Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AP Adopts Firefox's 'Do Not Track'; Others On the Way

timothy posted more than 2 years ago | from the stop-staring-at-my-body dept.

Advertising 80

theweatherelectric writes "As noted by the Mozilla Blog, the AP News Registry is the first large scale service to support the Do Not Track (DNT) feature of Firefox 4 and Internet Explorer 9. They write, 'The Associated Press (AP) is the first company to deploy DNT on a large scale, and it only took a few hours for one engineer to implement. The AP News Registry tracks 1 billion impressions of news content, with 175 million unique visitors per month, and has membership with more than 800 sites. When consumers send a DNT preference via the browser while viewing a story at one of its publisher's sites, the AP News Registry no longer sets any cookies. The previous solution was for users to opt-out via a link to a central opt-out page referenced in each participating news site's privacy policy. They still count the total number of impressions for each news story, but aggregate consumer data for those with DNT in a non-identifiable way.'"

cancel ×

80 comments

Sorry! There are no comments related to the filter you selected.

Alert! Site malfunction! (1, Funny)

Xenna (37238) | more than 2 years ago | (#35681834)

My karma status allows me to disable ads, but this one just got through anyway.
I hope someone in charge can fix this for us l33t guys....

Re:Alert! Site malfunction! (0)

Anonymous Coward | more than 2 years ago | (#35681900)

MORE ADS FOR THE ADS GOD

Re:Alert! Site malfunction! (0)

Anonymous Coward | more than 2 years ago | (#35682306)

At least it's an ad I like seeing for once.

Re:Alert! Site malfunction! (1)

sortadan (786274) | more than 2 years ago | (#35682866)

Neat-o, the associated icon got updated to show it's a slash-vertisement.

Non-identifiable? (4, Insightful)

JeffSh (71237) | more than 2 years ago | (#35681868)

"but aggregate consumer data for those with DNT in a non-identifiable way.'"

hmm. Haven't we had many stories about how "non-identifiable" is still identifiable in some cases? It sounds like "Do Not Track" may mean actually "Might track less". As with all voluntary things though, the implementation is completely up to the company implementing it. There's no reason for them to do anything different. I might think it would even allow another layer of tracking since if you have "DNT" on then all that means is yet another flag could be used as a unique identifier, and now they can infer that you're tech savvy and paranoid enough to flip that flag.. What is the point of this again?

Re:Non-identifiable? (3, Funny)

GameboyRMH (1153867) | more than 2 years ago | (#35681964)

Yeah Do Not Track is a great big joke. It's like going through a bad neighborhood at night, loaded with jewellery like a Hollywood diva with a Do Not Rob sign stuck to your back.

Re:Non-identifiable? (5, Interesting)

mcmonkey (96054) | more than 2 years ago | (#35682086)

Well, how does it work?

You visit site, the server checks your DNT flag before sending a cookie...and then what?

I'm guess the server records GameBoyRMH visited site xyz.com, but no cookie was set. And whenever you visit one of those 800 sites, they know it's you, because they have to check for your DNT flag.

So you've preserved the 100-or-so bytes the cookie would take on your drive, but how is that not tracking?

It seems to me a real DNT track system would be client-side only, and the setting would instruct the browser to accept and instantly (or after the session) delete the cookie, without giving any indication of the activity to the server.

Re:Non-identifiable? (1)

GameboyRMH (1153867) | more than 2 years ago | (#35682112)

Bingo, you hit the nail on the head.

Re:Non-identifiable? (3, Informative)

Richard_at_work (517087) | more than 2 years ago | (#35682224)

They would store "someone visited page X at date Y and time Z" and they may also be able to store "and they were referred in from page ABC", but they would have no way of seeing where you went from that page, even if it was to another page on the site, because all that page is going to store is the same non-identifiable information.

A cookie allows them to give you a unique identifier, which works for differentiation down to individual browsers on the same machine, and that allows them to get a good picture of your travel around their site (and their affiliate sites etc) - the DNT flag would remove that, only allowing them to track the number of hits on a page and where the visitor came from.

They don't know its "you" each time, because the DNT flag contains no identifiable information - to them, this is the equivilent of you clearing out your cookies after each individual page visit. No cookie, no ID, no tracking beyond the current page. Same deal.

Re:Non-identifiable? (1)

tlhIngan (30335) | more than 2 years ago | (#35683304)

They would store "someone visited page X at date Y and time Z" and they may also be able to store "and they were referred in from page ABC", but they would have no way of seeing where you went from that page, even if it was to another page on the site, because all that page is going to store is the same non-identifiable information.

A cookie allows them to give you a unique identifier, which works for differentiation down to individual browsers on the same machine, and that allows them to get a good picture of your travel around their site (and their affiliate sites etc) - the DNT flag would remove that, only allowing them to track the number of hits on a page and where the visitor came from.

