Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Stop Enabling 'Do Not Track' By Default

Posted by Soulskill on from the do-not-do-not-track dept.

An anonymous reader writes: The history of the do-not-track setting for web browsers has been rife with debate. It took a long time for web experts to come to anything resembling a consensus on how it should be implemented, and the process isn't over yet. Microsoft took criticism for enabling the do-not-track setting by default in Internet Explorer. While it sounds good in theory, many worried it would just spur websites to completely disregard the setting (and some, like Yahoo, did just that). Now, Microsoft has reversed their stance. The do-not-track setting will not be enabled by default in the company's future browsers. They say, "Put simply, we are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C standard. ... As a result, DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so."

35 of 64 comments (clear)

  1. How many sites actually honor DNT? by rujasu · · Score: 1

    My understanding was that DNT has mostly been a failure, though I don't know how much of that has to do with IE's default behavior. Am I wrong about that? Are there lots of sites out there honoring the DNT setting?

    1. Re:How many sites actually honor DNT? by Nartie · · Score: 2

      The whole thing is silly. Some sites might say they honor it, but there's no way to know if they actually honor it or just pretend to honor it. It's a lot easier to ignore DNT and just delete the cookie.

    2. Re:How many sites actually honor DNT? by Anonymous Coward · · Score: 5, Informative

      I work in the internet advertising industry and the big exchanges do respect it. In fact, if companies that work with them don't follow DNT they can get booted.

      Mind you this is just the more legit companies though.

    3. Re:How many sites actually honor DNT? by ShanghaiBill · · Score: 3, Informative

      My understanding was that DNT has mostly been a failure

      It failed because Microsoft deliberately sabotaged it. DNT was supposed to be an affirmative indication of customer preference. But instead, Microsoft set it automatically in their browsers, prompting most websites to ignore it, since it no longer meant anything.

    4. Re:How many sites actually honor DNT? by QuasiSteve · · Score: 2

      DNT was DOA.

      What site in their right mind would actually honor - and I mean fully, including through any third party content (and yes by that I mean ads) or 'accidental' methods via supercookies / sharing of information at the backend of several sites within one's control - something that's merely a 'request' by a user (regardless of whether they were semi-automatically opting into making that request) and has no legal stick behind it?

      If anything, Microsoft making it the default in Windows' installation express settings just exposed exactly this issue when sites started saying they would ignore the setting "because Internet Explorer". That was always a completely transparent bullcrap excuse.

      Just have a look at what countries with strong 'cookie' laws have going on. Are there some sites that do disable the tracking cookies while leaving cookies for functionality up? Sure, of course they exist. And for every single one of them, there's dozens that will throw a banner in your face suggesting that you have a choice: allow the tracking cookies, or piss off.

      Some might say "so piss off and go to another site" - except there often is no such other site, and most people given the choice between being able to consume and not being able to consume at the expense of intangible tracking will happily be tracked so the sites never feel it in their bottom line either.

      This is the sort of thing that I would expect to happen with DNT as well: A banner with something like "You currently have DNT enabled - to access the rest of this article, please disable DNT or click here to allow our servers to store information about your visit this once.", which eventually gets old and users disable DNT.

      And yes, that sort of thing is facilitated in the DNT spec: http://www.w3.org/TR/tracking-...

      DNT was never going to get anywhere particularly useful for end-users while adding a layer of headache on the server side. Browsers' default behavior and browser extensions have done far more to inform users of the issues of ads and tracking and how to mitigate those issues.

    5. Re:How many sites actually honor DNT? by Anonymous Coward · · Score: 2, Informative

      Seconding that. I've certainly spent enough sprints working on good opt-out handling.

      It's mostly big advertisers that respect DNT because 1) they have something to lose and 2) they have the resources to bother. Probably the main websites you actually visit don't care, but the ads that show up on them do. With DNT on you might see more repeats of ads, because they can't limit how many times they show you one, etc.

    6. Re:How many sites actually honor DNT? by sumdumass · · Score: 1

      Ideally maybe but in reality not quite.

      But this does introduce the question of EU privacy laws. Would ignoring the do not track flag put those companies in the same boat as the companies like Facebook that seems to be in some trouble for ignoring their own tracking opt out.

      I'm not sure if the EU law would cover this as while it is implicit it isn't a direct notification to the companies. This might allow some wiggle room. Any one know for sure?

    7. Re:How many sites actually honor DNT? by QuasiSteve · · Score: 1, Insightful

      But instead, Microsoft set it automatically in their browsers, prompting most websites to ignore it, since it no longer meant anything.

      It never meant anything anyway, but that as an aside...

      No, Microsoft did not 'automatically' set it. Though that may depend on one's definition of 'automatic'.

      Does an installer 'automatically' install adware, if you miss unchecking the option "Install Slowbar for Chrome"?
      If yes - you have a point.

      If no - then there wasn't anything automatic about it. Enabling Do Not Track in IE was one of the settings explicitly listed in the Express Settings screen, and users could certainly choose the Customize option to disable it.
      http://core0.staticworld.net/i...

