Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Proposes 'Do Not Track' HTTP Header

CmdrTaco posted more than 3 years ago | from the yeah-we-promise dept.

Mozilla 244

MozTrack writes "The emergence of data mining by third party advertisers has caused a national debate from privacy experts, lawmakers and browser supporters. Mozilla's Firefox, a popular browser company, has proposed a new feature that will prevent people's personal information from getting mined and sold for advertising. The feature would allow users to set a browser preference that will broadcast their desire to opt-out of third party, advertising-based tracking. It would do this via a 'Do Not Track' HTTP header with every click or page view in Firefox."

cancel ×

244 comments

Great idea but not likely to happen (4, Insightful)

InsaneProcessor (869563) | more than 3 years ago | (#34983140)

Advertisers and tracking services will fight this to the bitter end.

Re:Great idea but not likely to happen (0)

Anonymous Coward | more than 3 years ago | (#34983168)

Yea, it's a cool idea, but the other two largest browser makers have a vested interest in this functionality not existing, which makes widespread adoption pretty unlikely.

Re:Great idea but not likely to happen (5, Insightful)

ByOhTek (1181381) | more than 3 years ago | (#34983170)

Or ignore it. I'd think it'd be fairly trivial to ignore that header, especially if there is a least one country that doesn't legally require it to be honored (and even without that, they'll probably still ignore it in countries where it is illegal).

They won't fight it, they laugh at it.

Re:Great idea but not likely to happen (5, Insightful)

kellyb9 (954229) | more than 3 years ago | (#34983198)

Along the same lines, this would probably make the issue worse. Based on that tag, people are going to simply assume security and privacy where there is none.

Re:Great idea but not likely to happen (4, Insightful)

Tisha_AH (600987) | more than 3 years ago | (#34983664)

I see where Mozilla is coming from. They are looking at how many folks do not like being tracked and the popularity of programs like Adblock Plus, NoScript, etc...and are trying to add some of that functionality into the browser. Not a bad idea as there are significant numbers of folks who do not put any enhancements into their Firefox install other than some dumb toolbar. As Firefox will appeal to more and more non-technical types there would be some benefit to adding that functionality up front.

You can bet that the IE crowd will say that their browser works better and only compare the base load of Firefox.

The "do not track" header is a fine idea but it will only work for those sites that play by the rules.

Most don't.

Even with the additional "don't track header" capability I will not throw caution to the winds. I will continue to use Adblock Plus, NoScript and a few other tools.

Re:Great idea but not likely to happen (2)

bhcompy (1877290) | more than 3 years ago | (#34983858)

Not to mention that it can be used to prevent access to sites. I've been on sites that block access if you use Adblock or NoScript. Not sure how they recognize it(because I never tried to look), but they do

Re:Great idea but not likely to happen (2, Interesting)

Anonymous Psychopath (18031) | more than 3 years ago | (#34984094)

Not to mention that it can be used to prevent access to sites. I've been on sites that block access if you use Adblock or NoScript. Not sure how they recognize it(because I never tried to look), but they do

Objectively, if I'm funding my site with advertising and you block it, why should you be allowed to access my content?

Re:Great idea but not likely to happen (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34984284)

That is a valid point, but isn't any more objective than the OP.

Though if they refuse to click on any ads, then why would it matter if you show it to them? Aren't all ads based upon the click, and not just the view these days?

Personally, I don't see the problem with either view as long as it is stated up front (with a page that says you must turn off adblock to see this content, or such). I skip those sites as not worth my time, but I don't begrudge them their choice.

Re:Great idea but not likely to happen (4, Insightful)

fredjh (1602699) | more than 3 years ago | (#34983564)

Agreed... opt out is BS, it should ALWAYS be opt-in, and default browser behavior should be to NOT send such information at all.

Re:Great idea but not likely to happen (4, Informative)

jimicus (737525) | more than 3 years ago | (#34983888)

Not to send what exactly? Were browsers to not send cookies by default, they'd break an awful lot of websites for the majority of their users. It's fairly fundamental to HTTP that it's not stateful between requests - cookies allow applications to work around that issue.

Re:Great idea but not likely to happen (2)

commodore6502 (1981532) | more than 3 years ago | (#34983690)

I think you're too pessimistic. The "Do Not Call" list was effective in stopping telemarketers, even though they are not required to obey that list if they are outside the US. This "Do Not Track" header could be similarly effective.

>>>Mozilla's Firefox, a popular browser company,

Don't forget Mozilla Netscape, Mozilla Seamonkey (firefox/thunderbird/composer merged), and Mozilla Camino for Macs..... also popular browser "companies". ;-)

Re:Great idea but not likely to happen (1)

Lazareth (1756336) | more than 3 years ago | (#34984056)

The very key difference being that telemarketers were calling from within the same country as their targets. Internet advertisement and data mining is completely different to telemarketing.

Re:Great idea but not likely to happen (1)

hedwards (940851) | more than 3 years ago | (#34984126)

I think you're too pessimistic. The "Do Not Call" list was effective in stopping telemarketers, even though they are not required to obey that list if they are outside the US. This "Do Not Track" header could be similarly effective.