They don't know its "you" each time, because the DNT flag contains no identifiable information - to them, this is the equivilent of you clearing out your cookies after each individual page visit. No cookie, no ID, no tracking beyond the current page. Same deal.

Still, it may not be exactly *you*, but if your IP address shows up several times in the access log within a few minutes (and they're for different articles), you could guess that maybe it's the same person visiting several of the same stories.

Also, does the browser in DNT mode do header santization? After all, didn't the EFF prove that even without session cookies, you can still fingerprint the browser and track that way fairly reliably? (The few that are generic fall into the noise of those who want to screw with the data anyhow).

I don't see anything mentioning if setting the option santizes headers or not.

http://panopticlick.eff.org/ [eff.org]

Re:Non-identifiable? (1)

Richard_at_work (517087) | more than 3 years ago | (#35686924)

Until you can come up with a magical way for the browser and server to be in contact but for the server to never know anything about the client, then you are going to have to trust the server to some extent.

Re:Non-identifiable? (0)

Anonymous Coward | more than 2 years ago | (#35682288)

I have been waiting for a "delete cookies that have gone unused for X (I would use 5) minutes" option in firefox or noscript for a long time.

Maybe another setting for a hard limit of 15 minutes (again, adjustable) or so.

Then you could whitelist sites you want to remember you, like slashdot.

Instead we only get "remember all cookies the way the server tells us to", "remember all cookies until the browser closes" (could take months), or "don't use cookies at all" (yeah, real useful).

Or now, "trust the web server to be good". Wow, great idea!

Re:Non-identifiable? (1)

Korin43 (881732) | more than 2 years ago | (#35683104)

Go to your Firefox preferences.
Switch to the privacy tab.
Firefox Will => Set to "Use custom settings for history"
Uncheck "accept third-party cookies"

Congratulations, almost all tracking is now disabled (since most sites don't track you themselves, they set a third party cookie to track you).

Re:Non-identifiable? (0)

Anonymous Coward | more than 2 years ago | (#35683248)

Although I appreciate the effort, this does absolutely nothing like what I want.

I want all cookies to expire minutes after being set (used).

I do disable third party cookies. I also block just about every single ad domain, along with all of the "like this in facebook", "retweet this", etc buttons.

All of this is blocked at the proxy level, and I watch the logs to see who refers to who, block weird unwarranted traffic, etc.

I am much more aware of these things than you assume.

Again, I want a way to make cookies last for 5-15 minutes and then be deleted. It is something that would add a lot to my current setup.

A lot of sites are unusable without cookies, but there is no easy way to make this site forget you minutes later when you are done with them, which means a week from now when you return, they will remember you. Good for them, bad for me.

There are also cases where cookies are needed temporarily, yet tracking might not be desired. Think about somebody who uses google search on an IP address shared with a lot of people. ISP in a country with a lack of IPv4 address, tor user, etc. You want to answer the captcha on sorry.google.com and have some time to do some searches related to a topic after proving to google that you are better than the rest of the people on that IP address, but then it is also nice to have google forget you in a while, along with the need to redo the captcha and get some new cookies.

Make sense?

Re:Non-identifiable? (1)

TaoPhoenix (980487) | more than 2 years ago | (#35682410)

Sorry sir, you may cease guessing now, because it is a total lie and doesn't work.

Setup:

1. Tools/Options/Advanced/Tell web sites I do not want to be tracked
2. Tools/Clear Recent History/Everything
3. Tools/Options/Privacy/Show Cookies/Remove All Cookies

4. Then go for example to http://marketing.apnewsregistry.com/ [apnewsregistry.com] [apnewsregistry.com]

5. Go look at Tools.Options/Privacy/Show Cookies
Voila!
__utmz
211664137.1301603676.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
__utma
211664137.1337932741.1301603676.1301603676.1301603676.1
__utmc
211664137
__utmb
211664137.1.10.1301603676

Re:Non-identifiable? (1)

Anonymous Psychopath (18031) | more than 2 years ago | (#35682772)

__utmb is a session cookie. You do understand what session cookies are and why we need them, right?

Re:Non-identifiable? (1)

TaoPhoenix (980487) | more than 2 years ago | (#35683246)

In the context of Non-Tracking, the normal logic behind session cookies is not good enough. I'll leave it to my betters to show the proof, but "tracking" is a data-inbound event, so even if that session cookie becomes invalid later, a company sufficiently motivated to make a big show of "Do Not Track" while simultaneously getting trackable inbound info can do it, but it wouldn't all be stored in the cookie, it would be the cookie + other steps.

Basically, it's impossible to prove a company "isn't tracking you" - we're too far down the slippery slope by now. Call it Godel's Revenge. We're stuck with our Fishbowl, so we're thrashing around how to socially deal with it.

