Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firefox Advances Do-Not-Track Technology

Soulskill posted about a year ago | from the just-barely-able-to-track-their-progress dept.

Mozilla 148

CowboyRobot writes "Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers. 'We're trying to change the dynamic so that trackers behave better,' Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post. According to NetMarketShare, 21% of the world's computers run Firefox. Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites. Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default."

cancel ×

148 comments

Sorry! There are no comments related to the filter you selected.

Backlash (0, Insightful)

Anonymous Coward | about a year ago | (#44078645)

So when's the backlash coming against them like with IE?

Re:Backlash (-1)

Anonymous Coward | about a year ago | (#44078693)

It won't happen. People around here yell about Microsoft loudly for these things, probably because the pain of the OSS cock in their assholes.

Re: Backlash (2)

Vanderhoth (1582661) | about a year ago | (#44078757)

I remember the article about MS implementing DNT by default. It was actually one of the few occasions around here where they got praised. Normally they're so anticonsumer rights they don't deserve it.

Re: Backlash (0, Insightful)

Anonymous Coward | about a year ago | (#44079169)

Microsoft's approach to DNT was especially terrible. It does nothing to stop tracking, but it does give advertisers a legal loophole where they can say "even though there was a DNT:1 request header that doesn't necessarily mean the user opted out of tracking".

Re: Backlash (1)

Anonymous Coward | about a year ago | (#44079269)

Microsoft's approach to DNT was especially terrible. It does nothing to stop tracking, but it does give advertisers a legal loophole where they can say "even though there was a DNT:1 request header that doesn't necessarily mean the user opted out of tracking".

It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.

Re: Backlash (0, Insightful)

Anonymous Coward | about a year ago | (#44079413)

You wanted to lose the ability to opt out of tracking?

This is how DNT works normally
DNT:0 indicates that the user has consented to tracking
DNT:null does not indicate whether or not the user has consented
DNT:1 indicates that the user has opted out

Now on IE10 DNT:1 behaves like DNT:null, DNT:null is effectively DNT:0 and there is no way left to actually request not to be tracked.

Re: Backlash (1)

Anonymous Coward | about a year ago | (#44079461)

Nice spin. In truth, they simply made the default 1. Your null argument is weak since null would have been treated like 0. Now null is treated like 1 and users have to opt-in. Advertisers didn't want that, they wanted opt-out so now they feel justified in not playing.

Re: Backlash (3, Interesting)

hedwards (940851) | about a year ago | (#44080223)

Indeed, considering the various sociopathic methods that advertisers are willing to enact to get their message heard, regardless of whether the end user wants to hear it, I say fuck them. The DNT wouldn't be necessary if they were satisfied with an opt in set up or we had any idea as to who the people doing the tracking were. But, that isn't the case.

They've given us malware in ad banners that use code hosted on 3rd party sites, those annoying flash ads that cover content and randomly crash, the intellitext that randomly disrupts our browsing and not to mention those hidden ads that get activated when you click on seemingly blank space on a site.

I'd personally suggest that they made their bed, and now it's time for them to lie in it. But, I think they might take that as permission to lie to me if they're actually in bed.

Re: Backlash (1)

Anonymous Coward | about a year ago | (#44081145)

You wanted to lose the ability to opt out of tracking?

This is how DNT works normally
DNT:0 indicates that the user has consented to tracking
DNT:null does not indicate whether or not the user has consented
DNT:1 indicates that the user has opted out

Now on IE10 DNT:1 behaves like DNT:null, DNT:null is effectively DNT:0 and there is no way left to actually request not to be tracked.

I wanted to default to not being tracked. The sites choosing not to honor the setting are the ones who are against me. They are the ones who violate the protocol.

So I will continue to use other means to not even fetch their content in the first place. Sites carrying their ads get no revenue. Clients buying ad space on their network get no impressions. I get faster, safer browsing.

Re: Backlash (4, Insightful)

DrXym (126579) | about a year ago | (#44079615)

It was MS giving me what I want, and the Apache Software Foundation siding with the advertisers against me. Don't try to spin it into something different.

No. It was Microsoft making your decision for you, making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference. And more likely it had squat to do with them championing privacy and more to do with screwing over Google and other advertisers.

I'm sure a browser could pose the question with some information the first time the browser is launched to make the preference an explicit user choice.

Re: Backlash (0)

Anonymous Coward | about a year ago | (#44079705)

That's.. ridiculous. It is not your choice either way. If a person doesn't know of the option, then they're not making a choice no matter what the default is.

The only correct way to implement this would be to ask the user to educate themselves, or err on the side of serving the user first, rather than those trying to make money off of them.

Re: Backlash (1)

AmiMoJo (196126) | about a year ago | (#44080057)

making it entirely justifiable for advertisers to ignore the preference entirely since it doesn't represent your preference

This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital". No-one wants to be tracked, everyone wants privacy.

I suppose MS could have just asked the question up-front when installing IE 10, like they ask about default search engines and that kind of stuff, but I imagine the advertisers would still have had a hissy fit. They were fine with it as long as only the minority who also run AdBlock and Ghostery and disable 3rd Party Cookies and regularly clean their browser data out were turning it on, the millisecond it became mainstream it was unacceptable.