I think that's the problem. It would cut down on the tracking by more or less legitimate firms, but it wouldn't do anything about the ones that are offshore and lacking in scruples.

And the offshore ones are the ones causing the biggest headaches at present with spam.

Re:Great idea but not likely to happen (1)

TheRealGrogan (1660825) | more than 3 years ago | (#34983912)

Especially since it will be ignored by "default". You can arbitrarily inject headers into requests, but the web servers and sites people are running won't recognize them until they are taught to.

Also, last time I checked, the Mozilla foundation wasn't in any sort of law making position so the chances of it being "legally required" in any country, let alone all countries, are pretty slim. Especially when the resident evil, Microsoft, will be against it. (For their "partners" and themselves)

No, I'm afraid the current technique of blocking advertising sites will be the only effective solution. Perhaps Mozilla could add that functionality to the main browser for those who choose to enable it. (If they have the balls, that is. It would certainly piss off webmasters)

Re:Great idea but not likely to happen (1)

SCHecklerX (229973) | more than 3 years ago | (#34984140)

Yup. Looks like Mozilla is taking the "Evil Bit" seriously, and creating their own "Good Bit".

Cute.

Re:Great idea but not likely to happen (4, Insightful)

gstoddart (321705) | more than 3 years ago | (#34983180)

Advertisers and tracking services will fight this to the bitter end.

Or, ignore it and use it as one more piece of data about you.

They're more likely to disregard it than to fight it.

Re:Great idea but not likely to happen (0)

drunkennewfiemidget (712572) | more than 3 years ago | (#34983204)

More likely is they'll just find a way to ignore/work around it.

Re:Great idea but not likely to happen (1)

idontgno (624372) | more than 3 years ago | (#34984224)

Worse yet... they'll treat it as another piece of marketing demographic metadata, tagging the sucker (I mean browser user) as concerned with privacy and security... a perfect mark (I mean potential customer) for antivirus software, network security products, and privacy protection services.

Re:Great idea but not likely to happen (0)

CouchP (769984) | more than 3 years ago | (#34983384)

I imagine they would actually welcome it. Wouldn't it mark precisely the packets that were most usable by these services?

Re:Great idea but not likely to happen (2)

anyGould (1295481) | more than 3 years ago | (#34983394)

Advertisers and tracking services will fight this to the bitter end.

Nah, they'll just ignore it - it's just a header, and has no mechanics for ensuring that the reciever (a) gets it, (b) knows what it means, or (c) does anything in particular with it.

Re:Great idea but not likely to happen (1)

Ancantus (1926920) | more than 3 years ago | (#34983412)

But you cannot deny this is a good start. If Firefox can initiate a standard for a Do Not Track. Perhaps Congress can bind it with the No Tracking Bill, and make it so users who wish to opt out wont have to hunt around for a damn check box all over creation. This can't do any harm, and has a possibility of making everyone's life a whole lot easier.

Re:Great idea but not likely to happen (3, Insightful)

geminidomino (614729) | more than 3 years ago | (#34983666)

But you cannot deny this is a good start

Yes, you can. It'd be stillborn, at best.

If this gets implemented, the marketroids ignore it.
If it gets legislated, the marketroids pay the custom-built law fees to make sure it's completely useless (a la "[You ]CAN SPAM")

End result: Delta = 0

Re:Great idea but not likely to happen (1)

hedwards (940851) | more than 3 years ago | (#34984162)

CAN SPAM wasn't useless, it's been far more useful than doing nothing. It just turns out that there's a limit to what legislation in America can do with a problem which originates outside our borders.

CAN SPAM has however cut down on people outside of organized crime spamming.

O RLY? (4, Informative)

DragonWriter (970822) | more than 3 years ago | (#34983468)

Advertisers and tracking services will fight this to the bitter end.

Google, as well as other major online ad and tracking services, already support [blogspot.com] "Do Not Track" mechanisms with similar functionality.

Re:O RLY? (1)

Unequivocal (155957) | more than 3 years ago | (#34983950)

Plus an alternative is already being proposed for a federal rule or regulation: http://www.ftc.gov/opa/2010/12/dnttestimony.shtm [ftc.gov]

I like their way better which would work along the lines of a the central "do not call" registry. I register in one place and advertisers must wash their lists against these users. With an http header, I think the burden is higher to implement b/c you have to integrate it into your webstack. With a registry, you can keep all the data, but must wash it before you use it give it to the marketing dept for analysis. Seems easier to me anyway.

Re:Great idea but not likely to happen (0)

Andy Dodd (701) | more than 3 years ago | (#34983870)

In the event that it is made law that a site must respect the "do not track" header, many sites may simply refuse to serve those who have it enabled.

Re:Great idea but not likely to happen (1)

hedwards (940851) | more than 3 years ago | (#34984190)

Doubtful. While it pays better to use ads that are targeted based upon tracking, I doubt that many sites are going to be doing that. Google will doubtless support the change pretty quickly, and with them the rest of the ad industry. Haven't you noticed all that JavaScript that gets loaded from another server for ads?

