EFF Coalition Announces New 'Do Not Track' Standard For Web Browsing

An anonymous reader writes: The Electronic Frontier Foundation, privacy company Disconnect, and several other organizations are publishing a new DNT standard. Partners in the coalition include: publishing site Medium, analytics service Mixpanel, AdBlock, and private search engine DuckDuckGo. Thought it's still a voluntary policy, the EFF hopes the new proposed standard will provide users better privacy online. "We are greatly pleased that so many important Web services are committed to this powerful new implementation of Do Not Track, giving their users a clear opt-out from stealthy online tracking and the exploitation of their reading history," said EFF Chief Computer Scientist Peter Eckersley. "These companies understand that clear and fair practices around analytics and advertising are essential not only for privacy but for the future of online commerce."

Oblig xkcd.

[sims 2]

Oblig xkcd https://xkcd.com/927/ [xkcd.com]

Re:

[siddesu]

Oblig DNT implementation: https://privatelee.com/search/... [privatelee.com]

Who cares!

[SeaFox]

Without the cooperation of the advertising industry this will be as successful as the last "Do Not Track" initiative.

Re:

[Anonymous Coward]

So, it's this time again of the week to mention the following browser extensions to help reduce advertiser tracking:

- Ad Block Plus, or some derivative
- No Script
- Ghostery

There are others, but those are the ones I typically have installed. You also should probably remove Flash if you don't need it, they collect tons of info.

Re:

[SeaFox]

Don't need to tell me. I already use AdBlock Plus and Ghostery.
I just see no reason to start any sort of "do not track initiative" when there are going to be slimy companies that ignore it anyway and even if there were legal requirements they follow it, they would just relocate outside the jurisdiction.

Re:

[mister_playboy]

Why would you use proprietary and advertiser-owned Ghostery when you could use the EFF's own Privacy Badger [eff.org] instead?

Re:Who cares!

[spire3661]

The advertising industry is the enemy. We need to start pushing back a lot harder. Computers are now designed as advertising machines, its time to end it.

Re:

[ShanghaiBill]

its time to end it.

Sounds good! Please let us know when you have your ad free alternative to Google ready to go.

Re:

[ShanghaiBill]

You're welcome. [duckduckgo.com]

Nope. According to Wikipedia [wikipedia.org]: Initially self-funded by Weinberg, DuckDuckGo is now advertising-supported.

Re:

[Xest]

Didn't Google get hammered by Apple users for ignoring some Safari setting and tracking them anyway though? If so why are other ad companies special, are they not just a similar court case away from a costly payout?

It seems that if your browser says "Do Not Track" and they track you, then they're flagrantly violating your privacy.

Sounds like it just needs people willing to take these guys to court just as Google was hauled through the courts.

Re:

[Richard_at_work]

No, Google got hammered for specifically circumventing a security setting on the browser side in order to do something (yes, the browser is also at fault, but in this case Google was doing something tantamount to exploiting a security issue) - which is entirely different to not doing something server side with data voluntarily sent by the browser.

The Google issue is entirely different to the advertising tracking issue.

Re:

[Richard_at_work]

You mean do it the proper way? As in ensure the browser doesn't pass on information you don't want it to pass on?

All this Do Not Track bullshit really is is you asking random third parties not to do stuff with the data you voluntarily and willingly hand over to them - surely it would be better they didn't have it in the first place...?

Hasn't this been done before (read P3P)

[mlts]

We already has a privacy initiative, something called P3P which fizzled. DNT went nowhere, and this project is probably going to go nowhere as well.

The reason is that there are many, many companies whose basis of existence is to intrude as much as they can on the user browsing a site. If they can inject adware/malware, they would.

Real DNT consists of AdBlock, click-to-play or FlashBlock, then keeping the Web browser separated from anything vital, be it in a VM, sandboxed, or both. That way, LSOs or other

Re:

[Dwedit]

That's all good and everything, until the first party sites start colluding with the third party sites to tell them what they've missed.

Re:

[citizenr]

LOL cooperation, all we need is EU announcing respecting DNT mandatory and spamming million euro fines.

advertisers followed DNT, browsers broke the proto

[raymorris]

Major advertisers starting following the DNT standard.
Then browser vendors broke the protocol, in such a way that it became useless.

The protocol was a way to say "this user chosen has opted out of any customizations, saved favorites, or other features that rely on cookies or similar technologies. This user wants more than the default level of privacy, and is willing to give up features which depend on cookie or other tracking."