Re: Backlash (1)

Sloppy (14984) | about a year ago | (#44081423)

This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital"

Yes, and?

When we're talking about what someone else's computer internally does with the information you choose to send to it, they liter-- uh -- analogously do have the right (and more importantly: the POWER, even if you disagree about the right) to get away with away with the attitude that you just described. If it helps, think of them as Powerful Assholes Who Have The Law On Their Side.

Sure, PAWHTLOTS are going to let most people bleed to death. The weird strange thing that happened, though, is that while they're all always free to let everyone bleed to death (whether they want to go to the hospital or not), a few of the .. shall we say.. evil-yet-honorable PAWHTLOTS said they'd take people to the hospital if those people said "I thought about it and decided I would prefer to go to the hospital" as opposed to two other choices (the other choices were "I don't care" and "I thought about it and would prefer to die").

Microsoft came out with a medical bracelet, where the "I'd rather go to the hospital" and "I don't care" part was smudged, so that people trying to read the card can't tell the difference.

If you are trying to read such a bracelet, I think you're going to say "well, they clearly don't say they'd prefer to die" and I think you're going to take that person to the hospital. But what do you predict an evil-yet-honorable PAWHTLOTS will do?

The people who invented the DNT medical bracelet thought about that last question and were very explicit that people who make bracelets should use care in making sure the bracelets don't display ambiguous information, but Microsoft blew it.

Look at it another way: we all want this bullshit to be opt-in. But we send information to trackers, where they get to decide how it works. And they want it to be opt-out. It's their computer, so they win, period. If we work within opt-out, some of us can get some of what we want. If we defy it, then we haven't opted out.

This, BTW, is half of the tracking issue. The other half of the issue is that we leak so much damn information, which is what has put so much power into the adversaries hands. And FWIW, this actual Firefox story is about that. So there's at least something to be cheerful about. I prefer technical means to dealing with the problem, but DNT was a brilliant social prong of the action too, and MS has spoiled it.

Re: Backlash (1)

hedwards (940851) | about a year ago | (#44080231)

As opposed to the advertisers opting you in without your consent? All MS was doing there was making sure that people had to opt in, rather than being tracked by god only knows whom all over the net, without any particular way of knowing who was doing it.

Re: Backlash (2)

Billly Gates (198444) | about a year ago | (#44081055)

WOW can MS ever be the good guys here on slashdot I mean ever??

They can cure cancer and someone will bash them and find a reason it seems.

No MS never caved in. Apache did as greedy companies like Godaddy and Rackspace threatened they would go with IIS or some other web serving software if they didn't try to stomp on the will of the consumers immediately!! The standards bullshit is just that. The coders who patched it worked for advertising companies that contributed and the ISP market felt threatened customers would not be willing to pay as much to host sites if they can't generate revenue with annoying ads.

MS did nothing wrong here at all!

Re: Backlash (0)

Anonymous Coward | about a year ago | (#44081171)

The decision they were making was the one I want.

The people whose business model depends on gathering information about me and selling it, along with showing me targeted ads, are the ones who disagreed with that decision. I, for one, welcomed it.

Instead, because the Apache Software Foundation is headed by a sellout who sided with the advertisers, I continue to resort to other means of opting out, including but not limited to DNS blackholing several domains.

Re:Backlash (1)

Anonymous Coward | about a year ago | (#44078803)

So when's the backlash coming against them like with IE?

Why would there be?

I see this as a good thing.

I only back lash against IE that I know of was that it was for years very insecure and didn't follow WWW standards. Now, IE is pretty nice browser - I still prefer Firefox for various personal quirks, though.

Re:Backlash (1)

LordLimecat (1103839) | about a year ago | (#44079935)

Heres the difference, and its really not so complicated.

IE announced that it was going to turn on the "please dont track me" flag which requests a website not track the browser. Such a setting only has an effect if the website in question honors it. Websites might honor that request if it was clear that the user intentionally turned it on, indicating that they perhaps cared enough to not visit said site or use an adblocker if it was not honored. By making it the default setting, it is not farfetched to think that most sites will now NOT honor the flag, since it doesnt indicate much of anything except that the user is on the newest browser. Theres also the question of whether that was exactly MS's plan.

Mozilla here is announcing what amounts to the inclusion of Ghostery lite or something similar in Firefox. This isnt something a website can say "no" to. There are other issues that this can cause, certainly, but theyre not "ruining" anything for everyone else the way IE is; any issues this causes would be on the end-user side (rendering, broken pages, etc).

Re:Backlash (4, Insightful)

hedwards (940851) | about a year ago | (#44080257)

Which is as it should be.

The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out. So, measures like this became necessary. At this point, you have to go to extremes if you don't want to be tracked, and there is no informed consent for most people, you have to be constantly following their methods if you wish to opt out. And do things like blocking 3rd party cookies, javascript, flash, constantly clearing your cache etc.

I'd rather that Mozilla not need to do this, but it's abundantly clear that the advertising industry will not stop of its own accord. We people that browse the web didn't start this war, the advertisers did, and until we get a consistent way of opting into all this tracking, this kind of method is going to be necessary.