Re:Great idea but not likely to happen (1)

on (180412) | more than 3 years ago | (#34983990)

Advertisers and tracking services will fight this to the bitter end.

....and if this is ratified as a web standard, governments could simply enforce honoring such headers by law. In Norway, a national register [brreg.no] has been in place for years where registered citizens opt-out from fax and voice spam. Norway also have laws which prevents advertisers from filling your (physical) mailbox with junk (you just place a sticker on your mailbox).

WAT? (5, Funny)

Anonymous Coward | more than 3 years ago | (#34983148)

"Mozilla's Firefox, a popular browser company"

Why bother (2)

wiredlogic (135348) | more than 3 years ago | (#34983152)

What would be the point. It isn't enforceable and even if laws were passed, you can circumvent it by tracking from an offshore server.

Re:Why bother (1)

winkydink (650484) | more than 3 years ago | (#34983626)

What would be the point. It isn't enforceable and even if laws were passed, you can circumvent it by tracking from an offshore server.

Sure. As long as you don't want to do business in the US.

Re:Why bother (3, Funny)

TheEyes (1686556) | more than 3 years ago | (#34983806)

What would be the point. It isn't enforceable and even if laws were passed, you can circumvent it by tracking from an offshore server.

Sure. As long as you don't want to do business in the US.

People still do business in the US?

Re:Why bother (0)

Anonymous Coward | more than 3 years ago | (#34984090)

As long as you don't want to do business in the US.

A prospect that becomes easier and more appealing each day.

Right... (1, Insightful)

Pojut (1027544) | more than 3 years ago | (#34983154)

...because the do not call list totally works.

All kidding aside, I'm sure something like this would work for a little while, but just like the do not call list, advertisers will find some way around it. By the way...advertisers? When you call me or spam me via email, I make sure to AVOID your products...and I'm confidant I'm not the only one.

Re:Right... (2, Funny)

Pojut (1027544) | more than 3 years ago | (#34983188)

Confident, even!

Re:Right... (1)

Phrogman (80473) | more than 3 years ago | (#34983228)

You are not the only one. When I get saturated with advertising for a product - I remember the product, and avoid buying it afterwards. So they achieve their goal of having me remember their product, but they also piss me off so much I won't ever be a customer.

Advertising is just Capitalist propaganda.

Re:Right... (1)

Riceballsan (816702) | more than 3 years ago | (#34983980)

People like you and me may reverse our purchasing decisions based on our view of politics and such. Same reason I will never buy a PS3 or anything from sony (actually my sony boycott began way back at the rootkit CDs incidents). However you do have to keep in mind 99.999999% or so don't care. Hell even the friend of mine who's computer I spent a weekend fixing after the sony rootkit mixed with a virus on his computer, owns a PS2 and a PS3 now, hell he still buys sony music CDs.

Anyway all this ranting is giving me a headache,
I need to go buy some head-on and apply it directly to my forehead.

Re:Right... (1)

Lazareth (1756336) | more than 3 years ago | (#34984212)

Unfortunately, while you're not alone, you're still a statistic anomaly. Bad exposure is still exposure. Statistics shows that it is way better to piss off a few who abhor aggressive advertisement anyway in favour of many people remembering your product. So long as you don't do anything distinctly alienating to your target group, you're golden if they first think of your product before any other product when considering bying that kind of product.

Re:Right... (0)

Anonymous Coward | more than 3 years ago | (#34983346)

...because the do not call list totally works.

It works pretty well. My junk calls have dropped by 80%+. Now it's charities, politicians, surveys, and the occasional scammer: "Card Services" offering to lower my CC rates, companies wanting lower my mortgage, test my water quality, "free" travel to attend time share presentations (time shares are a scam), etc....

Re:Right... (0)

Anonymous Coward | more than 3 years ago | (#34983474)

The Do Not Call list worked like a charm for me. I signed up as soon as it went live. I used to get 3 or 4 calls a day from spammers, now I might get one a week.

This Do Not Track would probably work for the major guys which is who I'm really worried about anyway. Google, Microsoft, Amazon, Apple, my ISP, [Insert_Big_Evil_Corporation_here], etc. would probably honor it, they're too big not to and they're the ones I'm most concerned about (especially Google).

Re:Right... (3, Interesting)

Belial6 (794905) | more than 3 years ago | (#34984178)

While the 'Do Not Call List' has not been 100% effective, it had turned the tide dramatically. The number of telemarketing calls I get went from 2-3 every day before the list was implemented to 2-3 per month after. That's not bad. Of course, that is not counting the political spam that got a free pass on the 'Do Not Call List'.

As much as people here on Slashdot like to complain that this flag would do no good, and point to the 'evil bit' proposal as a joke, they seem to forget the robots.txt that seems to have been pretty darn effective. Specifically telling sites that you do not agree to be tracked sets a non-legal boundary to start a discussion. Illegal is not the same as evil. It is perfectly acceptable to avoid businesses because of evil behavior. Right now, you can't really get a consensus on tracking being evil. Most people would be able to agree that tracking someone when they explicitly requested not to be tracked is evil. While being directly and demonstrably linked to a specific evil act might not matter to the small website, bigger sites might find it less appealing. If, and this is a big 'if', ad revenue drops more from bad publicity for tracking than it does from using non-tracking advertising, larger sites might choose to use the non-tracking version.