Re:Non-identifiable? (2)

Anonymous Psychopath (18031) | more than 2 years ago | (#35683460)

All those cookies you listed have already expired. Just look at the timestamps, it's right there.

If someone wanted to track you badly enough to do the things you're suggesting, they would simply ignore the DNT flag.

Something I suspect a lot of the folks on /. struggle with, as I do myself, is accepting the axiom that perfect is the enemy of good. DNT isn't remotely perfect, but that isn't the same as not being a good thing.

Re:Non-identifiable? (1)

tsm_sf (545316) | more than 2 years ago | (#35682804)

I'm guess the server records GameBoyRMH visited site xyz.com, but no cookie was set.

If you're concerned about being tracked by a site you probably shouldn't be logging into it.

Re:Non-identifiable? (1)

hairyfeet (841228) | more than 2 years ago | (#35683004)

The really funny part is this makes you even more identifiable since so few will opt in. it is like that site that checks how identifiable you are by what your browser sends back (so sorry I can't think of the site, maybe someone has it bookmarked?) and with ABP and NoScript there were less than 8000 with my particular string which is a pretty small niche out of the billions of web users, but with ABP and NoScript turned off I was one of 1,2 million with the same string so it was like trying to find a particular needle in Dodger stadium filled to the brim with needles.

So while I'm all for more privacy I'd worry about the unintended consequences of things like DNT. After all it isn't like telemarketing where it bitch slaps you in the face so everyone looks for the DNC registry, so many have accepted that ads are just a part of the web experience and have NO clue that they are being tracked.

But on a positive note it makes it easy for me to switch people away from IE thanks to ABP, first on FF and now with Comodo Dragon on my handy freeware CD. When people see the difference killing those "punch the (blank) win a (blank)" ads has on their connection it is an easy sell to migrate them away from IE. It has gotten my customers so hooked on staying away from IE I've had them call me to ask how to "Fix" their relatives PC over the phone, when it turns out they don't have Firefox or Dragon.

Re:Non-identifiable? (1)

TaoPhoenix (980487) | more than 2 years ago | (#35683546)

Nice post.

Elsewhere I took a strongly worded stand vs a well meaning AC about session cookies, and "left it to my betters to work out the details". You provided one - the mere (rare) existence of the bit set to on itself.

I know about the Panopticlick method, but that felt "too easy" - so let's work on sneakier tricks. Using the principle of the 20-Questions Narrowing Down theme, can they narrow it down to "you" say within four page clicks? Sure, the homepage might not be enough, but there could be 10 ways of rendering the second page, and only "you" trigger a certain sequence by page #4?
My point still stands, you can never prove they aren't tracking you. It becomes a social issue now.

Re:Non-identifiable? (0)

Anonymous Coward | more than 2 years ago | (#35683596)

I would bet money that you misread panopticlick, and that what it really told you without NoScript is that out of the 1.2 million users, you were the only one with your exact configuration.

Try it out again and read it closely.

Re:Non-identifiable? (1)

hairyfeet (841228) | more than 3 years ago | (#35685970)

Nope sorry, read it right. You see without ABP and NoScript (the only two extensions I had at the time) I was just a bog standard Firefox on a bog standard XP Home with the bog standard Flash and WMV plugins. That made me a needle in a needle factory simply due to the huge installed base of FF, XP Home, and Flash/WMV. There simply aren't that many using what I was using at the time PLUS ABP PLUS NoScript, which made me a MUCH easier target to find.

It is like the difference between having a fully patched and up to date XP with Av and MalwareBytes VS being one of the tens of millions with an XP machine that hasn't updated since XP Sp2 and has an out of date trial of Norton running. Those that actually care enough about security to deal with the hassle of looking up these programs, applying these programs, and dealing with the quirks simply are a tiny minority compared to those that simply stick with the defaults. That is why having sane defaults is so important because a good 85%+ of users will NEVER deviate from whatever the default settings are.

Re:Non-identifiable? (1)

Arrepiadd (688829) | more than 3 years ago | (#35686516)

Well, I get the exact opposite, more in line with what GP says.

I am running FF 4 in MacOS X (madness, I know) and with Adblock and NoScript activated I have the same fingerprint as 1 in 53,152 browsers. If I use it with NoScript deactivated my browser finger print makes it unique, so I can be identified among all 1.4 million people that used Panopticlick. It's true MacOS X is not as common as Windows XP, but for me activating NoScript helps my privacy (I become 1 out of 30 instead of a specific one).

Why does ALL /. LOL @ Hairyfeet? Step inside... (0)

Anonymous Coward | more than 3 years ago | (#35687364)

#1 - YOU DON'T EVEN KNOW THE DIFF. BETWEEN "static" and "dynamic" addressed adbanners, shown here (which even BestBuy techies know):

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060 [slashdot.org]

AND?