Re:Backlash (2)

LordLimecat (1103839) | about a year ago | (#44080661)

The website owners and advertises screwed things up for themselves by setting up a system that made it virtually impossible for people browsing the web to opt out

Some clarification is necessary, for folks who dont really get how websites work.

You are going to www.somesite.com and saying "please, server, send me whatever data you have published". That site may be publishing a website with content from a bunch of advertising networks, so thats what your request gets. Theres nothing inherently evil about this, as a lot of the time those ads generate the revenue which pays the server bills. DNT is your browser saying "please send me whatever youre publishing, but try not to send the advertising stuff". Whether the server complies with (or even understands) that request is going to be up to the site operator.

Of course, as the end user, you have ALWAYS had the freedom to strip out or modify whatever content you receive; or even modify the server's response such that third-party data is never pulled in at all. This appears to be what Firefox will now do by default, and there is again nothing wrong with this except that it will change the dynamic of how ad-supported sites serve data to firefox customers; they may decide to respond by blocking browsers which block ad data.

The biggest mistake people make is thinking that site operators HAVE to cater to you, and thus that we can force them to give us their site, sans the ads. They can very well decide that you dont actually make them any money, and that you therefore wont be getting the ads OR the site. Remember that old saying, be careful what you wish for-- you want no ads, you may end up with no content either.

Re:Backlash (1)

hedwards (940851) | about a year ago | (#44080851)

Sending whatever data you have published is not the same thing as giving permission to send my data to third parties.

I cannot conceive of how you would even think that the two are the same thing. Ads are fine, I understand that free things need to be paid for in some fashion, but targeted ads based upon tracking information are not the only way to go. Ads existed prior to targeting and tracking and commercial bandwidth costs less now than it did before tracking techniques were available.

If they need to track people without their knowledge or permission, then it's probably for the best that these sites go under. Because they're being run by scum bags.

BTW, I don't block ads, but by running software to protect me from malware I end up blocking a lot of ads on various sites. If the site operators would be hosting their ads and running responsible ads their ads wouldn't be blocked. I have no problem with tasteful text ads that aren't targeted at me, but if I don't know what it is and where it's coming from, I block it.

Re:Backlash (1)

Martyn Hare (2928045) | about a year ago | (#44080813)

MS did not enable DNT by default! FFS what is wrong with these advertising people, they enable it if you choose Express but if you deploy without following the wizard, it's off by default... That's not default, it's easy to configure by clicking one button on first install but it's NOT THE DEFAULT! *nerdrage*

Microsoft killed DNT (0)

Anonymous Coward | about a year ago | (#44080975)

IE was the industry's backlash against Firefox. By removing the information content of DNT headers (making it so that it no longer expressed a nondefault user preference) Microsoft killed DNT.

Easy Peasy (1)

NoNonAlphaCharsHere (2201864) | about a year ago | (#44078647)

about:config
NSA=false

Re:Easy Peasy (1)

ZDroid (2938715) | about a year ago | (#44078685)

Oh, also add spies=false. And you will be free digital American. :D

Re:Easy Peasy (4, Funny)

TheRealMindChild (743925) | about a year ago | (#44078853)

Don't you mean browser.privatebrowsing.allowNSASpying=false?

Ad industry will protest against this (0)

Anonymous Coward | about a year ago | (#44078661)

But doesn't Safari already do it? But Safari is not used as widely as Firefox is.

Re:Ad industry will protest against this (1)

kthreadd (1558445) | about a year ago | (#44078785)

Safari blocks third party cookies by default, but they don't set DNT header unless you say so.

Re:Ad industry will protest against this (1)

NatasRevol (731260) | about a year ago | (#44079261)

And then you have to enable the develop menu in the preferences, then go to the develop menu & select 'Send Do Not Track HTTP Header'

Re:Ad industry will protest against this (1)

kthreadd (1558445) | about a year ago | (#44080195)

No it's in the regular preferences. Under Privacy, Website tracking. Select the checkbox right next to "Ask websites not to track me."

Re:Ad industry will protest against this (1)

renimar (173721) | about a year ago | (#44078979)

Safari is used as the default on the 18 kajillion iPhones and iPads out there.

Re:Ad industry will protest against this (0)

Anonymous Coward | about a year ago | (#44079689)

Browser market share [netmarketshare.com]

girlintraining advances do not track tech MOAR. (4, Interesting)

girlintraining (1395911) | about a year ago | (#44078677)

I can update my 'do not track' tech even further. It's called Tor, and the more people who use it, the safer it becomes. Bonus: Comes with free tin foil hat, extended digital middle finger to pervasive electronic surveillance.

Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

But seriously; if they can't link you to an IP address (which let's face it: with all the DNT in the world, your IP is logged by your ISP and your ISP is only too happy to whore out your realworld identity for a few scheckles, and it's trivial to link all your activity now to you, whether you login or not, use cookies, or all the browser magic in the world.

The only tech that can help you right now is one that mixes in all your traffic into everyone else's so you can't mine the data.

Re: girlintraining advances do not track tech MOAR (0)

Anonymous Coward | about a year ago | (#44078689)

In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.

