Author Topic: Do Not Track (Read 18802 times)

Tinman57 · « **on:** October 11, 2012, 08:32 PM »

The Do Not Track standard has crossed into crazy territory
The advertising industry wants to change the definition of Do Not Track into something Orwell would be proud of. One influential member of the W3C working group says he's lost the energy to go on. Is it time to kill Do Not Track?

http://www.zdnet.com...territory-7000005502

IainB · « **Reply #1 on:** October 11, 2012, 10:01 PM »

Legislators slam advertising group for advising members to avoid Do Not Track technology

Yes, but will legislators actually do anything about it?
(Sound of crickets chirping.)
-IainB (October 11, 2012, 03:50 PM)

When I first read about DNT in IE and saw what had been done and what was expected, I have to admit to skeptically thinking that it would be best to avoid the whole idea, and I switched it OFF in IE. I could smell a rat.
This was because I could not see that M$oft were a likely candidate as consumer champion for leading the revolt on this one, mainly because M$oft have historically shown themselves to be the ones who are always first in line to assault the consumer (or anyone else, for that matter) if it's for their own gain. They are an excellent corporate psychopath.

I reckoned that it was more likely that M$oft would be doing this for their own gain, and that it could probably be a deliberate effort to to effect a reduction in Google's advertising click revenues.

In any event, the DNT approach needed to get the buy-in of the advertisers, and again historically they have been able to demonstrate that, as a group, they are unlikely to be able to change their ways and not force their self-serving advertising strategies on the consumer.

IE suggesting that it was possible to "think philanthropy and empathy" with and on the consumers' behalf?
Yeah, right.

TaoPhoenix · « **Reply #2 on:** October 12, 2012, 02:03 AM »

I think I have a slightly different idea about MS and IE here.

For decades (!!) techies have wailed about the perils of Opt-Out. Remember the Toolbar craze of a while ago, and spending an hour de-toxing a user's/friend's copy of IE because they didn't see how to click "custom special advanced obscure install and make sure you toggle this weird little check box off"?

So while of course it's just a gamey-move, it sounds good for MS from the "security" perspective where a user will just be left alone to get on with their work. Then now cue the attack dogs. So it's not so much killing "this" standard as these are the first thrashings of the topic until something else emerges, hopefully better than abject consumer submission!

Renegade · « **Reply #3 on:** October 12, 2012, 02:56 AM »

I have nothing polite, constructive, or non-violent to say. Trying to argue with fools only proves that there are 2.

mahesh2k · « **Reply #4 on:** October 12, 2012, 03:15 AM »

I like the reasoning there. If you don't support economy with advertising, you're not american. Well I am not american to begin with and I don't like ad slapped on my face to suck my already limited bandwidth, be it from america or any other country or even my own country.

TaoPhoenix · « **Reply #5 on:** October 12, 2012, 03:57 AM »

I have nothing polite, constructive, or non-violent to say. Trying to argue with fools only proves that there are 2.
-Renegade (October 12, 2012, 02:56 AM)

In other news, Mouser receives an offer to rebrand NANY as "New Ads for the New Year!"

But actually that would make an awesome NANY app if it were technically possible: determine how much bandwidth is coming from ads and report it as percentages of bandwidth caps etc!

Stoic Joker · « **Reply #6 on:** October 12, 2012, 06:58 AM »

I have nothing polite, constructive, or non-violent to say. Trying to argue with fools only proves that there are 2.
-Renegade (October 12, 2012, 02:56 AM)

+1 - However (from the comments on the article) I do thing this guy is on to something:

Kool - Ade

It's time to stop swallowing the politically correct B.S. and DROP KICK worthless parasites like the DMA right out of our lives !

The DMA obviously doesn't give a rat's patute about consumer privacy OR browser standards other than the methods used to butcher them.

Let product quality and service once again be the corporate by-words which lead to strong showings and healthy profits rather than a competition for browser display space and computer resources engineered by the scummiest of bottom feeders.

