Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Coalition Announces New 'Do Not Track' Standard For Web Browsing

Posted by samzenpus on from the don't-track-me-bro dept.

An anonymous reader writes: The Electronic Frontier Foundation, privacy company Disconnect, and several other organizations are publishing a new DNT standard. Partners in the coalition include: publishing site Medium, analytics service Mixpanel, AdBlock, and private search engine DuckDuckGo. Thought it's still a voluntary policy, the EFF hopes the new proposed standard will provide users better privacy online. "We are greatly pleased that so many important Web services are committed to this powerful new implementation of Do Not Track, giving their users a clear opt-out from stealthy online tracking and the exploitation of their reading history," said EFF Chief Computer Scientist Peter Eckersley. "These companies understand that clear and fair practices around analytics and advertising are essential not only for privacy but for the future of online commerce."

40 of 75 comments (clear)

  1. Oblig xkcd. by sims+2 · · Score: 4, Funny

    Oblig xkcd https://xkcd.com/927/

    --
    Minimum threshold fixed. Thanks!
    1. Re:Oblig xkcd. by siddesu · · Score: 1

      Oblig DNT implementation: https://privatelee.com/search/...

  2. Who cares! by SeaFox · · Score: 3, Insightful

    Without the cooperation of the advertising industry this will be as successful as the last "Do Not Track" initiative.

    1. Re:Who cares! by Anonymous Coward · · Score: 1

      So, it's this time again of the week to mention the following browser extensions to help reduce advertiser tracking:

      - Ad Block Plus, or some derivative
      - No Script
      - Ghostery

      There are others, but those are the ones I typically have installed. You also should probably remove Flash if you don't need it, they collect tons of info.

    2. Re:Who cares! by spire3661 · · Score: 3, Interesting

      The advertising industry is the enemy. We need to start pushing back a lot harder. Computers are now designed as advertising machines, its time to end it.

      --
      Good-bye
    3. Re:Who cares! by SeaFox · · Score: 1

      Don't need to tell me. I already use AdBlock Plus and Ghostery.
      I just see no reason to start any sort of "do not track initiative" when there are going to be slimy companies that ignore it anyway and even if there were legal requirements they follow it, they would just relocate outside the jurisdiction.

    4. Re:Who cares! by ShanghaiBill · · Score: 1

      its time to end it.

      Sounds good! Please let us know when you have your ad free alternative to Google ready to go.

    5. Re:Who cares! by citizenr · · Score: 1

      LOL cooperation, all we need is EU announcing respecting DNT mandatory and spamming million euro fines.

      --
      Who logs in to gdm? Not I, said the duck.
    6. Re:Who cares! by ShanghaiBill · · Score: 1

      You're welcome.

      Nope. According to Wikipedia: Initially self-funded by Weinberg, DuckDuckGo is now advertising-supported.

    7. Re:Who cares! by mister_playboy · · Score: 1

      Why would you use proprietary and advertiser-owned Ghostery when you could use the EFF's own Privacy Badger instead?

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    8. Re:Who cares! by Xest · · Score: 1

      Didn't Google get hammered by Apple users for ignoring some Safari setting and tracking them anyway though? If so why are other ad companies special, are they not just a similar court case away from a costly payout?

      It seems that if your browser says "Do Not Track" and they track you, then they're flagrantly violating your privacy.

      Sounds like it just needs people willing to take these guys to court just as Google was hauled through the courts.

    9. Re:Who cares! by Richard_at_work · · Score: 1

      You mean do it the proper way? As in ensure the browser doesn't pass on information you don't want it to pass on?

      All this Do Not Track bullshit really is is you asking random third parties not to do stuff with the data you voluntarily and willingly hand over to them - surely it would be better they didn't have it in the first place...?

    10. Re:Who cares! by Richard_at_work · · Score: 1

      No, Google got hammered for specifically circumventing a security setting on the browser side in order to do something (yes, the browser is also at fault, but in this case Google was doing something tantamount to exploiting a security issue) - which is entirely different to not doing something server side with data voluntarily sent by the browser.

