out (using Proxomitron) though now that Google has switched to HTTPS, that makes things more difficult for me - sigh.

    Dear Providers, Don't "help" me unless I ask for it.

    --
    It must have been something you assimilated. . . .
  11. If this is real... by HybridST · · Score: 2

    IIRC yahoo is worth less than nothing at the moment. Re: www.bloombergview.com/articles/2014-03-17/is-yahoo-s-business-worth-less-than-nothing

    Why would I listen to a company with such outstanding performance?

    --
    Ever notice that Cobra Commander sounds an awful lot like Star scream?
  12. The single standard is: by drolli · · Score: 4, Informative

    Noscript, only per session cookies, and surfing trough a proxy.

  13. Re:They still exist? by Maxo-Texas · · Score: 2

    You probably want to use "duckduckgo" instead of google as your default search provider.

    Google tracks a lot of information about you- even when you are anonymous. Last I heard it was 57 different things. I also keep googleleadservices and googleanalytics disabled in noscript.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  14. No effective standard? by zarmanto · · Score: 2

    "However, we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.' It looks like this is another blow to privacy on the web."

    I don't know about you, but I can think of one fairly effective and extremely easy to use "standard"... AdBlock.

  15. until IE 10 broke it by raymorris · · Score: 2

    > But the user clearly does not want a personalised web-browsing experience.

    Until MSIE started lying about the user's preferences. The standard specifies what should be sent if the user has not expressed a preference. IE 10 lies and says the user requested a uncustomized version when they didn't. That makes the whole thing useless when browsers lie about what preferences the user expressed.

  16. Re:IE 10 broke by DNT lying by radarskiy · · Score: 3, Informative

    From http://tools.ietf.org/id/draft...
    "5. Header Syntax

          The Do Not Track HTTP header, "DNT", must take one of two values: "1"
          ("opt out") or "0" ("opt in"). All other values are reserved. ...
    6.3. Default

          A user agent MAY adopt NO-EXPRESSED-PREFERENCE or OPT-OUT by default.
          It MUST NOT transmit OPT-IN without explicit user consent."

    The standard explicitly allows opt-out as a default

  17. EFF release an alpha of Privacy Badger by Kinwolf · · Score: 4, Informative

    Good day for the EFF to release the alpha of privacy badger that blocks tracking cookies http://www.pcworld.com/article... https://www.eff.org/privacybad...