I say let's move directly to browsers capable of switching off advertisements (some form of java & flash filtering maybe) and subsequently Blacklist servers that allow engineered work-around software.

.

materva
11 October, 2012 02:03

40hz · « **Reply #7 on:** October 12, 2012, 07:46 AM »

-----------------------------

Note: I couldn't help but notice something very interesting...

Uncle Sam can be seen as either leaning to the left- or the right - depending on which side you're standing on...

How American!

f0dder · « **Reply #8 on:** October 12, 2012, 01:06 PM »

Well, let's all collectively say F*CK YOU! to the advertisement companies by using a mix of AdBlockPlus and Ghostery... see how they like that. And set a custom X-DONT-TRACK-SCREW-YOU HTTP header

40hz · « **Reply #9 on:** October 12, 2012, 01:37 PM »

It gets worse although we shouldn't be surprised. Here's one of today's lead articles from OSNews:

Apple tracks iOS browsing behaviour by default
posted by Thom Holwerda on Fri 12th Oct 2012 11:35 UTC

Surprise, surprise - Apple, by default, tracks web browsing behaviour and location to better serve you ads. You have to specifically opt out of this tracking per individual iOS device that you own. Now we know why Apple has no problem with turning on 'Do Not Track' and not accepting tracking cookies by default: it has no effect on them whatsoever, because iOS 6 has its own independent user tracking mechanisms. Unlike what the Apple pundits claim, it's got nothing to do with respect for user privacy at all. Well paint me red and call me a girl scout: company selling ads tracks user behaviour. Shocker, huh?

$:-\$

Stoic Joker · « **Reply #10 on:** October 12, 2012, 02:51 PM »

And set a custom X-DONT-TRACK-SCREW-YOU HTTP header
-f0dder (October 12, 2012, 01:06 PM)

Hm...

...Can we tweak the header hard enough to make the ad server spit burnt cookies for a few cycles after we say hi?

MilesAhead · « **Reply #11 on:** October 12, 2012, 03:18 PM »

Hmmm, this reminds me. I need to get one of those badge shaped signs to stick on my front lawn. It says "I don't really have an alarm system. Don't rob me! It will make me mad!!"

IainB · « **Reply #12 on:** October 12, 2012, 04:45 PM »

And set a custom X-DONT-TRACK-SCREW-YOU HTTP header
-f0dder (October 12, 2012, 01:06 PM)
Hm... ...Can we tweak the header hard enough to make the ad server spit burnt cookies for a few cycles after we say hi?
-Stoic Joker (October 12, 2012, 02:51 PM)

The Internet Junkbuster used to do this and more. From memory, the features I used included:

1. act as a local proxy server for your browser.
2. had a blocklist file that used regular expressions to set up sophisticated filters, to filter out content you didn't want (was real easy to add stuff on the fly as you browsed); you could could add to or swap blocklists with other Junkbuster users to save having to duplicate effort.
3. sent "do not fetch" commands to webservers, so unwanted/filtered junk was not sent to your PC (thus reducing bandwidth utilisation - important for me as I was using slowspeed dialup connections in Asia at the time);
4. spoofed whatever you wanted into your HTTP header - e.g., mine said I was using an obsolete model of a Mac computer, an obsolete Mosaic browser, and email address [email protected], plus it said DO NOT TRACK);
5. collected all incoming cookies in a secure INBOUND cookie jar, and wouldn't send them out (unless you wanted to).
6. could send OUTBOUND cookies at random from a standard jarfile of previously stored cookies, which you could add to or swap with other Junkbuster users, thus frustrating the demographic objective of using cookies.

Refer also:

Tinman57 · « **Reply #13 on:** October 12, 2012, 06:22 PM »

When they first started this DNT BS I knew it wasn't going to work. How did I know you ask? Well let me tell you, you can't have the fox guard the henhouse, and that's exactly what was going on. They "expected" the marketers/trackers to see your DNT request and abide by it. Yeah, like that's going to happen......