Re: girlintraining advances do not track tech MOAR (0)

Anonymous Coward | about a year ago | (#44078745)

FUD

That AC (not this AC) doesn't want you to use TOR.

Re: girlintraining advances do not track tech MOAR (5, Informative)

girlintraining (1395911) | about a year ago | (#44078817)

In Canada at least, Tor is awful. Because others can use your connection as well, if someone looks at child porn from behind your connection, you are guilty of distribution.

I suppose if you're dumb enough to disregard the gratuitous warnings on the download page, the application itself, the configuration file, the manual, and every internet site that offers a 'how to', all of which lay out in explicit detail what an exit node is, and why enabling one on your personal home internet connection is very bad, then you deserve a punch in the face. But you won't go to jail over it. Not even in Canada... no more than running an open wifi will. And yes, that's been to court. And yes, the guy shit bricks. But he was found guilty only of criminal stupidity.

The correct way to configure Tor in a way that helps everyone and avoids this problem is to set it up as a relay, thus any traffic that comes and goes through your system is encrypted, there is no way for you (or anyone else) to tell what its contents are, and stays within the Tor network.

But by all means, we should all just give in to having our privacy violated by corporations, governments, and anyone with slightly more technical finesse than this Anonymous Coward does... all because a very tiny fraction of the population wants to look at child porn/terrorist websites/whatever is politically unpopular this week.

Re: girlintraining advances do not track tech MOA (0)

Anonymous Coward | about a year ago | (#44079357)

If the correct way to configure TOR is to set it up as a relay, then there would be a greater strain on the exit nodes as they must serve more traffic, no? I mean, it is better for the user, definitely, but I fail to see how that can be healthy for the network as a whole.

Re: girlintraining advances do not track tech MOA (1)

Dekker3D (989692) | about a year ago | (#44079767)

There are alternatives where the TOR traffic is clearly not related to the user who set up the exit node. One thing to come to mind is some Amazon cloud program thing that acted as an exit node. I think it was that, anyway, I didn't pay much attention to it.

Re: girlintraining advances do not track tech MOAR (1)

Jane Q. Public (1010737) | about a year ago | (#44081313)

This is true, but it still doesn't address the essential problem of exit nodes. Adding relays enhances Tor's usability, but not very much its security. More exit nodes do.

Re: girlintraining advances do not track tech MOAR (1)

larry bagina (561269) | about a year ago | (#44078825)

Don't run tor as an exit node. Problem solved.

Re: girlintraining advances do not track tech MOAR (1)

Virtucon (127420) | about a year ago | (#44079733)

LOL, so your traffic will go in a perpetual loop around the world with no where to get out. Reminds me of the X.25 days...

Re:girlintraining advances do not track tech MOAR. (4, Interesting)

ebno-10db (1459097) | about a year ago | (#44078797)

Good idea. There's something interesting about Tor I didn't realize before reading the the Wikipedia article [wikipedia.org] :

Originally sponsored by the U.S. Naval Research Laboratory ... As of 2012, 80% of the Tor Project's $2M annual budget comes from the United States government, with the Swedish government

Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

Re:girlintraining advances do not track tech MOAR. (0)

Anonymous Coward | about a year ago | (#44079223)

Yet the NSA takes Tor as a "definitely track this". Fact is stranger than fiction.

This is why you must use end-to-end encryption, they won't know it's you unless it's your Facebook or Bank of course.

Slashdot blocking exit-nodes for logging in is lame, however it makes perfect sense blocking them for AC users.

Re:girlintraining advances do not track tech MOAR. (1)

Virtucon (127420) | about a year ago | (#44079743)

"To Serve Man, ... It's a Cookbook!"

Re:girlintraining advances do not track tech MOAR. (1)

arth1 (260657) | about a year ago | (#44078807)

Captcha: Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes. "Slashdot is a Dice Holdings, Inc. service." *cough*

That's a very strange captcha.

Re:girlintraining advances do not track tech MOAR. (1)

fustakrakich (1673220) | about a year ago | (#44078839)

Doesn't work on Slashdot, which hates Tor and has banned all the exit nodes.

See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

Re:girlintraining advances do not track tech MOAR. (1)

girlintraining (1395911) | about a year ago | (#44078911)

See, that's the problem with TOR. It can't hide its exits nodes and blend in with all the other traffic. An exit node shouldn't look any different than any other http(s) request.

See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other.

-_- Dude, this isn't a problem with Tor. It's a problem with certain for-profit companies that hate anonymity. An exit node contains a sampling of all the Tor traffic in aggregate. Sure, the exit nodes are published... but so are your ISP's BGP routes. The difference is that unlike your ISP's traffic, which has your IP address tacked to every request, what comes out of an exit node doesn't.

Re:girlintraining advances do not track tech MOAR. (1)

Anonymous Coward | about a year ago | (#44078969)

It's a problem with certain for-profit companies that hate anonymity.

It's not just for-profit, I've banned all exit nodes on several non-profit community sites, because all TOR-traffic was bad traffic nobody wants.