      The W3C, after Yahoo's complaints, decided to clarify that it should be the user's choice.

      Of course the next question then becomes whether opt-out still implies a user choice just as much as opt-in would be.
      I.e. did the user actually read that line, did they actually understand what it meant, and did they consciously decide to continue with the Express Install with said understanding in mind? If yes, then the user made the choice.
      If no, then it could be argued that Microsoft had made the choice for the user.

      But even if that is the case - is that a bad thing? To draw a parallel - almost every browser now blocks pop-ups. By default. Without even asking the user if they want this behavior. Do you honestly think that if there were an X-Do-Not-Popup header, sites would honor this setting - and we would now not be subjected to pseudo-popups (content inserted into the DOM and drawn on the center of the browser client window)? And do you blame browser makes for making the choice for the users regardless?

      Maybe Microsoft did deliberately sabotage it - but I welcome their sabotage as it merely accelerated the natural process.

    8. Re:How many sites actually honor DNT? by PsychoSlashDot · · Score: 2

      My understanding was that DNT has mostly been a failure, though I don't know how much of that has to do with IE's default behavior. Am I wrong about that? Are there lots of sites out there honoring the DNT setting?

      Agreed. Besides, it turns out that the default for web servers for their DNGAF option (Do Not Give A Fuck) is also enabled.

      --
      "Oh no... he found the .sig setting."
    9. Re:How many sites actually honor DNT? by 0123456 · · Score: 1, Insightful

      So you're claiming that there are people who actually want to be tracked wherever they go on the Internet?

      Oh, you must work for an advertising company, right?

    10. Re:How many sites actually honor DNT? by idontgno · · Score: 1

      Well, you know how it is. The over-the-top scumbag marketers gives the remaining 1% a bad name.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    11. Re:How many sites actually honor DNT? by hairyfeet · · Score: 1

      Uhhhh sure you can check it, quite easily too. Just clear your cache, slap Privacy Badger on the Chromium or Gecko based browser or your choice (I like Chromodo and Pale Moon but YMMV) and immediately go to the site and see if Privacy Badger shows they are tracking you despite having DNT on in your browser. If they are you know they are full of shit, easy peasy.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    12. Re:How many sites actually honor DNT? by Sowelu · · Score: 1

      Okay now, hold up a second. Almost everyone here is complaining about how they assume every company ignores DNT, because it's easy and profitable to ignore. Key word "assume".

      I don't see a lot of horror stories, or any evidence that any major company at all really is ignoring DNT (except like...with Chrome, or Facebook, but then that's Facebook and what do you expect). I do see people who actually know the industry saying otherwise, and the TOC for the big networks agree with them. Advertising is mostly big companies these days, it's not the Wild West it used to be, and it sure seems like the big professional companies run the majority of ads on the majority of non-porn, non-torrent sites. When you look for articles about DNT, it's full of big companies grousing about how DNT is costing them money. Content providers don't like DNT because their ads are worth less, and if DNT wasn't actually being followed, you wouldn't think they would have a problem.

      Who exactly is ignoring it? Who's the bad guys? I'd really like to know.

    13. Re:How many sites actually honor DNT? by tehlinux · · Score: 1

      IE's default behavior was just an excuse to ignore users' tracking preferences. Whether companies like yahoo will continue to ignore users' explicit preferences remains to be seen.

      --
      Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
    14. Re:How many sites actually honor DNT? by ShanghaiBill · · Score: 1

      So you're claiming that there are people who actually want to be tracked wherever they go on the Internet?

      Once the advantages and disadvantages are explained, yes, most people are fine with it. It means websites remember their preferences, and remember what content they have already read. It also means they are more likely to see ads for things they are interested in, rather than something random. Disadvantages? I don't see any, other than silly paranoia, since the NSA, and anyone else that intents to harm you, doesn't abide by it anyway.

    15. Re:How many sites actually honor DNT? by mrbester · · Score: 1

      Website preferences have nothing to do with DNT.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    16. Re:How many sites actually honor DNT? by Sowelu · · Score: 1

      It also means that the content sites they visit make a hell of a lot more money. 10x as much is not an unreasonable estimate, and is sometimes low. Generally means that the sites are higher quality. But that's more tragedy-of-the-commons, and less of a direct effect.

    17. Re:How many sites actually honor DNT? by morebetterthanyou · · Score: 1

      It failed because it was a dumb idea. The companies/sites that would honor it would probably not be problematic in the first place as they would have decent policies regarding user data. The sites that would choose to ignore it don't care what you want. Do not track is going to be about as effective as asking that Indian guy who calls your cellphone to sell you dick pills to stop calling.

  2. Trust is not a solution by Anonymous Coward · · Score: 1

    The solution is to *block* their ability to track.

  3. Re:What is this IE you speak of? by DogDude · · Score: 1

    Sorry, but depending on whose statistics you're looking at, you have it completely backwards. Most of the world still uses IE, and a Firefox is a distant 3rd.

    https://www.netmarketshare.com...