When browsers started lying and sending a DNT headers for pe

by definition, default is what happens when unspe

[raymorris]

If you DON'T send any header specifying your preference regarding convenience versus privacy, you get the default behavior. That's the DEFINITION of default, what happens when it's unspecified. Think about that for second and you'll realize that's true (assuming you're not stupid, of course).

Since sending no extra header at all gets you the default behavior (by definition) , any extra header is useful only if it indicates something other than the default.

Therefore, for a browser to send extra headers sp

Re:

[SeaFox]

Major advertisers starting following the DNT standard.
Then browser vendors broke the protocol, in such a way that it became useless.

We need ALL advertisers to be beholden to follow a DNT standard, not just a few key players.
Otherwise you'll just end up with all the other advertisers suddenly getting bigger when companies flock to the ad agencies that have better access to consumers since they are not honoring DNT. This will likely be followed by the ones that did agree to honor DNT ducking out of the agreement, because there are so many companies not following the rules so the initiative is worthless they'll say. The whole thing will ju

Remember when microsoft tried to do DNT?

[sims 2]

Many ad networks ignore the DNT flag as microsoft made it the default on new installations. So they don't consider it a valid user opt out

Re:

[Anonymous Coward]

... which was exactly microsoft's intention, so they could push their own (list based) privacy system...

This is pretty funny.

[xxxJonBoyxxx]

Have you read the privacy policies of any modern web site? Almost all say "we do not pay any attention at all to any 'do not track' flags, cookies, etc."

Re:

[Anonymous Coward]

This makes me want to develop a sousveillance (no, that's not a typo) plugin.

Users with the plugin could aggregate various cookies and headers that get sent back from all sorts of websites and domains. These could be forwarded back to a centralized database, and a rule could be made for the contents of each one. The rule could then be used to generate fake values for that cookie. At this point, the plugin could also check with the server about each cookie it encounters and send back fake values on the next

Color me skeptical

[Anonymous Coward]

Asking nicely hasn't helped either side in this debate to any great degree in the past. How is it going to help this time?

No advertiser asked nicely if the users would prefer to see ads.

No user asked nicely if the sites would prefer to not get any revenue.

Few sites asked nicely if the user would allow their preferences to be overridden just for them. (I only know of Ars Technica, but I'm sure there were a few others.)

No sites asked nicely if browser makers would leave DNT headers turned off.

No advertiser as

Meh

[steelfood]

My DNT: Noscript, and Ghostery.

If I really, really want to avoid being tracked, I'd switch to TOR. But that's for medical and other very private stuff.

Re:

[mlts]

I'd add a Windows VM, sandboxIE and a VPN onto the list. It isn't as secure as TOR, but it does at least put a speed bump in place if someone is on your LAN trying to do shenanigans.

Eventually, I might put the VM on a vSwitch with a PFSense firewall, so I can set up a router ACL to drop all the bad sites there, but keeping the web browser running as a non admin user and in a sandbox will do a lot, and if there is some API calls that the sandbox program doesn't catch, it still has to get out of the VM.

Re:

[SuricouRaven]

With five laptops, four tablets and a desktop split amongst the family, it's a lot more practical for me to use a more central means. I've a transparent squid proxy that blocks a lot of the servers used for tracking.

Tell your kids this when you drop the net.

[deviated_prevert]

That your can't afford to use the net because someone broke in and stole the cookie jar. You surrender your rights to privacy when you use the net period. The crooks and advertising scam garbage will start to have no where to hide though because their use of cookies is easily traced and exposed so in a way the loss of complete privacy on the net is a trade off. Unless of course you trust Microsoft and Bing to not track you or take money from advertisers. LOL

The fox doesn't care...

[QuietLagoon]

The fox does not care if the sheep pass a law in favor of vegetarianism.

Re:

[Anonymous Coward]

Because gun control makes sense unless you live in an area that (you guessed it) lacks gun control. There's no sane reason to not try to keep our use of deadly weapons to a minimum. And no, it's not limited to guns, but all weapons; gun regulation in the States just happens to be a farce compared to most of the civilized world, no matter how many people pretend it's strict or that just because knives and cars are also deadly, guns can't be a big problem as well.

Re:

[KiloByte]

London has 7 times as much violent crime as New York, despite similar demographics.

Re:

[delt0r]

citation required. I have spent a lot of time in both places. Both places are peaceful enough. I find almost an order of magnitude difference in violent crime highly dubious. Unless London reports every pub brawl, and NY doesn't.

