Slashdot Mirror
Google and Apple Weaseling Out of "Do Not Track"
An anonymous reader writes "Per an op-ed in today's New York Times, Google, Apple, and others would be effectively exempt from "Do not track": "[T]he rules would allow the largest Internet giants to continue scooping up data about users on their own sites and on other sites that include their plug-ins, such as Facebook's 'Like' button or an embedded YouTube video. This giant loophole would make 'Do Not Track' meaningless."
DNT is and always was optional, why bother?
Weaseling out of things is what separates us from the animals! Except the weasel...
"A study commissioned by the Interactive Advertising Bureau with researchers from Harvard Business School underscores the point: at least half of the Internet’s economic value is based on the collection of individual user data, and nearly all commercial content on the Internet relies on advertising to some extent. Digital advertising grew to a $42.8 billion business last year, a sum that already exceeds spending on broadcast television advertising."
One way or another, you pay for your free Internet services.
Firstly because of the hysterical tone, secondly because it's an op-ed, and thirdly because it's on Slashdot.
Can someone who knows what's going on analyze this and give a reasonable non-hysterical interpretation? I don't necessarily /trust/ the companies mentioned, but again the submission stinks.
I don't mean to sound glib but, of course they are!
Both company's entire business models are 100% predicated on tracking people. Facebook has a $200B market valuation based on nothing but tracking the ever-living-shit out of as many people as they possibly can. Two hundred billion fucking dollars! There is simply no way these companies will ever agree to not track anyone when there is that kind of money on the line. For that kind of money they will murder people before they give up tracking. That is "invade a foreign country" levels of money on the line. All those people who thought GM conspired to kill the electric car 20 years ago, this is easily 10x more than that.
You go to a Google site, expect to be tracked. If it's an issue to you, don't do to a Google site.
If you want news from today, you have to come back tomorrow.
After Edward Snowden and others came out showing that neither Apple nor Google give 2 shits about their customer's privacy, I've switched to using TOR. Not only that, I limit what my Android phone can see on my PC by ONLY allowing it to connect to a VM running from VirtualBox and of course using a custom Android build.
It's time people give these fuckers the middle finger... They make enough off of us already.
"Do not do anything that you don't want to see on the front page of the New York Times", has included "or Google searches" for quite some time.
Assume there are no secrets on the Internet; any other expectation is unrealistically optimistic.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
"Do Not Track" never meant anything at all. It's the equivalent of a "Please be nice to me" button.
We need technical solutions to make fingerprinting harder/impossible. Especially the canvas/font techniques.
meep
There is nothing to weasel out of. There is absolutely nothing that requires anyone comply with "Do Not Track."
Did anyone actually believe that the do-not-track flag was effective? There is pretty much no way it can be enforced and the companies can do whatever they want in most cases. E.g. Facebook does not honor it outright, most advertising networks ignore it as well. It was only a silly boondoggle to quickly placate the regulator/lawmakers by showing that the self-regulation in the advertising industry actually "works" and thus no heavy-handed regulation is necessary. That flag is completely useless otherwise.
If you want some semblance of privacy from the pervasive tracking, you must use a solution that is completely under your control - i.e. ad blockers, NoScript, Ghostery, block Flash, etc. and not something that relies on the good will of the advertiser that they will obey some silly flag.
Because if we do, we need to help more people use technical solutions (like the excellent ghostery) and work to put regulations on an industry that will do everything it can to weasel out of them. What we do not need is to blame users for not knowing enough to install tech solutions, say "this surprises no one", or "companies can do whatever they want" or "everything on the internet is public" or "if you are being tracked it is because you choose to be". Here's a thought - if you let companies get away with whatever they want it is because you are choosing not to be part of the solution. So change that. We can work to subvert tracking online and campaign against tracking (and for regulation) at the same time. Unless we don't really want privacy. But I hope that is not the case.
Is there any excuse beyond "Apple is better link bait than Facebook"?
"'Do Not Track' meaningless"
FFS did anyone think they would honor that?