There seems to be a weird myth on the internet that one must track to advertise, even though TV, magazines, billboards, etc, etc... have been advertising for generations without tracking. Somehow, even people that should know better have fallen for the "it's totally different because it's ON A COMPUTER" when it comes to ads.

Good idea (4, Interesting)

Anrego (830717) | more than 3 years ago | (#34983158)

The problem is that sites would be justified (imo) to then not offer you service based on this.

“We support this site with ad revenue. Tracking is part of that. No Tracking, no service”.

This is fine really. People aren’t entitled to web content. In many cases your privacy is what you are trading for it, and you should be made aware of this and have the option to decline. This kind of header (and possibly others like it) would let you specify in what you are ok with, and let a site then decide whether it’s enough to grant you access.

The problem is that people don’t like this... they want the privacy _and_ the content.. so people would probably just go back to using ad-blockers and cookie deleters as soon as they start getting rejected access messages.

Of course the opposite could happen as well. Web traffic could plummet as everyone enables the feature.. causing a site owner to re-think whether web tracking makes sense for them.

Personally I don’t mind being tracked. Somewhere out there, someone has a very detailed profile of what makes me tick.. and really it’s not doing me much harm that I can see. I read an article about raising my new pet dog and I every other ad I see for the next 2 weeks is about obedience training.. creepy but doesn’t hurt me. This is a personal decision however, and I think people do have the right to be paranoid about their data and should have the option to opt out.

Re:Good idea (2, Interesting)

eepok (545733) | more than 3 years ago | (#34983276)

This was my initial response. Ad revenue is what makes the interest free (beer and speech). The site producers can pay little/no out of pocket expense to pay for hosting due to ad revenue and since they're not requiring SPECIFIC sponsorship, they do not have to follow the whims of their sponsors with their content.

I want my privacy but fully understand the value of advertising for the internet I love. So, I allow tracking... until I turn off my browser... when all my cookies and temp files are wiped. That's my happy medium. I allow advertisers to know that in the early morning, my browser surfs slashdot, google news, and whatever articles within. However, when I close my browser, that's the end of "string" of consecutive data for them. I'll allow the tracking of sessions, personally, but not me in my entirety.

Re:Good idea (1)

Americano (920576) | more than 3 years ago | (#34983612)

Good points. A lot of the "online tracking" that people seem to get so wound up about is simply allowing advertisers to target interested people with their advertisements more directly. If I spend a lot of time researching and reading about guitars (something I did recently), and I end up seeing lots of ads related to music - lessons, instrument sales, instrument service, sheet music... I really don't see a problem with that.

There are a handful of sites that I would pay a subscription fee of a few bucks a month for an ad-free / no-tracking option (Facebook, Gmail, maybe one or two others), but for most web sites, I don't begrudge them their ad revenue.

Re:Good idea (2)

Jahava (946858) | more than 3 years ago | (#34983654)

The problem is that sites would be justified (imo) to then not offer you service based on this.

“We support this site with ad revenue. Tracking is part of that. No Tracking, no service”.

This is fine really. People aren’t entitled to web content. In many cases your privacy is what you are trading for it, and you should be made aware of this and have the option to decline. This kind of header (and possibly others like it) would let you specify in what you are ok with, and let a site then decide whether it’s enough to grant you access.

The problem is that people don’t like this... they want the privacy _and_ the content.. so people would probably just go back to using ad-blockers and cookie deleters as soon as they start getting rejected access messages.

Not necessarily. By adding support for the header, an opportunity is created to write into law that advertisers (and content providers) must not track requests with this header present. Failure to do so can be penalized similarly to the "do not call" registry, with fines and/or jailtime. However, people who avoid advertisements via ad-blocking software will not be beneficiaries of such a law, and, accordingly, will never have a legally-binding guarantee that they aren't being tracked.

Like you said, advertising-based sites will likely deny service, serve a lesser ("lite") version of their site, and maybe offer an ad-free membership option that can be purchased. I agree with you; this is understandable, since they are ad-revenue sites.

Users will have three choices:

  • Omit the header ads and be tracked, but have access to ad-supported sites.
  • Include the header, be comfortable knowing you are not being tracked, have a legal avenue to pursue if you are, and be denied access to ad-supported sites.
  • Omit the header, use ad-blocking software, and be tracked while avoiding the ugly ads without any legal avenue to pursue the tracking.

This benefits both the consumer, who can now clearly state their intention and have it be legally binding. It also protects the content provider and advertisers; they can read the user's intent and know for sure whether or not their tracking and advertisements are legal, and now they have an option to offer a reasonable path to a paywalled service, as the user has to explicitly acknowledge the ad-supported nature of the site. For now, I feel that this is a great idea, and (for what it's worth) I'd likely choose the omit/ad-block path.

Re:Good idea (0)

Anonymous Coward | more than 3 years ago | (#34983954)

This would be ideal, but it will never happen. Marketing, it seems, relies on ignorance of the masses. If there's any way for them (in this case: marketeers) to get away with tracking you without letting you know, be sure that they'll find and exploit it. It's not about "rules". It's about gaining a perceived advantage by any means necessary. "Rules" is a word naive people like to use to delude themselves into a sense of false security.