      The Google issue is entirely different to the advertising tracking issue.

  3. Remember when microsoft tried to do DNT? by sims+2 · · Score: 1

    Many ad networks ignore the DNT flag as microsoft made it the default on new installations. So they don't consider it a valid user opt out

    --
    Minimum threshold fixed. Thanks!
    1. Re:Remember when microsoft tried to do DNT? by Anonymous Coward · · Score: 1, Insightful

      ... which was exactly microsoft's intention, so they could push their own (list based) privacy system...

  4. This is pretty funny. by xxxJonBoyxxx · · Score: 2

    Have you read the privacy policies of any modern web site? Almost all say "we do not pay any attention at all to any 'do not track' flags, cookies, etc."

    1. Re:This is pretty funny. by Anonymous Coward · · Score: 1

      This makes me want to develop a sousveillance (no, that's not a typo) plugin.

      Users with the plugin could aggregate various cookies and headers that get sent back from all sorts of websites and domains. These could be forwarded back to a centralized database, and a rule could be made for the contents of each one. The rule could then be used to generate fake values for that cookie. At this point, the plugin could also check with the server about each cookie it encounters and send back fake values on the next request. Obviously, only tracking cookies would be targeted.

      Automated well-poisoning is the next step in this arms race. And if I just thought of it and posted it here on /., there are probably a dozen plugins that either already do this or are in development to do this. I can't be the only one, or even the first, to be willing to subvert HTTP itself to destroy online advertising.

  5. Color me skeptical by Anonymous Coward · · Score: 1

    Asking nicely hasn't helped either side in this debate to any great degree in the past. How is it going to help this time?

    No advertiser asked nicely if the users would prefer to see ads.

    No user asked nicely if the sites would prefer to not get any revenue.

    Few sites asked nicely if the user would allow their preferences to be overridden just for them. (I only know of Ars Technica, but I'm sure there were a few others.)

    No sites asked nicely if browser makers would leave DNT headers turned off.

    No advertiser asked nicely if they could please, pretty please make advertising even more annoying.

    No user asked nicely if they could wholesale nuke all scripting, plugins, and request passing without a whitelist entry.

    And now, no site is going to pledge to discard perfectly marketable data with a steadily increasing street value just because the EFF is asking nicely.

    This proposal is right next to the dictionary entry for "non-starter".

  6. Meh by steelfood · · Score: 2

    My DNT: Noscript, and Ghostery.

    If I really, really want to avoid being tracked, I'd switch to TOR. But that's for medical and other very private stuff.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    1. Re:Meh by mlts · · Score: 1

      I'd add a Windows VM, sandboxIE and a VPN onto the list. It isn't as secure as TOR, but it does at least put a speed bump in place if someone is on your LAN trying to do shenanigans.

      Eventually, I might put the VM on a vSwitch with a PFSense firewall, so I can set up a router ACL to drop all the bad sites there, but keeping the web browser running as a non admin user and in a sandbox will do a lot, and if there is some API calls that the sandbox program doesn't catch, it still has to get out of the VM.

    2. Re:Meh by SuricouRaven · · Score: 1

      With five laptops, four tablets and a desktop split amongst the family, it's a lot more practical for me to use a more central means. I've a transparent squid proxy that blocks a lot of the servers used for tracking.

  7. Tell your kids this when you drop the net. by deviated_prevert · · Score: 1

    That your can't afford to use the net because someone broke in and stole the cookie jar. You surrender your rights to privacy when you use the net period. The crooks and advertising scam garbage will start to have no where to hide though because their use of cookies is easily traced and exposed so in a way the loss of complete privacy on the net is a trade off. Unless of course you trust Microsoft and Bing to not track you or take money from advertisers. LOL

    --
    This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
  8. The fox doesn't care... by QuietLagoon · · Score: 4, Insightful

    The fox does not care if the sheep pass a law in favor of vegetarianism.