Re:girlintraining advances do not track tech MOAR. (1)

Jane Q. Public (1010737) | about a year ago | (#44081279)

"See, that's the problem with Internet. It can't hide its gateways and blend in with all the other traffic. A gateway shouldn't look any different than any other."

Yes, it IS a problem with Tor. It CAN'T hide the exit nodes. The most well established of them are closely watched by government.

There are only a couple of answers to that, and preferably a combination of both: lots more exit nodes, or switching them on and off randomly. Lots and lots more exit nodes that are switched on and off randomly would be best.

The whole concept of Tor relies on exit nodes not being easily monitored. Easy or not, the government has been monitoring them. So make it not worth their while by multiplying the numbers of nodes.

Re:girlintraining advances do not track tech MOAR. (1)

Jane Q. Public (1010737) | about a year ago | (#44081291)

BUT... I have been saying for years that the only way to get a really safe and secure Internet is to invent a truly distributed DNS system. Anything else is too prone to government control and abuse.

Re:girlintraining advances do not track tech MOAR. (0)

Anonymous Coward | about a year ago | (#44080363)

Just looked at the tor exit addresses list at http://exitlist.torproject.org/exit-addresses [torproject.org] - what is in that 'ExitNode' string? There must be something somewhere that explains how to decode that and get some meaningful info from it, but I can't find it.

Re:girlintraining advances do not track tech MOAR. (1)

Jane Q. Public (1010737) | about a year ago | (#44081245)

"It's called Tor, and the more people who use it, the safer it becomes."

There's a potential problem with that. [slashdot.org]

While it is true that the more people who use it (or more accurately, the more people who host exit-nodes) the better, as it stands the government has been singling out those who use privacy-enhancing technologies, like Tor and encryption.

Bad, BAD Government! (Seriously, it IS bad. It's an attack on the whole "right to communicate privately" concept.)

Having said all that, the more people who use these technologies the better. I particularly recommend Tor [torproject.org] and OneSwarm [oneswarm.org] .

Re:girlintraining advances do not track tech MOAR. (1)

chihowa (366380) | about a year ago | (#44081503)

As much as I hate the Dice Holdings situation, Slashdot has banned Tor since long long before Dice bought them. At least as early as 2005, Slashdot was not allowing logins or posts from Tor exit nodes.

Slashdot (the company) is about as luddite as a tech oriented site can get.

Disruption (0)

Anonymous Coward | about a year ago | (#44078679)

From the first article:

Advertisers have criticized Mozilla's move. "They're putting this under the cloak of privacy, but it's disrupting a business model,"

If a business model is disrupted, doesn't that mean it's time to change to a new one?

Re:Disruption (1)

Dupple (1016592) | about a year ago | (#44078761)

Well, the advertisers could market their own browser that explicitly tracks and will not block ads.

How well do you think that would do Mr Advertiser?

Re:Disruption (1)

Cenan (1892902) | about a year ago | (#44079367)

Chrome

Unilateral and therefore doomed (1)

s1lverl0rd (1382241) | about a year ago | (#44078695)

This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla.

As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.

Re:Unilateral and therefore doomed (1)

kthreadd (1558445) | about a year ago | (#44078823)

The problem was there from the start. Do-Not-Track is built on the premise that most users won't know about it. Only those who have enough knowledge about the situation will go to the preferences and turn it on.

What we should have is legislation which says that you are not allowed to track unless a Do-Track header exists and is set to true. Let people opt in to tracking and see how many will do it. And if it's that important that you are able to track your visitors then by all mans check that the header is set and display a message saying that you want to track them in order to serve the content.

Re:Unilateral and therefore doomed (0)

Anonymous Coward | about a year ago | (#44078941)

They're the ones who started the arms race in the first place. Did you think Microsoft did that out of the goodness of their hearts? Hardly. It was the impetus necessary for DNT to fail, and Microsoft (a huge advertising firm) was smart enough to leverage it as a win-win scenario (kill DNT *and* earn mindshare for wanted to "protect privacy").

If trackers weren't such gluttons and behaved more responsibly as web citizens (not to mention in terms of consumer rights) they wouldn't have to whine so damn much about having their wings clipped. Their free ride is ending, and they're not happy about it. Soon they will have to ask permission before stomping all over end user's privacy to deliver them ads.

Re:Unilateral and therefore doomed (0)

Anonymous Coward | about a year ago | (#44078951)

As the summary mentions: the original Do-Not-Track effort only failed when Microsoft made the boneheaded, unilateral decision to make it the default. Starting out this way will only start an arms race between Mozilla and advertisers.

Except, the advertising industry never intended to honor DNT [zdnet.com] anyway.

Re:Unilateral and therefore doomed (1)

kthreadd (1558445) | about a year ago | (#44079053)

Which is why we need legislation that says that they should.

Re:Unilateral and therefore doomed (0)

Anonymous Coward | about a year ago | (#44079167)

Which is why we need legislation that says that they should.

I agree, but saying Microsoft killed a good thing here is just bollocks.

Re:Unilateral and therefore doomed (1)

Mr. Slippery (47854) | about a year ago | (#44079673)

This will simply not work - it's a technical solution to a social problem

When the social problem (spying on people in order to improve the mind control that is advertising) is an abuse of technology (cookies, Javascript), a technical solution can be appropriate.