Re:Good idea (1)

Anrego (830717) | more than 3 years ago | (#34984026)

Oh I'm sure lots of advertisers would just ignore the header.. and probably even use it as a datapoint, but if enough of the really big ones (aka google) implement it, would really take the teeth out of online tracking.

Re:Good idea (0)

Anonymous Coward | more than 3 years ago | (#34984002)

This is already done with current technology to detect Adblock users and show them either only a portion of the content or lock them completely out. I (and others) provide this service to multiple clients out there.

Re:Good idea (0)

Anonymous Coward | more than 3 years ago | (#34984068)

I don't know about you, but I find that any content that is offered only for the sake of advertising and tracking is completely substandard (i.e. junk). Maybe you prefer silly cartoons or the latest hot (and empty) gossip, but content that is truly worthwhile and valuable usually is presented with no strings attached.

Re:Good idea (1)

houghi (78078) | more than 3 years ago | (#34984214)

They would be justified to do that right now. I use DNS filtering, Blockad and the use of my own CSS files for some sites.
And yes, people want privacy AND the content and that should be possible as well. It used to be that content was what people wanted to show and used adds to pay for bandwith.

Now the content is just something so they can have more income from adds and users are the product they are selling. Tracking has not done anything for the customer. It is, at best, just a means of WHAT commercials you see, not how many.

Not one has said: "Well, this person is only interested in dog training, so let's NOT show him anything but that. In fact let's not show him anything at all."
So if they must force advertising upon me, I am as much interested in female hygiene products as I am in the latest Linux distribution, when it is an add. So no reason to do any tracking whatsoever.

Re:Good idea (0)

Anonymous Coward | more than 3 years ago | (#34984260)

Half the web will transition to the days of paid-services and not the "cheapo sites" with banners "everywhere".
Oh, wait, that's right, having accounts linked directly to bank accounts is WORSE IN EVERY SENSE OF THE WORD.

Mozilla are idiots, plain and simple. This idea is significantly worse.
At least with the current system, i can just erase my damn cookies. With this? Yeah, good luck getting rid of bank account traces from advertisers!
Perhaps they should learn people how to erase cookies instead of coming up with even more ways to ruin the already-hacked-to-pieces HTTP protocol!

Or, better yet, maybe people should stop being morons who think they actually have privacy when there are more documents per person out there in the real world than there is online.
God forbid these people were to find out the amount of information their head has just by being part of society, said head would implode.

People don't know what they want. I hate people. They can never make their damn minds up.
I almost wish the whole web, or a good chunk of it, would move over to paid service, then the idiots can go there and i don't need to hear about their whining since they are pay-walled in their little gardens of even less privacy.

This idea is dumb (1)

Anonymous Coward | more than 3 years ago | (#34983190)

Just proposing the idea is damaging to Mozilla's already floundering technical credibility.

RFC 3514 (5, Funny)

barko192 (959698) | more than 3 years ago | (#34983214)

Basic idea seems the same, right? http://www.faqs.org/rfcs/rfc3514.html [faqs.org]

Re:RFC 3514 (1)

coolsnowmen (695297) | more than 3 years ago | (#34984194)

I don't even have to click the link- That is exactly what I was thinking. In fact it makes trackers jobs easier. Even if the user refused all cookies and flash cookies etc, a browser is almost uniquely identifiable by all the other stuff it sends with each request: plugin versions, browser ID strings, ip, every thing you don't allow to be sent, and now this. Every element you add to this vector increases an intelligent company's ability to track you weather you like it or not.

STOP! Or I'll say STOP again! (1)

Anonymous Coward | more than 3 years ago | (#34983224)

This tag would be entirely worthless because no one would be forced to anything but discard it.

Rather than this useless addition, why not have the browsers just not send the information in the first place? Or would that make too much sense?

Re:STOP! Or I'll say STOP again! (0)

by (1706743) (1706744) | more than 3 years ago | (#34983430)

Rather than this useless addition, why not have the browsers just not send the information in the first place? Or would that make too much sense?

Well, that would make cookies useless...but then, as you're an AC, perhaps you don't believe in cookies ;)

Re:STOP! Or I'll say STOP again! (0)

Anonymous Coward | more than 3 years ago | (#34983826)

Rather than this useless addition, why not have the browsers just not send the information in the first place? Or would that make too much sense?

Well, that would make cookies useless...but then, as you're an AC, perhaps you don't believe in cookies ;)

A lot of the information in cookies is not necessary for them to serve their function.

Pointless (4, Insightful)

Angst Badger (8636) | more than 3 years ago | (#34983226)

All this will do is provide another data point for marketers.

Re:Pointless (4, Funny)

Pojut (1027544) | more than 3 years ago | (#34983284)

I can hear the board meeting now.

"Well sir, our numbers indicate fourty-six million people out there are using the "do not track" header...we think that's a great base to start our 'Tired of Being Targeted?' ad campaign..."