#2 - LMAO - YOU BLEW IT AGAIN, & on something ELSE even "Best Buy Techies" know, in DNS local client caches needing to be turned off in Windows with relatively "largish" HOSTS files:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686054 [slashdot.org]

Yes children - this is what "ITT Tech does for you", where "Pwuffesuh HaiwyPheet" here got his "FINE education" (LOL - NOT! (You're proof, living proof, it makes you a FUCKUP))!

OR, do the above links NOT show that much?

EVEN Funnier still??

#3 - You've trolled ME before in the past on HOSTS files, and made THAT same "blunder" before in the past:

http://it.slashdot.org/comments.pl?sid=2061048&cid=35686474 [slashdot.org]

And, tons more... like your "math" one!

http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576 [slashdot.org]

From there downwards, you blew it totally, & with someone you stalk, troll, & libel in myself on HOSTS files posts, constantly!

APK

P.S.=> So - DO YOU STILL WANT TO KEEP STALKING, TROLLING, and yes, EVEN LIBELLING ME (as you tried here http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932 [slashdot.org] and I shot you down cold, with facts here on that note -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740 [slashdot.org] )?

IF so, well - "it's YOUR funeral"... that's also FAR from the 1st time, & you blew it on the SAME damn points as before AND MANY MORE...

The "infamous they" & iirc, EINSTEIN even said:

"Repeating the same thing over & over & expecting different results is insanity" ...

Funniest part is, in that thread above and others you called ME, 'batshit-insane' (and you're no PHD in Psych):

"But if you weren't completely batshit insane" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)

TELL You what, when you get these items to YOUR name/credit:

---

1.) PHD in Psychiatry
2.) Years-to-decades of professional experience
3.) A license to practice
4.) A formal examination of myself in a profesional psychiatric environs

---

Then, maybe? You'd be credible, & not libelling me like you like to do, which is against the law.

AND?

Keep repeating from your mistakes shown above then some more, & tell us another good one + refer to EINSTEIN above... lol! apk

Hairyfeet - tell us about STATIC & DYNAMIC, lo (0)

Anonymous Coward | more than 3 years ago | (#35684378)

http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060 [slashdot.org]

(Hairyfeet's SUCH a dumbass, he doesn't know the diff. between STATICALLY ADDRESS IP BASED banners & DYNAMICALLY ADDRESSED ONES using host/domain names!)

LOL, I mean, ok - listen to his b.s. ALL YOU WANT, but only AFTER you read the URL from this website above, lol!

(He sure is a "big talker" though, isn't he? Ripping others' work but he can't show he's done better... & he CERTAINLY SHOWED he is a fuckup in his "tech know-how" above!)

Another instance of his "big talking b.s." is here:

http://slashdot.org/comments.pl?sid=2029850&cid=35450222 [slashdot.org]

He says "automating McDonalds would be 'easy'" but he's NEVER DONE THAT... I have (one of the programmers for them, Boston Market, & Burger King's "bump bar" system).

APK

P.S.=> Just "too, Too, TOO EASY - just '2EZ'", but then again? "Pwuffesuh HaiwyPheet" is only an "ITT Tech Boy" techie... lol! apk

Hairyfeet will libel me next - to THAT? See this: (0)

Anonymous Coward | more than 3 years ago | (#35684798)

http://slashdot.org/comments.pl?sid=2062904&cid=35684474 [slashdot.org]

Nuff said, & that? THAT was just "too, Too, TOO EASY - just '2EZ'"

APK

Re:Non-identifiable? (1)

Solandri (704621) | more than 3 years ago | (#35684322)

It seems to me a real DNT track system would be client-side only, and the setting would instruct the browser to accept and instantly (or after the session) delete the cookie, without giving any indication of the activity to the server.

That's basically what Cookiesafe [mozilla.org] and Cookie Monster" [mozilla.org] do. Firefox's default cookie manager does it a bit more clumsily, and is missing the option to allow a site to leave cookies for just the current session, not future sessions. Your only choices are always deny, allow persistent cookies, or always allow cookies for a session.

Re:Non-identifiable? (1)

Seumas (6865) | more than 2 years ago | (#35682274)

I already have a do-not-track. It's called adblock. It's not perfect and it isn't a certainty that I can't be tracked by advertisers and others (in fact, it's a certainty that I can be, I'm sure). At least I can avoid ads and a significant portion of tracking, though.

Re:Non-identifiable? (1)

GameboyRMH (1153867) | more than 2 years ago | (#35682336)

Way ahead of you. I use NoScript, Flashblock and Betterprivacy (ads that don't use Flash or JS still work fine, so I support the sites I browse). But unlike us, the Average Joe doesn't know how to defend himself, and it's sort of unreasonable to expect someone to know which scripts should be allowed and which shouldn't.

