Slashdot Mirror
Yahoo Stops Honoring 'Do-Not-Track' Settings
An anonymous reader writes "When web browsers started implementing 'do-not-track' settings, Yahoo got some respect for being the first of the huge tech companies to honor those settings. Unfortunately, that respect has now gone out the door. As of this week, Yahoo will no longer alter their data collection if a user doesn't want to be tracked. They say there are two reasons for this. First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track. Second, they don't think do-not-track is viable. They say, '[W]e've been at the heart of conversations surrounding how to develop the most user-friendly standard. However, we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.' It looks like this is another blow to privacy on the web."
That is corporate speak for, "we decided we could make more money this way, so here is a bs reason for us to change, when we really just want more money."
Anyone savvy enough to care about this issue stop using Yahoo long ago anyway.
Has it ever been a surprise to anyone that a measure that service-providers must voluntarily follow would not be followed? I mean, if by not following the measure you can generate more cash than by following it then why would you choose to do it, especially if no one else does it either? No, do-not-track was doomed all the way from the beginning.
Yahoo stops using "Do-Not-Track" and in response people who care about it implement "Do-Not-Yahoo". These things tend to work themselves out over time.
Appended to the end of comments you post. 120 chars.
>'we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.'
Here is my 'standard'; NoScript and AdBlock Plus.
First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track.
But the user clearly does not want a personalised web-browsing experience.
Ghostery, Secret Agent, CS Lite and NoScript are essential today, and nobody should EVER go online without those, or some equivalent. Let them personalise that.
The Web has been hijacked and is now fundamentally broken. It is being transformed into a locked-in content delivery platform, something like cable TV with a camera that records your every movement. It needs to be handled with gloves and goggles, like you would when accessing a chemical weapons research facility.
We'll need to develop another Internet, this one has been taken over by marketroids and is beyond saving.
The problem with "do not track" is that it was entirely up to the website to honour the browsing session. Most don't. And the ones that you'd reallywant to not have track you are the ones that really ignore it. It's therefore useless.
It's like a system of street privacy that relies on people being trusted to close their eyes when you walk by. Just because you ask them nicely. People will look, and you can't stop them.
If you want privacy you have to be the one in control of what is being revealed. You can't rely on others to keep your privacy for you.
Google and Yahoo make money by selling information that they collect from users. Microsoft makes money by selling software. The typical person is a Microsoft customer, but a Google / Yahoo product.
Horrible decision, a standard isn't being honored ANYWHERE so you decide to undermine it entirely without replacement?
FTFY.
The simple fact is that Do-Not-Track was a damned bogus idea from the outset. Saying to the massive web of advertising conglamorates and third parties -- all of which make more money the more they can identify you down to an individual -- "Won't you kindly not track me? That would just be great, thanks" is akin to asking the mob nicely not to burn your place down when you refuse to pay protection money, or calling up the NSA and asking them nicely to stop spying on your personal affairs.
If you don't want to be tracked, you need to take steps to make it happen yourself. The tools are there -- use them. If enough people start blocking all forms of advertising, perhaps the intrusiveness and privacy violation will recede. Or maybe the entire advertising industry will collapse (one can always dream).
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
First, they want to provide a personalized web-browsing experience, which isn't possible using do-not-track.
This is one of the phrases and behaviors that annoy me the most about various sites, especially search sites. I search for both personal and work related things, don't want searches tailored to anything other than the specific thing for which I'm searching at that time. I generally don't care what I searched for 24h ago (looking at you Google side-bar).
In a related rant, I can't stand the Google side-bar, Instant and Suggestions and make every attempt to disable and or strip them out (using Proxomitron) though now that Google has switched to HTTPS, that makes things more difficult for me - sigh.
Dear Providers, Don't "help" me unless I ask for it.
It must have been something you assimilated. . . .
Noscript, only per session cookies, and surfing trough a proxy.
Horrible decision, a standard isn't being honored "EVERYWHERE" so you decide to undermine it entirely without replacement? What's the REAL reason, money?
Sell your assets and gtfo!
As far as I know Google doesn't honor it either on their services, but Microsoft do, which is an interesting situation
That's because Microsoft, despite whatever flaws they may have, makes all their money selling actual products -- Windows, Office, Games for Xbox, etc.......
Companies like Google and Yahoo, on the other hand, have no actual products. Their revenue depends entirely on advertising. YOU are the product and you are being sold to advertisers.
Nothing surprising at all about Google and Yahoo not honoring Do Not Track.
Google and Yahoo make money by selling information that they collect from users. Microsoft makes money by selling software.
Microsoft is losing the battle for online advertising, so they are instead trying to poison the market. In MSIE 10 and 11, the "do not track" is on by default, which means the user never actually made a decision to set it. Microsoft's original plan was to diminish the ability of ad agencies like Google to collect information. But instead, they gave those agencies an excuse to ignore the setting, since no human made a decision to set it. Some more ethical ad agencies check the browser ID and only ignore the setting if it is MSIE. Unfortunately, ethics and advertising seldom go together.
That's not how it works, it's not a list unless they make a list. Not to mention they championed the idea and were early adopters.