  9. finally by The-Ixian · · Score: 3, Funny

    I can just check a box, dust off my hands and feel safe in the knowledge that all the sites I visit are not tracking me... phew.

    --
    My eyes reflect the stars and a smile lights up my face.
  10. What nonsense! by Anonymous Coward · · Score: 2, Insightful

    What's the EFF trying to pull here? The only way to enforce DNT is through aggressive blocking at our end. The damn advertisers can put up static ads, with links if they want, on the main page if they want us to see them. Anything more intrusive than that should simply be blocked and forgotten.

  11. Re:Riddle me this by Anonymous Coward · · Score: 1

    Because gun control makes sense unless you live in an area that (you guessed it) lacks gun control. There's no sane reason to not try to keep our use of deadly weapons to a minimum. And no, it's not limited to guns, but all weapons; gun regulation in the States just happens to be a farce compared to most of the civilized world, no matter how many people pretend it's strict or that just because knives and cars are also deadly, guns can't be a big problem as well.

  12. Hasn't this been done before (read P3P) by mlts · · Score: 2

    We already has a privacy initiative, something called P3P which fizzled. DNT went nowhere, and this project is probably going to go nowhere as well.

    The reason is that there are many, many companies whose basis of existence is to intrude as much as they can on the user browsing a site. If they can inject adware/malware, they would.

    Real DNT consists of AdBlock, click-to-play or FlashBlock, then keeping the Web browser separated from anything vital, be it in a VM, sandboxed, or both. That way, LSOs or other "super-cookies" left behind are dealt with.

    1. Re:Hasn't this been done before (read P3P) by Dwedit · · Score: 1

      That's all good and everything, until the first party sites start colluding with the third party sites to tell them what they've missed.

  13. Re:Riddle me this by Anonymous Coward · · Score: 1

    How come so many geeks understand why DNT fails, but turn around and argue for gun control?

    Advertisers already have logs of users who saw their ads. Many people who would do bad things with a gun do not have one yet.

    You may argue that controlling the physical availability of guns is as hard as forcing advertisers to not log web requests. If you can prove this, then the analogy works. But without that argument you are missing a critical step.

  14. p3p works great!! by netsavior · · Score: 1
    P3P headers people!!!!

    All you have to do is be on Internet Explorer, and trust that a website does what it says it will do in its cryptic http header that was generated by a discontinued, closed source IBM tool, what's the problem?

    according to microsoft, only a few inconsequential websites like those losers at Facebook and Google use "technological trickery" to get around this very important abandoned web standard from 2002 that only Internet Explorer implements.

    seriously the MSDN article I linked is hilarious, here is a gem:

    Unfortunately, a small number of websites (like YouTube and Facebook) circumvent P3P settings by sending a P3P statement that consists of only undefined tokens, like this one:

    P3P: CP="This is not a P3P policy! See //support.google.com/accounts/bin/answer.py?answer=151657&hl=en-US for more info."

  15. Why such efforts are fruitless by Opportunist · · Score: 2

    Do we mind the reputable advertisers? Hardly. And before any snide comments, yes, they do exist. Advertisers that understand that the only effect those in-your-face ads with blaring music have is that more people are getting pissed to the point where they start looking for a way to block that shit. Normal ads, banners and maybe even flashing banners, don't provoke that reaction. People load them and may even click them when the topic is interesting.

    These are also the kind of advertisers that will honor such do-not-track standards.

    And then there's the assholes that just want to abuse you for their gains. The kind of junk that comes piggy-backing with some "free" software that messes with your browser settings and invades your privacy. The kind you absolutely do NOT want.

    And these are also the same assholes that don't give a shit about such DNT systems.

    And as long as this is the case, people will use ad-blockers and of course they in turn won't give a shit about blocking the "good"... or let's say "less annoying" advertisers along with the real reason they install such content sanitizing tools.