"If any question why we died, Tell them because our fathers lied."
Do Not Track was always useless.
Why the fuck are we still talking about it years later? And why the fuck have browsers taken it even semi-seriously?
It's the "evil bit" for the Internet - nothing more than a joke. Let's treat it like that.
No. Ad spend simply followed society as they moved from TV to internet, there's nothing bubble about that, the internet is not a fad.
That doesn't accurately reflect the majority of the web.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Of course Do Not Track is meaningless.
It has always been meaningless. It's a voluntary thing which says nothing at all, and isn't legally binding. It's complete drivel. It's something the industry put out to give the illusion of giving a shit about what we want.
Want to prevent tracking? Don't let the packets happen in the first place. Use things like NoScript, Request Policy and HTTP Switchboard to deny the access entirely.
Treat this stuff like the shit that it is ... intrusive advertising and tracking about everything you do.
The only way to win is block as much of this crap from your browser as you can. You don't owe these companies this data, and the less you provide to them the better.
And when they whine and bitch about their revenue stream and their terms of service ... well, too damned bad. You aren't required to pull in any packets you don't wish to.
Once you start using these blocking plugins, you'll be amazed at just how much crap is actually embedded in most every page. One some sites, literally dozens of 3rd parties ... none of whom give a shit about your Do Not Track setting. So just block them entirely.
Lost at C:>. Found at C.
As long as its not enforceable by law the DNT option is 100% untrustworthy. Do you think our government officials will make it a law?? HAHAH look how long it took for them to put the hammer down on telemarketers. They allow them to spy on us, collecting the very same data the cops would need a warrant for. Nope our Government is bought and paid for by theses corporations we are screwed.
Jack of all trades,master of none
Looking at the actual text of the W3C doc, I think the author of the Times article got it wrong. The language defining "first party" does allow for multiple first parties on a page, but evaluation of "first partiness" is on an interaction-by-interaction basis. The idea is that if the user visiting slashdot, which happens to host Google ads, is actually intending to interact with Google on the slashdot page, then Google is a first party and can track the user. But clearly the user is not intending to interact with Google in that case, so Google could not track a user who had requested no tracking, and would have no advantage over smaller ad networks.
The exception would be if slashdot started putting Google+ "+1" or Facebook "Like" buttons on its articles. Then, by my reading of the text, the button provider would be allowed to track users who clicked on the relevant button. This would be an advantage over smaller ad networks, but it's one that already exists.
The terminology section of the doc makes all of this pretty clear, IMO.
A network interaction is a single HTTP request and its corresponding response(s): zero or more interim (1xx) responses and a single final (2xx-5xx) response.
A user action is a deliberate action by the user, via configuration, invocation, or selection, to initiate a network interaction. Selection of a link, submission of a form, and reloading a page are examples of user actions. User activity is any set of such user actions.
A party is a natural person, a legal entity, or a set of legal entities that share common owner(s), common controller(s), and a group identity that is easily discoverable by a user. Common branding or providing a list of affiliates that is available via a link from a resource where a party describes DNT practices are examples of ways to provide this discoverability.
With respect to a given user action, a first party is a party with which the user intends to interact, via one or more network interactions, as a result of making that action. Merely hovering over, muting, pausing, or closing a given piece of content does not constitute a user's intent to interact with another party.
In some cases, a resource on the Web will be jointly controlled by two or more distinct parties. Each of those parties is considered a first party if a user would reasonably expect to communicate with all of them when accessing that resource. For example, prominent co-branding on the resource might lead a user to expect that multiple parties are responsible for the content or functionality.
For any data collected as a result of one or more network interactions resulting from a user's action, a third party is any party other than that user, a first party for that user action, or a service provider acting on behalf of either that user or that first party.
A party collects data received in a network interaction if that data remains within the party’s control after the network interaction is complete.
A party uses data if the party processes the data for any purpose other than storage or merely forwarding it to another party.
A party shares data if it transfers or provides a copy of that data to any other party.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
disable 3rd party cookies. problem solved.