MilesAhead · « **Reply #14 on:** October 12, 2012, 06:33 PM »

When they first started this DNT BS I knew it wasn't going to work. How did I know you ask? Well let me tell you, you can't have the fox guard the henhouse, and that's exactly what was going on. They "expected" the marketers/trackers to see your DNT request and abide by it. Yeah, like that's going to happen......
-Tinman57 (October 12, 2012, 06:22 PM)

Just like the Do Not Call phone list. Ah, here's my phone number. But whatever you do, don't call it! There's some logical fallacy there.

f0dder · « **Reply #15 on:** October 13, 2012, 04:50 AM »

And set a custom X-DONT-TRACK-SCREW-YOU HTTP header
-f0dder (October 12, 2012, 01:06 PM)
Hm... ...Can we tweak the header hard enough to make the ad server spit burnt cookies for a few cycles after we say hi?
-Stoic Joker (October 12, 2012, 02:51 PM)

Good idea, but I doubt we'd be able to come up with something that could actually DoS their servers - the best we could do is probably to generate bogus tracking events.

Which could actually be interesting enough... Omniture, for instance, has a pay-per-event model. We could make tracking an expensive affair for a select handful of companies :-)

40hz · « **Reply #16 on:** October 13, 2012, 08:27 PM »

generate bogus tracking events.
-f0dder (October 13, 2012, 04:50 AM)

A loaf of bread
A jug of wine
And you by my side
My little Raspberry Pi
Generating fake tracking data 24x7

Yup. That's what the cloud and homebrew clusters are made for...

Besides, DoS attacks are illegal. But pushing a ton of bogus tuples into cyberspace is no crime.

IainB · « **Reply #17 on:** October 14, 2012, 03:10 AM »

generate bogus tracking events.
-f0dder (October 13, 2012, 04:50 AM)
A loaf of bread
A jug of wine
And you by my side
My little Raspberry Pi
Generating fake tracking data 24x7
Yup. That's what the cloud and homebrew clusters are made for...
Besides, DoS attacks are illegal. But pushing a ton of bogus tuples into cyberspace is no crime.
-40hz (October 13, 2012, 08:27 PM)

What a superb idea! I like it.

Takes the JunkBuster random cookie jarfile approach to the next level - and then some!

Renegade · « **Reply #18 on:** October 14, 2012, 03:40 AM »

Besides, DoS attacks are illegal. But pushing a ton of bogus tuples into cyberspace is no crime.
-40hz (October 13, 2012, 08:27 PM)

Hmmm... I kind of wonder if sending along referrers (in the headers) that go to kiddie porn sites would get the bots to download anything to check on the oddity there, and then if they could be ratted out for having kiddie porn on their servers... If you're going to send bogus data, might as well poison it!

40hz · « **Reply #19 on:** October 14, 2012, 06:02 AM »

If you're going to send bogus data, might as well poison it!
-Renegade (October 14, 2012, 03:40 AM)

Highly cathartic! But much too obvious - to say nothing of abandoning the moral high road in this battle.

No...maybe just a little something to boost per click fees up to the point where trackers become too expensive? Or introducing enough noise into the signal to make trackers far too unreliable for businesses to benefit from using them anymore?

Besides, attacking supply is usually a suboptimal strategy. Far more effective is to discourage demand. IMHO, the most effective way to stop this nonsense is to help reduce demand for it by introducing some nonsense of our own into the mix.

joiwind · « **Reply #20 on:** October 14, 2012, 07:52 AM »

Here are some comments from the Abine.com - the DoNotTrackPlus extension developers :