Re:Non-identifiable? (1)

psyclone (187154) | more than 2 years ago | (#35683262)

I also recommend adding Cookie Monster to that list. I don't use Flashblock as NoScript pretty much takes care of it; I do allow scripts from the same domain by default.

Re:Non-identifiable? (1)

GameboyRMH (1153867) | more than 2 years ago | (#35684192)

I've actually been meaning to try Cookie Monster 1 or CookieSafe.

Re:Non-identifiable? (1)

causality (777677) | more than 2 years ago | (#35682398)

I already have a do-not-track. It's called adblock. It's not perfect and it isn't a certainty that I can't be tracked by advertisers and others (in fact, it's a certainty that I can be, I'm sure). At least I can avoid ads and a significant portion of tracking, though.

Adblock is a really good partial solution. Not only does it make you more difficult to track (since much of that is done by ad networks) but it also speeds up browsing and removes the more obnoxious ads. What you said makes me think of this line from the summary:

The previous solution was for users to opt-out via a link to a central opt-out page referenced in each participating news site's privacy policy.

That's the previous non-solution. Implicit in this idea is the notion that we're completely at the mercy of the sites doing the tracking, that the only way to disable the tracking is with their consent and active participation. That's simply false and its falsehood is not difficult to demonstrate.

I prefer a combination of Adblock, Noscript, BetterPrivacy, RequestPolicy, RefControl, CS Lite and a comprehensive /etc/hosts file (concatenated and uniq'ed from several available for download). I have no problem with a given site knowing that my IP address visited it at a certain time. That's like the convenience store clerk who sees me walk into his store. The rest is none of their business and is more like the convenience store clerk hiring someone to follow me around and record every store I visit.

I do not recognize anyone's entitlement to do that and I refuse to participate. That's all it really takes. I am unconcerned with whether the sites in question like that or wish to help that or want to resist that. I'm not giving them a choice in the matter.

Re:Non-identifiable? (0)

Anonymous Coward | more than 3 years ago | (#35686848)

This is exactly WHY I was against this stupid feature.
It is just another signature on web browsers that can be used, for example, that test EFF had.
But in saying that, it is only a boolean, whereas something like the font list is much, much more unique, more-so on those who tend to be technology literate since they tend to have other fonts installed.
I think Plugins were also used to ID people, those are probably even more unique due to version numbers.

Panopticlick on EFF for those who want to try. [eff.org]
Could send a message there way to also include that in detection now that I think about it.
I still come up unique. :)

Aimed at Google? (1)

bye (87770) | more than 2 years ago | (#35681904)

Am I the only one to suspect that DNT is mainly aimed at the market participant which does the most tracking and which has the highest online ad revenue: Google/DoubleClick?

Can't Wait for the NSA to Follow Suit! (3, Funny)

BJ_Covert_Action (1499847) | more than 2 years ago | (#35682006)

Great! I can't wait for the NSA to follow suit and respect the "Do Not Track," option in FF4. Then we will know with all certainty that Hell has frozen over, we will be able to opt out of TSA ball-groping by using flying pigs for transportation instead of planes, that girl I had a crush on in HS will finally kiss me, and all my preparations for the zombie apocalypse will finally show their true value as the world crumbles around us as the final sign of the times.

This is nice but the obvious remains... (4, Insightful)

alostpacket (1972110) | more than 2 years ago | (#35682014)

What good is a privacy feature when it rests on the compliance of those who have conflicted interests in the matter? I'm scratching my head a bit as to why Mozilla went down this road at all. I know everyone is pushing for the Web-2.0-cloud-service-based-thin-client-web-app-with-local-storage and video embeded in buttons, but there has to be some kind of gatekeeper. If our gatekeepers (the browser makers/W3C) are merely going to add a "please be nice" button, what chances are there that the web will continue to be a medium of information excahnge, and not turn into a see of potentially dangerous apps? I know that's a bit chicken little sounding but this was one advantage the plugin model afforded. Don't want Flash/Java? Easily blocked. Don't want HTML privacy invasion? Ask the advertisers nicely to comply? Something seems seriously broken with this philosophy. It's arleady diffucult to browse a lot of sites sans-javascript, and it seems only to be getting worse. Personally, I've always thought one of the advantages of the web, one of the things that caused it to grow so rapidly, is that sites were sanboxed away from the user via the limitations of the browser.

Re:This is nice but the obvious remains... (1)

Nyeerrmm (940927) | more than 2 years ago | (#35682388)

This isn't a security feature, its a standardized opt-out.

Seems like a good thing. Better security to prevent malicious tracking is still important, but its complimentary to this.

