by rjim86 on 12/19/12, 4:10 PM with 30 comments
by city41 on 12/19/12, 4:23 PM
EDIT: to be fair, the sister site: http://donttrack.us/, is closer to what I was expecting. But still vague and still feels like it's just trying to instill fear.
by asadotzler on 12/19/12, 6:49 PM
Things were looking pretty good for the industry embracing self regulation where advertisers would agree to respect the user's wishes and the user's wishes would be expressed by users making an explicit request through the DNT setting in their browsers.
Then Microsoft negated all that industry self-regulation progress by flipping the switch without user intervention. This undermined the beginnings of an agreement that would have advertisers respect the wishes of users voluntarily.
I don't understand their motivation -- maybe MS was counting on legislation to require advertisers to respect DNT, or maybe they saw this as a way to scuttle the talks between Mozilla, other privacy advocates, and the ad industry. Microsoft does, after all, have similar interests to Google in tracking users for advertising purposes. Maybe they just thought the PR win from telling people who didn't understand the DNT conversation that they were "private by default" was going to help them take back users from Firefox and Chrome (even though their move to do that undermined the whole effort.)
Those are just guesses at their motivation, but I cannot come up with any better explanations. Can you?
by jmillikin on 12/19/12, 5:37 PM
There's also the problem of how vague the spec is. For example, it states "A first party is a functional entity with which the user reasonably expects to exchange data", and then says that DNT should block non-first-parties from storing data about the user. So should YouTube be forbidden from logging in the user based on their Google cookie? After all, most users don't know that they're the same company, and wouldn't expect visiting YouTube to use information from Google. Same applies to any other "big company / acquisition" pair, such as Facebook/Instagram.
It would be much better to forbid the malicious behavior itself, such as by writing privacy laws that require companies to obtain explicit consent before distributing data collected from or about users. That would have stopped events like "I visited some random website and they knew my address!"
by glenjamin on 12/19/12, 4:26 PM
If I were to create a browser extension which added a "Do-Not-Charge-Me" header, without input from retailers, would I then be able to get annoyed that I still had to pay for my goods, despite having ticked a little box in the browser settings?
by dguido on 12/19/12, 4:26 PM
There's a tenuous relationship between DNT and DuckDuckGo too. On one hand you've got a small group of unknowns who profess not to keep logs (but who knows, right?) and on the other you have a slapdash attempt to regulate the ad industry. Use DuckDuckGo because it's a good search engine.
by azakai on 12/19/12, 6:27 PM
Eh? If the servers comply with the header, they won't actually track you. Not sure what the article is implying - that everyone will lie?
by prisonblues on 12/19/12, 5:05 PM
It's a bit heavier going that the DDG approach, and more euro-centric, but hopefully gives a decent understanding.
Any feedback or comments encouraged.
by thisthisthis on 12/19/12, 7:15 PM
As an idea I think DNT is quite strong. Do you agree?
Of course the implementation is incredibly weak, but isn't that a separate issue?
by pi18n on 12/19/12, 5:11 PM