Re:Pointless (1)

chichilalescu (1647065) | more than 3 years ago | (#34984282)

I laughed for at least a full minute.
Anyway, when I realize that some people would actually say that and mean it, I can understand why americans like to have guns. "Second Hand Lions" (good movie by the way) had a pair of loonies who regularly shot at traveling salesmen.
one of the reasons I love slashdot is that it's the place I found out about noscript.

Great idea! (4, Interesting)

Locke2005 (849178) | more than 3 years ago | (#34983240)

This will obviously be just as effective as the IP header evil bit proposed in RFC 3514 [ietf.org] !

Don't track me bro (3, Funny)

Culture20 (968837) | more than 3 years ago | (#34983248)

The "don't tase me bro" kid got tased anyway.

"Mozilla's Firefox" (3, Informative)

supersloshy (1273442) | more than 3 years ago | (#34983264)

Mozilla's Firefox, a popular browser company

...Do I even need to say what is so wrong with this?

Eh, I will anyways:

  • Mozilla is a non-profit organization (though they do have a subsidiary named Mozilla Corporation, the profits from that go directly to Mozilla Foundation)
  • Firefox is a browser, not a browser company; they're thinking of Mozilla Corp/Foundation

Given how popular Google and Wikipedia are these days, mess-ups like this should have completely vanished by now.

Re:"Mozilla's Firefox" (0)

Anonymous Coward | more than 3 years ago | (#34983374)

"Mozilla's Firefox, a family of partially related browser products"

FTFY

fun (0)

albertowtf (1982568) | more than 3 years ago | (#34983362)

fun ff addon... dont leave homepage without it https://addons.mozilla.org/7en-US/firefox/addon/refcontrol/ [mozilla.org]

Re:fun (1)

LeRaldo (983244) | more than 3 years ago | (#34983734)

I use this addon, and it works great.

Already exists. (2)

Civil_Disobedient (261825) | more than 3 years ago | (#34983366)

They've already developed a "DO NOT TRACK" bit, but you might have missed it because it's labeled different: it's called "DO NOT VISIT."

Why do people get so fundamentally stupid about the web in particular? If, for example, every store you visit tracked your comings & goings and your purchase history, would you still scream bloody murder? NO, because they all already do this and nobody seems to give a rat's ass. But on the Big, Scary Internet the rules are somehow all different.

Re:Already exists. (4, Insightful)

Mr. Slippery (47854) | more than 3 years ago | (#34983568)

If, for example, every store you visit tracked your comings & goings and your purchase history, would you still scream bloody murder? NO, because they all already do this and nobody seems to give a rat's ass.

Pardon? I would indeed be upset if every store I visited tracked my comings and goings and purchase history, especially of they coordinated with other stores to build a profile in order to figure out how best to manipulate my purchasing preferences. That's why I usually pay cash, and never use one of those "please spy on me" (a.k.a. "customer loyalty") cards at any chain store.

There are a handful of independent businesses that I frequent where I know the owners or employees and they know me and my preferences -- great, that's a symmetric and respectful relationship. Doubleclick sneaking cookies on to my browser so they can sell my habits to the highest bidder, is not.

Re:Already exists. (2)

Zangief (461457) | more than 3 years ago | (#34983994)

Because advertising is annoying.

Believe me, if I could wear magical glasses that adblocked ads in real life, I fucking would.

Already exists? (3, Informative)

mukund (163654) | more than 3 years ago | (#34983396)

Using Firefox + Adblock Plus + NoScript:

No. Time Source Destination Protocol Info
          27 3.918190 10.4.12.92 216.34.181.48 HTTP GET /story/11/01/24/1657252/Mozilla-Proposes-Do-Not-Track-HTTP-Header HTTP/1.1

Frame 27 (582 bytes on wire, 582 bytes captured)
Linux cooked capture
Internet Protocol, Src: 10.4.12.92 (10.4.12.92), Dst: 216.34.181.48 (216.34.181.48)
Transmission Control Protocol, Src Port: 34619 (34619), Dst Port: http (80), Seq: 1, Ack: 1, Len: 514
Hypertext Transfer Protocol
        GET /story/11/01/24/1657252/Mozilla-Proposes-Do-Not-Track-HTTP-Header HTTP/1.1\r\n
        Host: tech.slashdot.org\r\n
        User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Fedora Firefox/3.6.12\r\n
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
        Accept-Language: en-us,en;q=0.5\r\n
        Accept-Encoding: gzip,deflate\r\n
        Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
        Keep-Alive: 115\r\n
        X-Do-Not-Track: 1\r\n
        Referer: http://slashdot.org/ [slashdot.org] \r\n
        Connection: keep-alive\r\n
        Cache-Control: max-age=0\r\n
        \r\n

Oh and Slashdot, how the heck am I supposed to post on your system when I'm behind my ISP's NAT and someone else has already beat me to it?

Re:Already exists? (0)

Anonymous Coward | more than 3 years ago | (#34983988)

Oh and Slashdot, how the heck am I supposed to post on your system when I'm behind my ISP's NAT and someone else has already beat me to it?

Probably by not having such a shit ISP.