Yahoo pretended to support Do Not Track only because they figured anyone stupid enough to actually use Yahoo for anything was too stupid to figure out how to turn it on.
Then Microsoft made it on by default in Internet Explorer, still the most widely used browser and probably used by 98% of the people stupid enough to use Yahoo for anything. All of a sudden, Yahoo didn't think Do Not Track was such a good idea any more.
So you are arguing that privacy/security on by default is a bad thing?
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
Not really. What you're thinking of as a 'product' is more accurately described as 'bait'. Calling it a 'product' is akin to calling a fisher's lure or net the product, rather than calling the *fish* the product.
Part of the problem is what I believe to be a flawed business model for marketers. They feel that they need to somehow "steal" people's information and use it to "force" adds on them. The phrase "targeted" adds suggests a hostile approach. My impression is that most people want to see informative adds for products that they might buy. If it were easy for customers to craft their on online profiles so that they would see adds of interest to them, advertisers would be able to directly provide relevant information.
Right now I'm not in the market for a car - all the adds in the world won't do any good. In a few years when I am ready to buy, I will want to see information on the types of cars that I might consider buying. The way things are set up now, immediately after I buy a car I will be flooded with car adds - despite the fact that a recent purchases is the least likely to buy again.
Privacy/Security != Anonymity
There are subtle differences depending on the interpretations.
Keep the Classic Slashdot.
Very few people want to be tracked by strangers.
If you ask "Do you want to be tracked by strangers?", then of course nearly everyone will say "no".
If you ask "Do you want web services personalized to your needs and preferences?", most people will say "yes".
From http://tools.ietf.org/id/draft...
"5. Header Syntax
The Do Not Track HTTP header, "DNT", must take one of two values: "1" ...
("opt out") or "0" ("opt in"). All other values are reserved.
6.3. Default
A user agent MAY adopt NO-EXPRESSED-PREFERENCE or OPT-OUT by default.
It MUST NOT transmit OPT-IN without explicit user consent."
The standard explicitly allows opt-out as a default
Good day for the EFF to release the alpha of privacy badger that blocks tracking cookies http://www.pcworld.com/article... https://www.eff.org/privacybad...
"On by default" is not an entirely accurate description. When you first run a version of Internet Explorer that supports DNT (IE8), or Windows 7 or 8, you are presented with several configurable options, one of which asks if you want to allow tracking by advertisers. While the "yes" radio-button is pre-selected, users do have to actively accept this choice. It is not as if Microsoft invisibly enabled this feature without alerting the users.
Admittedly, many users will just accept the defaults and press "OK", but they are still making that choice. Given the choice people generally do not like being tracked, and - although most people have been trained to just press OK - were they properly educated about the issue most would likely enable DNT anyway. Moreso, few people complain that Microsoft also includes software to avoid phishing sites (e.g., SmartScreen) which are enabled by "default" similar to DNT; these capabilities are added because the end-users find them useful. Microsoft is just protecting users from skeevy internet marketing, and just because some firms depend on this sort of underhanded tracking in no way excuses them from their deceitful practices. Features like "Do Not Track" were created because advertisers pushed too hard in one direction; now they ignore user's attempts to bring balance to the equation. I have no sympathy for the Googles and Yahoos and Facebooks; they broke the social contract first.
Microsoft is losing the battle for online advertising, so they are instead trying to poison the market. In MSIE 10 and 11, the "do not track" is on by default, which means the user never actually made a decision to set it
It's on by default, but it is also part of the setup questionnaire when you first start up Windows 8 so it's not like the user isn't presented with the choice...
Nobody's arguing that. The mistake is in thinking of DNT with a privacy/security mechanism. If that's what it were, Microsoft's decision would be defensible or even good. But DNT is something totally different. I'd argue two things:
1) DNT is for expressing a user's preference. Not even just a preference, but the user's preference. It is impossible for any application's default setting to express a user's preference for anything. (Your editor can default to a white background, but it can't, out of the box, honestly tell other people that YOU prefer swiss cheese over provolone. The person who wrote your editor might have some strong opinions and could even show some polling information, but in the end, he doesn't really know what kind of cheese you want. He can only take a guess.) MSIE's default DNT:swiss header is a communication between a web server and Microsoft Corporation, rather than a communication between a web server and a user.
Yes, a DNT:swiss default is a bad thing (just as bad as a DNT:provolone default). By doing that, Microsoft undermined DNT and helped the ad industry justify ignoring it. If you're a user, you should be angry at MS about this (at least so far as DNT is important at all).
2) DNT is nearly useless for protecting a user's security. If you want security, then you must deny capability to your adversary, or put costs on things, not merely politely ask him to behave in a certain manner. That means having your browser not initiate certain connections, or not send certain things (or send noise) over those connections, or .. whatever.
I have to say "nearly" useless because at least DNT could signal that some users care, but just don't care enough to stop sending intell. But it looks like this subtlety was lost on .. damn .. nearly everyone, I think.
Up to now I've thought of DNT as a basically good idea (a weak one, but still positive), but maybe it's time to accept that if nobody understands DNT then it can't possibly communicate anything meaningful.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.