    "Honest" advertisers, if you really want us to believe in your DNT tech and not block you whenever we have a chance: Weed out the bad apples in your industry. Lobby for laws that outlaw such practices. For as long as these assholes are allowed to exist, we will block you, too.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  16. advertisers followed DNT, browsers broke the proto by raymorris · · Score: 1

    Major advertisers starting following the DNT standard.
    Then browser vendors broke the protocol, in such a way that it became useless.

    The protocol was a way to say "this user chosen has opted out of any customizations, saved favorites, or other features that rely on cookies or similar technologies. This user wants more than the default level of privacy, and is willing to give up features which depend on cookie or other tracking."

        When browsers started lying and sending a DNT headers for people who had NOT made that choice, the protocol became useless.

  17. Privacy Badger by Trax3001BBS · · Score: 2

    EFF has an ad/tracking blocker https://www.eff.org/privacybad...
      it's a brain dead little thing that sits unobtrusively in the menu bar of Firefox. It detects 3 trackers from /. so I block them, but my HOSTS file is what's really blocking what needs to be.

    I installed it yet never really used it, noticed it one day (that's how unobtrusive it is) and now use it to block EA.COM while I play my games.

    Actually I don't think it's blocking anything just telling me what it can as my HOSTS file is doing all the work, but for a real simple ad/tracking blocker it's ok.

    1. Re:Privacy Badger by Trax3001BBS · · Score: 1

      EFF has an ad/tracking blocker https://www.eff.org/privacybad...

      I do need to mention I have the first version. I've never updated it, so my experience with it are of a very old version.

    2. Re:Privacy Badger by Trax3001BBS · · Score: 1

      I do need to mention I have the first version. I've never updated it, so my experience with it are of a very old version.

      EFF has an ad/tracking blocker https://www.eff.org/privacybad...

      Yes it's a repost (correctly this time) I don't wish to discredit EFF, I am speaking of a very old program.

  18. Re:Riddle me this by delt0r · · Score: 1

    citation required. I have spent a lot of time in both places. Both places are peaceful enough. I find almost an order of magnitude difference in violent crime highly dubious. Unless London reports every pub brawl, and NY doesn't.

    --
    If information wants to be free, why does my internet connection cost so much?
  19. Re:Riddle me this by Anonymous Coward · · Score: 1, Informative

    New York and London have similar levels of violent crime. However, London has slightly more vehicle theft, but the New York homicide rate is almost 3 times that of London. Amazingly guns do kill people, who knew?

  20. In other news... by angularbanjo · · Score: 1

    Advertising Coalition Announces New 'Do Not Give A Fuck' Standard For Web Browsing

  21. Re:advertisers followed DNT, browsers broke the pr by SeaFox · · Score: 1

    Major advertisers starting following the DNT standard.
    Then browser vendors broke the protocol, in such a way that it became useless.

    We need ALL advertisers to be beholden to follow a DNT standard, not just a few key players.
    Otherwise you'll just end up with all the other advertisers suddenly getting bigger when companies flock to the ad agencies that have better access to consumers since they are not honoring DNT. This will likely be followed by the ones that did agree to honor DNT ducking out of the agreement, because there are so many companies not following the rules so the initiative is worthless they'll say. The whole thing will just collapse on itself.

  22. Re:PrivacyBadger = ABP code & inferior vs. hos by Trax3001BBS · · Score: 1

    Can PrivacyBadger do 16 things hosts do for speed, security, & reliability:

    5.) Protect vs. downed DNS (adds reliability)
    6.) Protect vs. DNS redirect poisoned dns
    8.) Protect vs. spam
    12.) Keep you off dns request logs

    From a HOSTS advocate:
    Only if one has that address in their HOSTS file to begin with.

    Can't post what I want: Filter error: Lameness filter encountered

    but 6 days of phone calls up to 6 a day, then hijacked to a PS3 to face this
    http://i60.tinypic.com/2iiip3r...

    Still don't know if I should report it to the FCC as at face value it's a violation of the Net Neutrally act. - an ISP can't redirect for profit, thing is I use OpenDNS.

    Yes system was check very thoroughly (autoruns) nothing on my end.