Re:Already exists? (1)

kelemvor4 (1980226) | more than 3 years ago | (#34984244)

Sorry, only one voice per ISP at Slashdot today :)

Oh NO! (1)

Arancaytar (966377) | more than 3 years ago | (#34983402)

Spammer: "How shall we ever continue our illegal data-mining now that people can ask us nicely not to abuse their privacy?

Our evil plan is foiled!"

Seriously? (1, Insightful)

mounthood (993037) | more than 3 years ago | (#34983420)

This seems like a bad joke - the "Evil bit" but for http headers. It must be a political move, trying to set the boundary for debate.

If this is serious it's a terrible idea: it'll be on by default for everything so it's not a compromise (and could therefore be done with laws banning the tracking); all older software that doesn't send this header would be fair game; sites will simply refuse content unless you turn it off (see AdBlock).

Who? What? When? (0)

Anonymous Coward | more than 3 years ago | (#34983426)

Not sure if this is a Mozilla originated proposal or not. Could someone familiar with the issue summarize events since Sept. 2010?

http://33bits.org/2010/09/20/do-not-track-explained/

http://donottrack.us/

http://hackademix.net/2010/12/28/x-do-not-track-support-in-noscript/

How long before this is a fee based service? (1)

realsilly (186931) | more than 3 years ago | (#34983434)

If airlines can charge a passenger for luggage to fly with them for your vacation, how long before websites or browsers sell you this as a service or charge it as a fee to use their service.

I detest that everywhere I turn there is some sort of Advertising shoved down my throat. And as a citizen of the US, I would like to see the citizens stand up for our civil rights a bit more and tell the corporations and the government to back the heck off. It reminds me of the movie Wall-E. As you see Wall-E traverse the area he works, there is nothing but advertisments everywhere. Are we really headed there?

Why must every product I purchase now force me to see and ad for something else? /sigh

Re:How long before this is a fee based service? (1)

Reziac (43301) | more than 3 years ago | (#34983800)

I think this huge expansion of the ad industry is inversely proportional to other industry that produces actual goods for sale -- we've lost so much of that to the 3rd world, there's nothing left to sell but *potential future sales*.

Size matters (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34983466)

It doesn't have to be 100% effective. The biggest trackers are Google and Facebook. They are large companies that need to comply with the law and with standards.

Obviously something like this is useless if even Facebook ignores it but otherwise it would be quite a handy supplement to my array of NoScript/Adblock+/Ghostery. Sure, many smaller, less reputable companies will ignore it but when it comes to tracking, size matters.

Much simpler way (1)

shish (588640) | more than 3 years ago | (#34983470)

If you don't want anyone to know your IP address, just stick 0.0.0.0 into the IP "source" field. Just as realistic, and far more effective than spamming your details then politely asking people to forget them.

Re:Much simpler way (1)

Anonymous Coward | more than 3 years ago | (#34983798)

As the owner of 0.0.0.0/0, I hereby request that you cease and desist in distributing our IP.

Hereby I propose the "Do really not track" header (1)

Anonymous Coward | more than 3 years ago | (#34983478)

...and

  • the "Do REALLY not track this time" header
  • the "Do REALLY not track this time, honestly" header
  • the "Do REALLY absolutely not track this time, honestly" header
  • the "Do REALLY absolutely not track this time, honestly, seriously" header

Quickly: What's wrong with that?

Welcomed! (1)

hesaigo999ca (786966) | more than 3 years ago | (#34983532)

A nice feature that will be welcomed if they can push to have it standardized by everyone, especially M$

Good idea (1)

countertrolling (1585477) | more than 3 years ago | (#34983548)

Now all I have to do is track all the "do not track" headers.

UNENFORCEABLE (0)

Anonymous Coward | more than 3 years ago | (#34983576)

Unenforceable rules are useless!!!

Evil Bit (2)

The MAZZTer (911996) | more than 3 years ago | (#34983640)

With a penalty behind it (a la Do Not Call) it could work, otherwise it's about as effective as the TCP packet evil bit.

Personally I would encourage people to proactively block advertisers using existing tools such as AdBlock and NoScript. That way you don't have to trust the advertisers not to track you.

1 of 2 (1)

Dreth (1885712) | more than 3 years ago | (#34983714)

This could be a huge turn for companies that make a living out of the loopholes of the Internet from yesteryear, which can either stop doing their data-mining or change they way they do their data-mining. Quite possibly a more obtrusive way.

OR

This could just be a placebo, so that us semi-geeks (the ones that read these things and are aware of them but aren't really attracted to ACT upon it) can sit back and look at the rest shut up about it for a little while.

Cat got my tongue. (1)

Anonymous Coward | more than 3 years ago | (#34983780)

I would track those with the header set even more.

Why spend time ideas unlikely to succeed (1)

oobayly (1056050) | more than 3 years ago | (#34983842)

You still have to trust the host not to track you.

As an aside, what I *would* like to see is an attribute added to the tag which allows you to specify the IME for mobile devices. It's not to much to ask for is it?