Re:This is nice but the obvious remains... (1)

dmomo (256005) | more than 2 years ago | (#35683726)

And whether or not it gets wildly honored, if more people set the flag, it certainly sends a message and makes people aware that privacy is important.

Re:This is nice but the obvious remains... (1)

TaoPhoenix (980487) | more than 2 years ago | (#35682472)

Except it doesn't even seem to work for me - see my post above for the apregistry. What good is a method that's so buggy you can't rely on it? What fallacy is that, that they promote a feature yet for ____ % of the population it "just happens" not to work?

Re:This is nice but the obvious remains... (1)

dmomo (256005) | more than 2 years ago | (#35683654)

I don't get your post. It's not a client thing. The browser simply says to the remote server, "this person does not want to be tracked". It's not buggy or broken. It's up to the remote server to honor it. That's all. Now.. the "idea" may be buggy or broken. Sure. But that's a different thing.

This doesn't claim to delete cookies or anything of the sort.

Re:This is nice but the obvious remains... (3, Insightful)

BJ_Covert_Action (1499847) | more than 2 years ago | (#35682790)

I'm scratching my head a bit as to why Mozilla went down this road at all.

Well it seems like a bit of a publicity ploy for Mozilla to me, albeit, a good one. Mozilla has had issues with FF in recent versions (I'm looking at you FF3 bloat), but it still remains the poster child browser for a private/independent/free browser. I think the devs at Mozilla know full well that the Do Not Track flag requires the unlikely compliance from other entities. However, by making the feature easy to use and by publicizing it, it has brought the problem of, "Random data mining companies are harvesting everything about you," right into the main view of every user that configures their own Option settings in FF.

Furthermore, if users start checking the option because it sounds like a good idea, but there is still a big fuss about companies tracking users anyway, the users will start to ask what the hell is going on. If Mozilla takes the time to explain that, for true non-tracking web-browsing, those data mining companies have to take it down a notch, it could very well increase public criticism of data mining in general.

So all in all, I think adding the "Do Not Track" option was much more of a political move by Mozilla than an actual technical one. It's nice to see someone with money and clout sticking up for such things for once.

Re:This is nice but the obvious remains... (1)

Solandri (704621) | more than 3 years ago | (#35684286)

What good is a privacy feature when it rests on the compliance of those who have conflicted interests in the matter?

Why not make it so if you have DNT set and a site ignores it, a big notice pops up saying "This site does not honor your Do Not Track setting. If you proceed, information about your behavior while visiting this site will be tracked and collected, and may be used in a manner you find objectionable. Are you sure you wish to continue?" No, Always Allow, Allow this one time.

Personally, I just run with a extension which allows me to allow, block, allow for session, or temporarily allow for session cookies on a site-by-site basis. (The last category is the important one missing from Firefox's default cookie manager - if I usually visit a site with cookies blocked, but a video or something requires cookies, I want to allow it to set a cookie this time but not next time.)

Re:This is nice but the obvious remains... (0)

Anonymous Coward | more than 3 years ago | (#35685082)

I place the blame firmly on web standards. They should be designed, not with a view towards a full-featured web, but towards a deep suspicion of websites. A browser is code that runs on a user's computer - it should serve their interests, rather than those of the websites they're visiting.

The first indication I had that this model was broken was discovering that websites were able to set a link to open a new tab/window. That should be reserved for the user's control.

Re:This is nice but the obvious remains... (1)

shutdown -p now (807394) | more than 3 years ago | (#35685778)

What good is a privacy feature when it rests on the compliance of those who have conflicted interests in the matter?

I think this may be setting technical foundation for a legal privacy framework with teeth. If there is a de-facto, widely implemented industry standard (even more so if they get it through say W3C) to say "I don't want you to gather my private information", and a company ignores it, can they be held liable? Maybe not today, but a law could be made to that effect tomorrow.

OK, I'll admit (1)

dargaud (518470) | more than 2 years ago | (#35682090)

OK, I admit that I use facebook a little, just to stay in touch with far away family and friends. I login, see what my friends/family's been doing, post how many times I farted today and that's about it. But when I go to bigfatsluts.com and see the 'like' button under the videos, I cringe. I would like an option to deny facebook 'like' and suchlike (hah!) when I'm not on facebook itself. How ?

Re:OK, I'll admit (1)

wjousts (1529427) | more than 2 years ago | (#35682312)

Use privacy mode when you visit bigfatsluts.com, problem solved.

Re:OK, I'll admit (0)

Anonymous Coward | more than 2 years ago | (#35682514)

Use privacy mode when you visit bigfatsluts.com, problem solved.

Privacy mode does not solve that problem, nor does it claim to. "Privacy mode" just means the browser doesn't retain cookies or browser history once the session ends.