    --
    I don't respond to AC's.
  4. What does it matter by Anonymous Coward · · Score: 1

    when websites completely ignore do-not-track, and browsers like Chrome and Safari send all your usage-stats to Google and Apple whether you like it or not.

  5. its up to you by nimbius · · Score: 1, Flamebait

    DNT was always a tongue in cheek sentiment. it was an industries attempt to divert attention from the widely embraced practice of turning users into cattle. the level of transparency through which disregard of the setting was employed only further served to relegate it to yet another pointless feature in an ecosystem of browsers that increasingly dont give two shits about their user

    so we've got IE, which is the drooling invalid of browsers for all intents and purposes, telling us its no longer honouring an empty standard as if thats something new the brand has just recently started doing. Chrome, which while offered was never enabled and never honoured by the parent developer, made do not track into just another keeping up with the jones' hedge clipping effort. And finally firefox, which embeds google and bing as default search agents and pushes targeted advertising to the user through its tabs. Firefox is probably the last chance a user has at a truly open browsing experience for what its worth, video chat option not withstanding. what makes it useful is the fact that you can truly take privacy into your own hands.

    Use duckduckgo, disable cookies, whitelist known sites, and employ bolt-ons like noscript, adblock, and https everywhere as well as flash cookie deletion plugins to turn the internet back into something recognizeable again. But remember, expecting the industry that makes money off paying internet users through their willful ignorance and by deceptive practices to get its fists out of the cookie jar and show some respect and restraint is like hoping a slaughterhouse starts caring about the color of the kill floor and the ambiance of the stun bolt.

    --
    Good people go to bed earlier.
  6. Notice the future of IE by Etrahkad · · Score: 1

    They claim that future IE releases will have this "feature" turned off by default now. They didn't say anything about Spartan. The trojan will continue to infest the battlements of Troy.

    1. Re:Notice the future of IE by moronoxyd · · Score: 1

      Actually, that's not what they say. The write (quote) 'As a result, DNT will not be the default state in Windows Express Settings moving forward'.
      Windows Express Settings is used by IE; sure. But it may also be used to set up Spartan.

    2. Re:Notice the future of IE by mcl630 · · Score: 1

      From TFA:

      "Microsoft is changing how Do Not Track (DNT) is implemented in future versions of our browsers"

      In fact, the only mentions of IE in TFA are where they are discussing the previous behavior.

  7. "The new Microsoft"? by faragon · · Score: 1

    So they keep bullying Android device makers with patents, reducing privacy, etc. I see.

  8. How about asking? by Todd+Knarr · · Score: 1

    How about making part of the browser installation a check for whether DNT's been set one way or the other, and if it hasn't then prompt the user for how they want it set? It's one dialog during the first installation with a track/do-not-track answer (with no default button so just pressing Enter without thinking won't do anything), and then there's no ambiguity whatsoever about whether the DNT status is the user's choice or not.

  9. Re:What is this IE you speak of? by LordLimecat · · Score: 3, Informative

    Firefox doesnt look so hot when you look at the number of CVEs, particularly remote code execution:

    http://www.cvedetails.com/prod...
    http://www.cvedetails.com/vers...

    It beats IE 11 by a small margin in RCEs, but loses in total vulns. Its really not that great of a browser, lacking common security mechanisms like plugin isolation.

  10. Re:Just Disable Cookies by LordLimecat · · Score: 2

    It's far more effective to simply disable the means of tracking you.

    And far more impossible. How do you propose to stop a webserver from logging your visit or knowing your IP?

  11. Re:Just Disable Cookies by sunderland56 · · Score: 1

    They can log *a* visit, and know *an* IP, but they can't uniquely identify you versus the 1,753 other people at that Starbucks today.

  12. Re:Just Disable Cookies by mrbester · · Score: 1

    They can with browser fingerprinting. It's easy and you don't even need cookies enabled to do it.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  13. Re:Windows Express? by Sowelu · · Score: 1

    That's (Windows) (Express Settings), not (Windows Express) (Settings). I'm pretty sure it applies to the small number of settings you're forced to click through when you first configure your machine, and the presence of a setting in that set doesn't mean they're hiding other settings in the system.

  14. And more fundamentally: by fyngyrz · · Score: 1

    Opt-in is the right thing to do.

    Opt-out is the wrong thing to do

    If some action of yours is "optional," let the user CHOOSE if they want it done; don't inflict it on them and assume that's ok. EVER.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:And more fundamentally: by hairyfeet · · Score: 1

      What DaFuq are you babbling about? Are you high, just doing a REALLY shitty job of trolling for Karma, or what? What the fuck does a damned bit of what you wrote have fuck all to do with privacy badger or testing websites for DNT compliance?

      How about reading what you are actually responding to before dribbling crap all over the screen, kthxbye.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  15. Re:Just Disable Cookies by johanw · · Score: 1

    This is, but since all those followers don't want to use this technique but instead prefer Javascripts and cookies on the sites you visit they make it quite easy for you: use plugins like Ghostery to block them.