'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything

An anonymous reader quotes a report from Gizmodo: When you go into the privacy settings on your browser, there's a little option there to turn on the "Do Not Track" function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop a porn site from keeping track of what she watches, or keep Facebook from collecting the addresses of all the places she visits on the internet, or prevent third-party trackers she's never heard of from following her from site to site. According to a recent survey by Forrester Research, a quarter of American adults use "Do Not Track" to protect their privacy. (Our own stats at Gizmodo Media Group show that 9% of visitors have it turned on.) We've got bad news for those millions of privacy-minded people, though: "Do Not Track" is like spray-on sunscreen, a product that makes you feel safe while doing little to actually protect you.

Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn't respect DNT, it does "provide multiple ways for people to control how we use their data for advertising." (That is of course only true so far as it goes, as there's some data about themselves users can't access.) From the department of irony, Google's Chrome browser offers users the ability to turn off tracking, but Google itself doesn't honor the request, a fact Google added to its support page some time in the last year. [...] "It is, in many respects, a failed experiment," said Jonathan Mayer, an assistant computer science professor at Princeton University. "There's a question of whether it's time to declare failure, move on, and withdraw the feature from web browsers." That's a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place. Only a handful of sites actually respect the request -- the most prominent of which are Pinterest and Medium (Pinterest won't use offsite data to target ads to a visitor who's elected not to be tracked, while Medium won't send their data to third parties.)

Out of Band Solutions are the Only Way

[Kunedog]

Same is true of on-site privacy settings. Simply asking a site to behave does nothing. Enforce it by blocking their servers, and deleting their cookies. Don't use the site at all, if practical.

Microsoft killed any hope by violating the standar

[raymorris]

The major advertisers had agreed to follow the standard. Then Microsoft quickly killed any chance of that happening by violating the standard in their browser. The agreement was that users could actively choose send DNT, selecting privacy over customization.

Microsoft made it the *default* setting, so a DNT header was sent for everyone, though most people have never heard of it. There is no chance that sites would a) degrade their site and b) lose money, by default, for every Windows user. Once Microsoft did that, the only reasonable thing for sites to do was ignore it.

Had Microsoft NOT violated the standard by setting it as the default, there would at least be a chance the the advertisers would have respected it for the small percentage of users who actively made that decision.

Donut Track

[mentil]

Ironically, the 'do not track' bit can be used as a piece of data to help track people.
All along, the hope was that governments would mandate respecting the 'do not track' flag. AFAIK no such thing has happened anywhere. If there are no big business interests behind it (a la Net Neutrality) it's very unlikely politicians will pay attention to it. OTOH, Congress is currently looking into privacy issues regarding Google and Facebook, so now would be the time to push the US govt. to mandate respecting the DNT flag.

Re:Microsoft killed any hope by violating the stan

[ChatHuant]

You say Microsoft broke DNT because they actually used the header, so poor tracking networks had no choice but ignore it. You don't seem to realize that your complaint is a real life example of a catch 22: ad slingers promise they'll respect the DNT header only as long as users promise not to use it.

The reality behind this absurd design is more interesting: the alleged "standard" had never been anything more than a publicity stunt orchestrated by Google and their (at that time) lapdog Mozilla. The reason why they did that was to block a competing DNT mechanism, proposed by Microsoft as a W3C standard. Microsoft's design stopped your browser from connecting to a tracker site completely. It didn't rely on the tracker's good will and honesty; it was a pro-consumer, not pro-ad industry solution.

Google realized the danger, and proposed a different mechanism (the current "standard"). Via their membership in the Digital Advertising Alliance and other ad industry groups (participants in the W3C's standardization commitee), they forced it through, with great fanfare, thus blocking the consumer-friendly alternative.

The ridiculousness of the design was obvious at the time. Just a few things: it's impossible to enforce your settings against a non-cooperating site. It's impossible to even confirm whether your request is being honored. There's no mechanism for a site to notify you in advance that it won't respect the DNT header. Add the fact that it's opt-out (leaving the less-technical majority of users unprotected by default), and it's pretty clear who the "standard" was for - hint: it was not for consumers.

If you want to blame somebody, you should pick Google and Mozilla. All Microsoft did is call the ad industry's bluff and expose Google's DNT for the lie it always was.

Re:Sexist BS.

[Waffle+Iron]

I'm sure that it was placed there purposefully to trigger uptight twits such as yourself.

Re:Microsoft killed any hope by violating the stan

Yep, I agree. This is one example of a time where Microsoft did exactly the right thing - privacy by default, and was one of the most shameful aspects of Mozilla's downfall, refusing to support privacy by default. For me, this was a major factor in dropping Firefox, as soon as it became abundantly clear that they favoured large ad networks over the user using logically invalid and morally bankrupt arguments to justify their stance it was ultimately the icing on the cake that pushed me over the edge having already lost patience with the technical ineptitutde of Firefox's staff through their repeated failure to secure their browser, fix memory leaks, and maintain decent performance on top of the general UI design failings as it went down hill.

The one thing that hasn't happened with DNT yet that really needs to happen is a big court case - I'd wager if you've set your browser to tell a site to not track you, but it does so anyway through wilful refusal to acknowledge your request then there's a fairly easily winnable case here, at least in the EU, certainly under GDPR this would now be seen as wilful infringement.

This for what it's worth is how I always saw DNT ultimately working; not as some solution that would ever work technically for the reasons you cite, but as something that could in theory provide perfect legal ammunition, regardless of Google's arrogance in believing they'd pulled a fast one.

I would wager any push to now remove this functionality is an attempt to try and avoid the inevitable legal consequences of willfully ignoring a user request not be tracked which is a legal right under GDPR, and likely many other data protection legislation across the globe. It's for this reason that this feature MUST stay because ad networks can not pretend they somehow have user agreement to track people, by keeping this in, and continuing to ignore it ad networks are admitting that they're tracking users against their will, which again, in some jurisdictions is almost certainly now illegal. If the feature is removed then ad networks can once again play ignorant and pretend they didn't know a user did not want to be tracked.

What a strange idea.

[jd]

It's odd that it doesn't happen in other languages. It's even odder that nobody actually proposes it for English. It's fascinating that gender-neutral defined the poetry and fluidity of English for its first thousand years, with the whining by the right being limited to the last ten.

It's almost as if people want to create an insult to a subject they don't understand. They try their best, but fail miserably.

It's complaints like this that make me despair of humanity. Honestly, Slashdot used to have intelligent geeks. Maybe it still does, relative to the population. Jumping off a bridge has more appeal than this crap.

Re: sunscreen

[0111+1110]

I was hoping to see a link to sunscreen testing that showed for some strange reason...but there is probably some fragment of truth to the author's strange assertion. The best sunscreens use minerals like zinc or iron to physically block the UV and I havent seen mineral based formulations that are thin enough to spray. I wonder if she was paid to make that comment by shady, cream based sunscreen manufacturers