Slashdot Mirror
'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything (gizmodo.com)
An anonymous reader quotes a report from Gizmodo: When you go into the privacy settings on your browser, there's a little option there to turn on the "Do Not Track" function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop a porn site from keeping track of what she watches, or keep Facebook from collecting the addresses of all the places she visits on the internet, or prevent third-party trackers she's never heard of from following her from site to site. According to a recent survey by Forrester Research, a quarter of American adults use "Do Not Track" to protect their privacy. (Our own stats at Gizmodo Media Group show that 9% of visitors have it turned on.) We've got bad news for those millions of privacy-minded people, though: "Do Not Track" is like spray-on sunscreen, a product that makes you feel safe while doing little to actually protect you.
Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn't respect DNT, it does "provide multiple ways for people to control how we use their data for advertising." (That is of course only true so far as it goes, as there's some data about themselves users can't access.) From the department of irony, Google's Chrome browser offers users the ability to turn off tracking, but Google itself doesn't honor the request, a fact Google added to its support page some time in the last year. [...] "It is, in many respects, a failed experiment," said Jonathan Mayer, an assistant computer science professor at Princeton University. "There's a question of whether it's time to declare failure, move on, and withdraw the feature from web browsers." That's a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place. Only a handful of sites actually respect the request -- the most prominent of which are Pinterest and Medium (Pinterest won't use offsite data to target ads to a visitor who's elected not to be tracked, while Medium won't send their data to third parties.)
Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn't respect DNT, it does "provide multiple ways for people to control how we use their data for advertising." (That is of course only true so far as it goes, as there's some data about themselves users can't access.) From the department of irony, Google's Chrome browser offers users the ability to turn off tracking, but Google itself doesn't honor the request, a fact Google added to its support page some time in the last year. [...] "It is, in many respects, a failed experiment," said Jonathan Mayer, an assistant computer science professor at Princeton University. "There's a question of whether it's time to declare failure, move on, and withdraw the feature from web browsers." That's a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place. Only a handful of sites actually respect the request -- the most prominent of which are Pinterest and Medium (Pinterest won't use offsite data to target ads to a visitor who's elected not to be tracked, while Medium won't send their data to third parties.)
Ironically, the 'do not track' bit can be used as a piece of data to help track people.
All along, the hope was that governments would mandate respecting the 'do not track' flag. AFAIK no such thing has happened anywhere. If there are no big business interests behind it (a la Net Neutrality) it's very unlikely politicians will pay attention to it. OTOH, Congress is currently looking into privacy issues regarding Google and Facebook, so now would be the time to push the US govt. to mandate respecting the DNT flag.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
I don't recall Microsoft's implementation violating any of the published specifications. It didn't conform to what the advertisers wanted (opt-out implementation with the default being "allow to be tracked"), but it doesn't violate the spec. To quote from the spec (Tracking Preference Expression W3C Editor's Draft 07 March 2016):
Microsoft's browser is advertised as having this preference set by default, so the decision to use it by a user, knowing what the default was, would imply they wished to have DNT set by default. That this would result in less tracking than advertisers wish... doesn't seem to me to be within the scope of the standard. Every time users (as opposed to advertisers) have been surveyed, the results seem to heavily support an opt-in model where tracking is not permitted unless a user opts in to tracking (similar to the results for email where users heavily favor a model that does not permit email contact unless the user opts in to email contact).
Yep, I agree. This is one example of a time where Microsoft did exactly the right thing - privacy by default, and was one of the most shameful aspects of Mozilla's downfall, refusing to support privacy by default. For me, this was a major factor in dropping Firefox, as soon as it became abundantly clear that they favoured large ad networks over the user using logically invalid and morally bankrupt arguments to justify their stance it was ultimately the icing on the cake that pushed me over the edge having already lost patience with the technical ineptitutde of Firefox's staff through their repeated failure to secure their browser, fix memory leaks, and maintain decent performance on top of the general UI design failings as it went down hill.
The one thing that hasn't happened with DNT yet that really needs to happen is a big court case - I'd wager if you've set your browser to tell a site to not track you, but it does so anyway through wilful refusal to acknowledge your request then there's a fairly easily winnable case here, at least in the EU, certainly under GDPR this would now be seen as wilful infringement.
This for what it's worth is how I always saw DNT ultimately working; not as some solution that would ever work technically for the reasons you cite, but as something that could in theory provide perfect legal ammunition, regardless of Google's arrogance in believing they'd pulled a fast one.
I would wager any push to now remove this functionality is an attempt to try and avoid the inevitable legal consequences of willfully ignoring a user request not be tracked which is a legal right under GDPR, and likely many other data protection legislation across the globe. It's for this reason that this feature MUST stay because ad networks can not pretend they somehow have user agreement to track people, by keeping this in, and continuing to ignore it ad networks are admitting that they're tracking users against their will, which again, in some jurisdictions is almost certainly now illegal. If the feature is removed then ad networks can once again play ignorant and pretend they didn't know a user did not want to be tracked.