It's a politcial solution, not a technical one (3, Insightful)

guanxi (216397) | more than 3 years ago | (#34983844)

This is a great idea. Other posters are right that website operators won't be technically forced to respect the Do Not Track request, but this is a political solution, not a technical solution, and politics is how this needs to be resolved.

Currently, users have no voice. They can't tell websites not to track them except by cumbersome means such as sending emails to the operators. Even then, it's only one email from one user. Website operators can assume that there's no desire for privacy -- in fact it's something they publicly argue.

But clicking the DNT checkbox is much easier. Now the websites are confronted with millions of users, maybe hundreds of millions, requesting 'Do Not Track me'. Ignoring their reasonable requests would be bad for business, for reputation, and most importantly, for politics. If the websites don't comply to a reasonable request from a large number of their constituents, legislators will pass laws to force them. If most websites do comply, then the few who don't will be the odd ones out and face even greater risks to their business.

Just as importantly, DNT raises awareness. I know of few typical end users who are aware of tracking or understand its importance and implications. DNT will at least make them aware that tracking is an issue and that it's important enough that somebody with authority someplace thought they should be able to opt out of it.

(I don't think there's a technical solution to tracking. The value of tracking the (1 billion?) people on the web is great enough that any security measure will be overcome.)

First, bring back the solutions we had (2)

MobyDisk (75490) | more than 3 years ago | (#34983852)

I would like to restore the privacy options we already had, that have been eroded:
- Stop browsers from accepting 3rd-party cookies by default (I'm looking at YOU Firefox!)
- Clear cookies daily. This used to be a Firefox option, now unavailable. If logging in once a day is too often, you misunderstand the concept of "password"
- Any plug-ins need to follow these same rules. Ex: Flash "cookies"

Too Little Too Late (0)

Anonymous Coward | more than 3 years ago | (#34983872)

The problem, once again, is that the relevant authorities had completely lacked the foresight to outlaw the practice of tracking at the very beginning when it would have been most productive. At the very outset of the new cyber world, Internet connections should have been perceived as sacred with no data collection to be permitted or shared.

But this did not happen. As a result, these third-party tracking companies (with their dubious claims of effectiveness) have grown too large and too widespread to effectively combat. Any attempt to impose anti-tracking methods or legislation will now be met with serious resistance.

We cannot reap what we have failed to sow.

Like X-No-Track (1)

La Gris (531858) | more than 3 years ago | (#34983918)

X-No-Archive despite the X is the admitted standard on Usenet to opt out of post archive. But nowadays, I won't bet two cents on a such "standard" gaining consensus.

They're only doing this to avoid regulation. (2)

northstarlarry (587987) | more than 3 years ago | (#34983964)

Like Microsoft last month, and other browser makers soon to follow, Mozilla is only doing this so that the FTC doesn't force them to [google.com] . The FTC proposed this and essentially said to everyone "Do this on your own or we'll write a spec for it and you won't like it."

How About a "Please Be Nice To Me" Header? (0)

Anonymous Coward | more than 3 years ago | (#34983992)

It can read:

Well, golly gosh jeepers, guys. It shore would be nice of you to be nice. C'mon guys, really...

Oh yeah, an HTTP header. That'll do the trick. (1)

The O Rly Factor (1977536) | more than 3 years ago | (#34984016)

You had better not track me, OR ELSE!

Missing the point (1)

empiricistrob (638862) | more than 3 years ago | (#34984042)

This move by mozilla is genius. Have you seen the kinds of things lawmakers are talking about, e.g. making it illegal for website to track customers? By proposing a much better mechanism Mozilla will hopefully prevent any sort of crazy no-tracking legislation from becoming law.

Of course these headers wont be universally honored -- that's not the point. If lawmakers find this solution to be inadequate the most likely scenario is they will mandate that website honor this header, which would be WAY better than the alternative of lawmakers unilaterally deciding how this should work.

Three cheers for the effort (1)

QuincyDurant (943157) | more than 3 years ago | (#34984098)

Cheers to Mozilla for trying to start this conversation outside the narrow walls of Slashdot. The proposed solution may be ineffective or even have adverse unintended consequences, but the problem is real. Internet tracking is beyond intrusive; it's dangerous. The same techniques used for arguably legitimate purposes by advertisers can (and are) used by malware authors.

Most web users, simply aren't aware of the potential danger of simply pointing and clicking. Market research and advertising are essential to capitalism; they help buyers and sellers find one another. But there must be limits. If television advertisers could peer back at us in our living rooms and measure the pupils of our eyes, I suspect there would be an outcry loud enough for end-users to hear.

This won't really stop anything (1)

Dracos (107777) | more than 3 years ago | (#34984100)

This is a passive measure which relies on the second party for compliance, much like robots.txt. You can put as many denials as you want in there, but the "bad bots" will ignore it, if they even request it at all. The data miners will do the same, it would be in their interest to ignore this header.

Personally, I'll keep adding lines to my hosts file.

Or rewrite your headers! (0)

Anonymous Coward | more than 3 years ago | (#34984246)

I still use Proximitron to rewrite all my headers and cookies. I like sending "I am a cookie, eat me!" and other items like "Browser is nunya Bidness". But then again Yahoo Mail doesn't recognize my browser.. :)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...