Re:Unilateral and therefore doomed (2)

Jane Q. Public (1010737) | about a year ago | (#44081353)

"This will simply not work - it's a technical solution to a social problem (the article mentions the oligopoly currently in place). It's also a technical solution implemented unilaterally by Mozilla."

Nonsense on both counts.

It is not a "social problem". It's a corporate and government abuse problem. Those are 2 very different things.

And it's not implemented only by Mozilla. Safari has had the feature for a while, and there have been plug-ins that do this available on various browsers for at least a couple of years.

Further, Firefox has had a setting to turn off 3rd Party Cookies for a long time now. It's just not turned on by default (yet), but most people with half a brain use it. The other problem is that this setting only blocks "regular" cookies. Flash cookies and other kinds of persistent cookies require other measures.

But I have been blocking 3rd-party "regular" cookies and javascript for quite a while. And I didn't realize just how effective it was until I turned off cookie and flash blocking recently (temporarily, for technical reasons), and was inundated by 3rd-party flash ads and cookie requests and javascripts.

They can go suck eggs. I'm a BIG fan of blocking. It makes my quality of internet life significantly better. Really, it is pretty clear by now that any form local storage without an explicit opt-in should just plain be illegal. This doesn't go that far but it's a step in the right direction.

*FACE PALM* (1)

ProfessorKaos64 (1772382) | about a year ago | (#44078697)

We have been through this before. You can all you want at the browser level to ask the bullies to stay away, but they will just go on ignoring that and track you anyway. BOOM, rap song. Seriously, though, this is nothing new, and no slimy advert company is going to pay attention to the browser flag. Just get a Proy/VPN/Tor Connection already. For the uninitiated, just forget it. This is why man has crated the Tor Browser https://www.torproject.org/projects/torbrowser.html.en [torproject.org]

Re:*FACE PALM* (1)

arth1 (260657) | about a year ago | (#44078849)

This is why man has crated the Tor Browser

An apt typo. You cannot know whether the exit node is dead or alive until you get results, and must treat it as both.

Re: *FACE PALM* (1)

ProfessorKaos64 (1772382) | about a year ago | (#44078883)

Thanks for catching me there, doh.

Re:*FACE PALM* (1)

Jane Q. Public (1010737) | about a year ago | (#44081451)

Hahahaha! Best one I've seen all week!

PETA should be against tracking. (-1, Offtopic)

Anonymous Coward | about a year ago | (#44078711)

People are animals too and tracking is what you do to get a shot at an animal, or set up traps and/or lay in wait along their discovered paths. It is also done to put the animals in some form of enclosure leading to their sale for being a pet, food source, entertainment, other materials etc. If it is bad for the rest of the animals, shouldn't it be considered bad for the human animals of the world too?

So how about it PETA? You going to protest at ad-agencies etc? Going to paint some Ad-execs and CEOs?

Re:PETA should be against tracking. (0)

Anonymous Coward | about a year ago | (#44079119)

-1 Oh, my, found a fanboi with moderation points. Mmm, can't see down in that hole to tell which type of fanboi. Be it someone who profits from the rude and unnecessary tracking of humans? Confused PETA member? Petty government tyrant? Other? Combination of those?

Got another point to burn? I mean at least this one, up till now, is so much more a clear and obvious target in so many ways.

Fact remains, if you are going to track someone, they really first should have at least enough evidence to appear potentially guilty of something to get a real warrant issued or clear indications they are lost and needing rescuing and no, that don't mean by purchasing your product or service. Now a vendor tracking the purchases of a contractual customer with that customer's consent and limitations is also a possibility, but opt-in required, not opt-out required. Otherwise, leave the tracking targets to tasty animals not requiring cannibalism.

How is this different than (0)

Anonymous Coward | about a year ago | (#44078719)

Manually unchecking "Tools | Options | Privacy | Accept third party cookies", which has been supported at least since FFv3? Just that it's now unchecked by default?

Since most people are too lazy to configure their browser as long as they kept getting web pages, I see how advertisers would be upset by such a move. But I wouldn't call that an "advance in do not track technology".

Re:How is this different than (1)

kthreadd (1558445) | about a year ago | (#44078795)

It's the tyranny of the default. Most people don't know about it.

It's the same reason why advertisers want DNT to be off by default, because most users don't know that they can opt out.

Standard Mozilla Profile (1)

Anonymous Coward | about a year ago | (#44078833)

Can we get a standard profile to defeat this form of tracking:
https://panopticlick.eff.org/

(browser profiling, unique in my case to at least 1 in 2.5 million, and thus able to identify one person behind a session based NAT out of 2.5 million others).

Also first-time-exchange public keys for Thunderbird. There's a lot of things in privacy that Mozilla can do, that Google and others won't.

Not technology (1)

Hentes (2461350) | about a year ago | (#44078859)

Neither sending a DNT request, nor compiling a list of known trackers requires any new technology. Blocking third-party cookies is relatively efficient already, but doesn't work when the site collaborates with the advertisers to track you. Coming up with a solution to that would be actual development.
Making some settings default is simply a business decision, and a bad one at that. Users who don't take the trouble of changing a few settings probably don't care much about their privacy.