Re:OK, I'll admit (1)

wjousts (1529427) | more than 3 years ago | (#35687702)

The particular problem that the OP suggests would be solved by privacy mode. I'm assuming his problem is that he's logged on to Facebook and when he visits sites with a "Like" button, Facebook "helpfully" posts it for him (actually I don't think you even need to be logged into Facebook, it can track you anyway if you have a Facebook cookie). If you turn on privacy mode you won't be logged onto Facebook (unless you then, stupidly, go ahead and log on to Facebook), so those like buttons won't connect you back to your Facebook account. You regular Facebook cookies won't be accessible to Facebook when you are using privacy mode.

I am well aware that privacy mode doesn't solve all privacy issues, but it does solve this particular one.

Re:OK, I'll admit (2)

dmomo (256005) | more than 2 years ago | (#35682326)

What's worse about this, is that it is implemented by an iframe. The "like" button is actually at facebook. bigfatsluts.com doesn't know anything about your facebook info, but, because you are logged in, and the facebook content knows what page it is being loaded into (the iframe source looks likes this: facebook.com/plugins/like.php?http://bigfatsluts.com/thehairiest.movie), facebook knows that you have visited the page.

The more sites that implement this, the more facebook is able to track your web browsing outside of facebook. I find this scary because Facebook has already proven that they would like to market to your friends using your data. Imagine this: "Hey Jim. Bob likes Big Hairy Sluts!! We thought you might like them too. Click here for Big Hairy Sluts." That may sound paranoid. But all the technology for it is in place. The only reason we are not seeing it is because Facebook hasn't implemented it. They certainly have the power to. That's granting them too much trust in my opinion.

I have yet to see a feature to disable this "facebook functionality on external sites" crap. I want facebook to honor the do not track. If everyone got riled up about it, Facebook might do so. Sadly, I'm just not seeing the "critical mass" of user outrage.

Re:OK, I'll admit (1)

psyclone (187154) | more than 2 years ago | (#35683324)

RefControl [mozilla.org] might help you here. Additionally the HTTPSEverywhere extension; then all the iframes over regular http would get converted to https and hopefully fail.

You almost need to: allow cookies for facebook.com, login to facebook, ...., logout, block cookies for facebook.com, continue normal browsing.

Try Cookie Monster [mozilla.org] for help with that.

A pain in the ass, but I wouldn't trust facebook either, even if they did claim to honor DNT.

Re:OK, I'll admit (1)

cffrost (885375) | more than 3 years ago | (#35685988)

What's worse about this, is that it is implemented by an iframe.

NoScript can be used to block IFRAMEs.

Re:OK, I'll admit (1)

TroyM (956558) | more than 2 years ago | (#35682572)

Log out of facebook. Wouldn't that solve the problem?

Re:OK, I'll admit (2)

psyclone (187154) | more than 2 years ago | (#35683292)

Not if you're still accepting cookies from facebook.com / fbcdn.net

I wasn't worried about the good actors... (2)

metrometro (1092237) | more than 2 years ago | (#35682120)

This is a nice thing for everyone to be doing, but it's still a trust relationship with no transparency. Bad actors won't respect my wishes. That's the definition of a bad actor.

The solution has to be on client side. Otherwise it's just more trust, which is what we've been using all along. I'd much rather trust the Ghostery extension to just block the tracker scripts to begin with.

Re:I wasn't worried about the good actors... (1)

farlukar (225243) | more than 2 years ago | (#35682480)

I'd much rather trust the Ghostery extension to just block the tracker scripts to begin with.

Ghostery is marketeer self-regulation as well, blocking only scripts from companies who opted in to the program.

Re:I wasn't worried about the good actors... (1)

gandhi_2 (1108023) | more than 3 years ago | (#35685504)

Bad actors won't respect my wishes.

Tell me about it. Keanu Reeves keeps appearing in movies, despite my repeated requests. Brah.

Re:I wasn't worried about the good actors... (0)

Anonymous Coward | more than 3 years ago | (#35686006)

Brah.

Yo wassup?

DNT is rediculous: the trust goes the wrong way (0)

Anonymous Coward | more than 2 years ago | (#35682178)

"Do not track" is an absurd idea. It depends on voluntary compliance. Even if many US based businesses do that, less scrupulous sites or overseas ones may not.

The ONLY thing you can trust is to not give them the data in the first place. If they don't have it, they can't track you. Stop downloading their web bugs. Stop running their tracker scripts. Stop letting them have an IP even.

Think about it like this. One way to privacy is to shout all my personal information from my rooftop with a megaphone, but get my neighbors to promise that they won't write it down. But will they all be honest? The other way is to not let them know to begin with. That's far, far safer, because then no matter whether they are honest or not, I still have my privacy.