Re:

[Anonymous Coward]

New York and London have similar levels of violent crime. However, London has slightly more vehicle theft, but the New York homicide rate is almost 3 times that of London. Amazingly guns do kill people, who knew?

Re:

[Anonymous Coward]

How come so many geeks understand why DNT fails, but turn around and argue for gun control?

Advertisers already have logs of users who saw their ads. Many people who would do bad things with a gun do not have one yet.

You may argue that controlling the physical availability of guns is as hard as forcing advertisers to not log web requests. If you can prove this, then the analogy works. But without that argument you are missing a critical step.

finally

[The-Ixian]

I can just check a box, dust off my hands and feel safe in the knowledge that all the sites I visit are not tracking me... phew.

What nonsense!

[Anonymous Coward]

What's the EFF trying to pull here? The only way to enforce DNT is through aggressive blocking at our end. The damn advertisers can put up static ads, with links if they want, on the main page if they want us to see them. Anything more intrusive than that should simply be blocked and forgotten.

p3p works great!!

[netsavior]

P3P headers people!!!!

All you have to do is be on Internet Explorer, and trust that a website does what it says it will do in its cryptic http header that was generated by a discontinued, closed source IBM tool, what's the problem?

according to microsoft [msdn.com], only a few inconsequential websites like those losers at Facebook and Google use "technological trickery" to get around this very important abandoned web standard from 2002 that only Internet Explorer implements.

seriously the MSDN article I linked is

Why such efforts are fruitless

[Opportunist]

Do we mind the reputable advertisers? Hardly. And before any snide comments, yes, they do exist. Advertisers that understand that the only effect those in-your-face ads with blaring music have is that more people are getting pissed to the point where they start looking for a way to block that shit. Normal ads, banners and maybe even flashing banners, don't provoke that reaction. People load them and may even click them when the topic is interesting.

These are also the kind of advertisers that will honor such do-not-track standards.

And then there's the assholes that just want to abuse you for their gains. The kind of junk that comes piggy-backing with some "free" software that messes with your browser settings and invades your privacy. The kind you absolutely do NOT want.

And these are also the same assholes that don't give a shit about such DNT systems.

And as long as this is the case, people will use ad-blockers and of course they in turn won't give a shit about blocking the "good"... or let's say "less annoying" advertisers along with the real reason they install such content sanitizing tools.

"Honest" advertisers, if you really want us to believe in your DNT tech and not block you whenever we have a chance: Weed out the bad apples in your industry. Lobby for laws that outlaw such practices. For as long as these assholes are allowed to exist, we will block you, too.

Privacy Badger

[Trax3001BBS]

EFF has an ad/tracking blocker https://www.eff.org/privacybad... [eff.org]
  it's a brain dead little thing that sits unobtrusively in the menu bar of Firefox. It detects 3 trackers from /. so I block them, but my HOSTS file is what's really blocking what needs to be.

I installed it yet never really used it, noticed it one day (that's how unobtrusive it is) and now use it to block EA.COM while I play my games.

Actually I don't think it's blocking anything just telling me what it can as my HOSTS file is doing all the work, but for a real simple ad/tracking blocker it's ok.

Re:

[Trax3001BBS]

EFF has an ad/tracking blocker https://www.eff.org/privacybad... [eff.org]

I do need to mention I have the first version. I've never updated it, so my experience with it are of a very old version.

Re:

[Trax3001BBS]

I do need to mention I have the first version. I've never updated it, so my experience with it are of a very old version.

EFF has an ad/tracking blocker https://www.eff.org/privacybad... [eff.org]

Yes it's a repost (correctly this time) I don't wish to discredit EFF, I am speaking of a very old program.

Re:

[Trax3001BBS]

Can PrivacyBadger do 16 things hosts do for speed, security, & reliability:

5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
8.) Protect vs. spam
12.) Keep you off dns request logs

From a HOSTS advocate:
Only if one has that address in their HOSTS file to begin with.

Can't post what I want: Filter error: Lameness filter encountered

but 6 days of phone calls up to 6 a day, then hijacked to a PS3 to face this
http://i60.tinypic.com/2iiip3r... [tinypic.com]

Still don't know if I should report it to the FCC as at face value it's a violation of the Net Neutrally act. - an ISP can't redirect for profit, thing is I use OpenDNS.

Yes system was check very thoroughly (autoruns) nothing on my end.

In other news...

[angularbanjo]

Advertising Coalition Announces New 'Do Not Give A Fuck' Standard For Web Browsing