Re:Not technology (0)

Anonymous Coward | about a year ago | (#44078997)

Users do care about their privacy, they just don't know it's being impinged-upon. They only see a bunch of ads, and rarely suspect they're actively being tracked unless they have that uncomfortable moment of silence when they were just delivered an ad that hits a bit too close to home (there is an active area of research to help prevent serving such uncomfortable ads, rather than psychologically pleasant variants).

Good. Make them Squirm (2)

Secret Agent Man (915574) | about a year ago | (#44078909)

Do Not Track was silly, being opt-in and so on. And, surprise surprise, advertisers backed out when it started getting turned on by default. Now a fire is lit under their hindquarters since Firefox and Safari (and hopefully others) will simply do away with third party cookie support altogether. Taking away an advertiser's tracking tools is the best way to fight.

Re:Good. Make them Squirm (0)

Anonymous Coward | about a year ago | (#44079231)

The whole point of Do Not Track was not to be turned on by default. I can't help but think that Microsoft, themselves one of the big data trackers, undermined that agreement on purpose.

Re:Good. Make them Squirm (1)

Billly Gates (198444) | about a year ago | (#44081137)

By default it is turned on. The web server software is opt in. Advertisers quickly threatened Apache and gave patches and they caved in. So again they win and decide for us

Apache will disable it (1)

Billly Gates (198444) | about a year ago | (#44078933)

They already disabled IE10s dnt. I was surprised by the la k of outrage here but people defended the advertisers who fund apache as they hate ms more than Apache caving in to advertisers

Some sites block... (1)

QuietLagoon (813062) | about a year ago | (#44078977)

Some sites block you if you do not allow their cookies unfettered access. One example is target.com (the department store). You cannot get past the home page unless you open up your browser to all the cookies they want to place on your disk. It doesn't make sense for a store to prevent customers from using their website to shop.

.
Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?

Re:Some sites block... (1)

swillden (191260) | about a year ago | (#44079017)

Target needs to re-evaluate their purpose for having a website - do they want to use the website to place cookies on peoples' disks? Or does target want to use the website to sell merchandise?

Clearly, Target wants to track the users to whom they sell merchandise so they can sell them more merchandise. These aren't conflicting goals, unless users actually refuse to use Target's web site because they don't want to be tracked. But hardly any users refuse, so the net value to Target favors tracking. I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

Re:Some sites block... (1)

QuietLagoon (813062) | about a year ago | (#44079593)

unless users actually refuse to use Target's web site because they don't want to be tracked.

Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

Re:Some sites block... (1)

swillden (191260) | about a year ago | (#44079631)

unless users actually refuse to use Target's web site because they don't want to be tracked.

Target's website refuses entry for those customers who do not have tracking cookies enabled. It is Target's choice, not the customers'.

It's the customers' choice to enable cookies.

I'm sure Target has carefully evaluated the situation, and the result is the decisions they've made.

Yeah, preventing customers from walking through the main entrance and buy things is always a good thing for a store to do.

Sure it is, if it allows the store to profit even more from those who do come in. Are you also going to tell me that Costco is foolish for refusing entry to non-members?

Re:Some sites block... (1)

mjr167 (2477430) | about a year ago | (#44079493)

Simple solution: do not use Target's website.

Re:Some sites block... (1)

QuietLagoon (813062) | about a year ago | (#44079603)

Simple solution: do not use Target's website

Target has already made that decision for me --- they do not allow me to use their website.

Re:Some sites block... (1)

iggymanz (596061) | about a year ago | (#44081209)

don't shop at their store either. vote with your dollars and your feet...

Re:Some sites block... (1)

Mr. Slippery (47854) | about a year ago | (#44079657)

Simple solution: do not use Target's website.

Or use it, then delete the cookies. You are allowing only session cookies except for a handful of sites, right? Restart your browser, cookies go away.

Re: Some sites block... (0)

Anonymous Coward | about a year ago | (#44081385)

This just in -- most people leave their browser running for days or weeks at a times, and only restart when it crashes or a memory leak gets out of hand; of course a session can last even longer, as when you start chromium (and I assume other browsers) after a crash, it prompts you to resume the old session.

IMO browsers should really offer more useful options for "session" cookies, such as zapping them after an adjustable time without using that site (on the order of 10 hours sounds reasonable, but let the user set any time), preserving them over the now-rare browser restart, and letting these various behaviors be overridden on a per-site basis. (Naturally the same options must be available for persistent cookies, just with different defaults.)

Re:Some sites block... (1)

Stan92057 (737634) | about a year ago | (#44079967)

i have 3rd party cookies blocked and had no warnings from target. I do allow site cookies and run 2 ad blocker and nothing from Target

Re:Some sites block... (1)

Barefoot Monkey (1657313) | about a year ago | (#44080961)

I recommend configuring your browser to keep cookies only until you close your browser. This is quite easy to do in Firefox - go to the options, in the Privacy tab, and under the checkbox for whether to accept cookies there's a dropdown labelled "Keep until:". Set that to "Keep until: I close Firefox". Then you can grab something like Cookie Monster [mozilla.org] to make it easy to whitelist those site where you do want persistent cookies. Which browser are you using, by the way?