Re:DNT is rediculous: the trust goes the wrong way (1)

wjousts (1529427) | more than 2 years ago | (#35682338)

Stop letting them have an IP even.

Okay, I'm mostly agree with the sentiment, but without an IP address how do you expect them to serve you any webpages?

Re:DNT is rediculous: the trust goes the wrong way (0)

Anonymous Coward | more than 2 years ago | (#35682478)

I think that might be the point. If you don't visit them, they can't track you.

Re:DNT is rediculous: the trust goes the wrong way (1)

Mashiki (184564) | more than 3 years ago | (#35684236)

Okay, I'm mostly agree with the sentiment, but without an IP address how do you expect them to serve you any webpages?

Unicorn sparkles. It's pretty obvious that it's the only way to be sure. THE ONLY WAY.

Re:DNT is rediculous: the trust goes the wrong way (0)

Anonymous Coward | more than 3 years ago | (#35684926)

> without an IP address how do you expect them to serve you any webpages?

I'm the AC you're replying to. The answer is by browsing through a proxy.

Re:DNT is rediculous: the trust goes the wrong way (1)

wjousts (1529427) | more than 3 years ago | (#35687714)

So either you own the proxy (in which case they still have your IP address, or at least an IP address that belongs to you) or you trust the person who runs the proxy because they do have your real IP address.

Stupid Idea (3, Interesting)

Anonymous Coward | more than 2 years ago | (#35682242)

To start with, they should rather strip all the unnecessary, incredibly detailed version information [eff.org] off the default user-agent string. Relying on the "goodwill" of ad companies is just absurd.

Oh and, as soon as this Do-Not-Track header becomes a default setting it will be ignored anyway...

Screw DNT (0)

Anonymous Coward | more than 2 years ago | (#35682256)

They need to implement Don't Be Evil (DBE) flag.

Do Not Track (1)

countertrolling (1585477) | more than 2 years ago | (#35682322)

Sounds like somebody put the bridge up for sale again. How many owners does the damn thing have by now?

"privacy policy" ha ha ha ha ha ha BWAAAA HAHAHA!!!

ok, that's enough

Sorry, too late. (2)

Chemisor (97276) | more than 2 years ago | (#35682438)

Those of us who care, already whitelist cookies. Those who don't, are not going to bother setting the DNT flag in the first place.

Re:Sorry, too late. (4, Insightful)

maxume (22995) | more than 2 years ago | (#35682738)

I can convince my family to enable do not track, no way am I going to try to walk them through cookie white listing.

Re:Sorry, too late. (2)

psyclone (187154) | more than 2 years ago | (#35683344)

With Cookie Monster [mozilla.org] it's not too painful. Set it to apply to the entire domain and not deal with subdomains, and have it block by default. Any time they need to login, just click the icon and permanently allow. Any time some crappy website that requires cookies denies them, then temporarily-allow.

I'm not saying most people will do this, but a fair amount can do this if they care. I doubt there is anything we can say to show them they should care, however.

Re:Sorry, too late. (1)

maxume (22995) | more than 2 years ago | (#35683570)

Yeah, that's what I use.

It isn't so much that it is complicated, it is that it is an extra step or two, and they don't care.

Re:Sorry, too late. (1)

cffrost (885375) | more than 3 years ago | (#35686024)

It isn't so much that it is complicated, it is that it is an extra step or two, and they don't care.

This sounds like an iron-deficient fist problem.

That reminds me... (1)

sootman (158191) | more than 2 years ago | (#35683276)

I'm flying to NYC in the morning and need to pack my "Do Not Mug Me" shirt. :-)

This is such a wrong approach, it's not even funny (1)

Evi1M4chine (2029370) | more than 2 years ago | (#35683956)

It's like putting a sign next to your sheep herd, telling the wolves to please no kill your sheep.
It’s like having a firewall, that sends “Please would you be so kind, dear haxxor, to not wreck my system” packets out to the sources of incoming connection requests.

Smart move, genius.

uhh.... Firefox AND IE9 (1)

modmans2ndcoming (929661) | more than 2 years ago | (#35684002)

They use the exact same Do Not Track header.

Re:uhh.... Firefox AND IE9 (1)

PoopMonkey (932637) | more than 3 years ago | (#35685056)

I bet they connect to the same ports too!

Re:uhh.... Firefox AND IE9 (0)

Anonymous Coward | more than 3 years ago | (#35685458)

you are an idiot.

Re:uhh.... Firefox AND IE9 (1)

Tim C (15259) | more than 3 years ago | (#35687368)

With a username like that, you're surprised?

Rejected by the IETF (0)

Anonymous Coward | more than 3 years ago | (#35688474)

This feature was presented at the IETF meeting this week an was squarely rejected. Try again, silly lizard.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?