Most advertisers don’t interpret the “Do Not Track” signal from your browser to mean “stop collecting your data.” Unless you’re using a privacy tool like our free DoNotTrackPlus, most advertisers are collecting and selling your data even if you’re using your browser’s built-in Do Not Track or private browsing mode. Even if advertisers get your Do Not Track signal from your browser and agree not to target you with ads, most of them will still collect and sell your data, allowing them to profit in other ways.
Not all Internet users will enable Do Not Track. Some people will choose not to, while most won’t know they have a choice if browser makers continue to make Do Not Track settings hard to find. (To find and turn on Do Not Track in your browser, check out our explanatory guide.)
It’s completely voluntary for websites to follow your request not to be tracked, and the vast majority of them do nothing when they receive it. As it stands, a website has no obligation to respond to a Do Not Track signal, and the few that do respond don’t have uniform standards. However, Twitter is one of the notable standouts that supports Do Not Track to limit data collection.
Most of the money from targeted ads doesn’t go to content providers, like news websites. The ACLU testified that 80% of the money advertisers make from targeted advertising doesn’t go to the content providers and publishers. Instead, it goes towards developing better targeted advertising. It’s similar to London’s controversial congestion charge, where roughly half the highway tolls collected pay for the administration costs of running the tolls. Maybe this is why many of the biggest publishers, like the Wall Street Journal and the New York Times, support Do Not Track: it won’t cut into their revenue (and it supports their readers’ privacy).
Considering the facts above, it’s generous to say that targeted advertising is even 15% of the ad industry’s revenues. In fact, business is booming for the online ad industry: their revenues have increased by 530% since 2002 ...

Anyone here using DNT Plus instead of Ghostery, anyone trust it in the light of the posts in this thread ?
I have/am trying/using both and they generally both give the same results (although sometimes DNTPlus finds more than Ghostery) - but there remains the question about op-out cookies (I did read somewhere on the Abine site that they will be phasing these out in the near future).

So, comments please ?

Stoic Joker · « **Reply #21 on:** October 14, 2012, 08:13 AM »

Besides, DoS attacks are illegal. But pushing a ton of bogus tuples into cyberspace is no crime.
-40hz (October 13, 2012, 08:27 PM)

You have no idea how happy that statement just made me.

f0dder, how's your schedule look..?

Tinman57 · « **Reply #22 on:** October 14, 2012, 06:48 PM »

Anyone here using DNT Plus instead of Ghostery, anyone trust it in the light of the posts in this thread ?
I have/am trying/using both and they generally both give the same results (although sometimes DNTPlus finds more than Ghostery) - but there remains the question about op-out cookies (I did read somewhere on the Abine site that they will be phasing these out in the near future).
So, comments please ?

I gave up Ghostery for DNT Plus when DNT+ came out. It does a lot more than Ghostery and is configurable. Only caveat is if you want to configure it, you have to "Read The Docs". lol

Depending on how you have your cookie handling set up in your browser, you really don't need cookie handling in DNT+. I have mine set up to block all 3rd party cookies and not to allow persistant cookies. DNT+ takes care of the tracking cookies for me.....

tomos · « **Reply #23 on:** October 15, 2012, 07:31 AM »

Re Ghostery & Trackerblock (from another thread):

I ... switched out Ghostery for TrackerBlock, on the theory that even if "less evil", Ghostery is run by an ad company, and hopefully PrivacyChoice.org ... isnt?
-TaoPhoenix (October 06, 2012, 07:46 PM)

f0dder · « **Reply #24 on:** October 15, 2012, 11:19 AM »

Re Ghostery & Trackerblock (from another thread):

I ... switched out Ghostery for TrackerBlock, on the theory that even if "less evil", Ghostery is run by an ad company, and hopefully PrivacyChoice.org ... isnt?
-TaoPhoenix (October 06, 2012, 07:46 PM)
-tomos (October 15, 2012, 07:31 AM)

PrivacyChoice is also a commercial entity - I dunno if I'd choose one of the two over the other... and something about PrivacyChoice seems fishy (not the least running a commercial site on a .org address), but opt-out cookies? I am to trust that anybody respects those? LOL! In general the addon seems to be focused more on cookies, than to keep from executing javascript or loading tracking beacon images, which is what Ghostery does.