Block all third party content (0)

Anonymous Coward | about a year ago | (#44079007)

Google is tracking everyone through their "script library service", and web authors are stupid enough to believe that avoiding a single download of a 20kB file in a long time is worth serving their visitors to Google on a silver platter. There should be a warning every time a web site loads third party script, css, image or any other file, and the option to keep allowing third party content should expire every 7 days, so that users are repeatedly reminded if a web site uses treacherous content.

Re:Block all third party content (0)

Anonymous Coward | about a year ago | (#44079695)

a) you clearly don't understand the difference between tracking and (possible) logging. By the way, thanks to caching, visiting several sites using same script source will mean only one request and download - which means possible tracking points will be separated by week or how much it takes for cache to expire.
b) you clearly don't understand the difference between 1 user downloading 20kb and a million users downloading the same. 20Gb is stupid saving too? See also previous comment on caching
c) you clearly don't understand how many CDNs are used by every site. Your proposed warning would just annoy users and get turned off by majority in no time, like UAC in Vista. Even all icons on this page are from a third-party.

Re:Block all third party content (0)

Anonymous Coward | about a year ago | (#44080373)

a) Google can screw with the caching directives at any time and at least for some time they didn't actually send appropriate headers.
b) Trying to save 20GB with a million visitors by making your entire site depend on a third party service is indeed very stupid when the size of just a single page often approaches 1MB.
c) The web is as it is because third party content is not flagged as a potential problem. There's no reason why static content couldn't be served from the same domain as the rest of the page.

Start with (2)

Skapare (16644) | about a year ago | (#44079055)

Every domain name needs to be fully isolated from each other. This includes blocking link referrers (that misspelled Referer header), as well as cookies, that provide any info to one domain about another. So if you click on a link that takes you to another site, it should NOT include the Referer header at all, unless you opt in to that (which should allow opt-ing per domain).

Re:Start with (1)

Fastolfe (1470) | about a year ago | (#44079899)

Think this through, for a moment.

The advertiser and content provider are working together. The content provider wants ads on their site, and they want you to click on those ads, because the advertiser makes money, and shares that money with the content provider. The two parties have an incentive to cooperate. Both parties want those ads to be relevant to you, because that increases the chances you'll click on them.

Today, if you are known to the advertiser, but unknown to the content provider, you get shown relevant ads, but the content provider has no knowledge of who you are or what ads you were shown. This works because the content provider can embed content from the advertiser, and your browser identifies itself to the advertiser independently of the content provider by way of these cookies.

Without third-party cookies, advertisers and content providers are going to look for other ways to keep their ads relevant. The easiest way to do this is to work together to implement these as first-party cookies served by the content provider instead of the advertiser, and have the content provider share these identifiers with the advertiser, and be aware of the ads served to you. Do you think this is better or worse for privacy?

Re:Start with (0)

Anonymous Coward | about a year ago | (#44080401)

It's better for privacy because then the content provider can't claim innocence. Make web sites responsible for the crap they include with their pages.

Re:Start with (0)

Anonymous Coward | about a year ago | (#44080869)

look, it would be much better even for the site runners and the advertisers if the ads were funneled _through_ the site you're viewing and included from some other domain.

adblocking wouldn't be as simple as it is now though, but crossite wouldn't exist.

it would just need more code and traffic on the actual domain you're getting the content from - but, and here is a big butt, the content provider would be on the hook for compiling a database of what you do and would have to adhere to the privacy and data protection laws of wherever they are operating in. this would mean that an european site would need to adhere to local laws even in their advertising which is certainly something they are now not doing(since they are putting it as somebody elses problem because "hey, that stuff didn't come from us!").

Interesting Topic considering that on Slashdot (1)

Virtucon (127420) | about a year ago | (#44079775)

According to my Ghostery window right now for this page. I have blocked:

Three Double Clicks.
One Google Adwords
One Google Analytics
One Scorecard Beacon
and Four Jainrain

Anybody ever try it on Weather.com or CNN.com? Everybody is into tracking..

Apple my ass (0)

Anonymous Coward | about a year ago | (#44079833)

The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies.

Mozilla browsers have had the option to block third party cookies since before Safari even existed.

Don't believe crap like this unless you see a real source. A story in a newspaper--yes, even a famous newspaper--written by a journalist who doesn't know wtf he's talking about*, with no quote or citation to support it is absolutely NOT a credible source. Like corner-cutting hack journalists everywhere, he probably just heard about the Apple decision earlier and assumed they invented the idea. The stupidest part is that he had a good source right at hand--Brenden Eich!--but apparently didn't bother to ask.

*Journalists are generalists who work on tight deadlines. Unless they happen to be experts in the field, you can assume they don't know what they're talking about.

Advertisers (0)

Anonymous Coward | about a year ago | (#44080227)

are not gonna participate in anything that impedes them from collecting the user data that the want. Therefore the only way to not be tracked is to make it not possible for advertisers to track you and gather user info. All web browser developers should have done everything they could toward that end all along, starting many years ago.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>