Microsoft Wins Congressional Backing For Do-Not-Track Default In IE10 147
An anonymous reader writes "Thought Do Not Track was strictly a geeks' issue? Think again. After Microsoft was slapped down for enabling DNT by default in Internet Explorer 10, the co-chairs of the US's Congressional Bi-Partisan Privacy Caucus have sent a strongly-worded letter to the W3C urging it to reconsider. As webdev360.com points out, it's an interesting (unprecedented?) example of Congress interacting with the standards body: 'Whether members of the [working group] will take kindly to the Representatives' interference remains to be seen. Ed Markey's legislative director, Joseph Wender, has brought the letter to the attention of the group's mailing list, but, as of the time of writing, he hasn't received any replies.'"
Those are some serious consequences (Score:5, Funny)
If they don't change their ways, they may get another strongly worded letter about it!
Re: (Score:2)
Teacher: "We sent the Emperor a strongly-worded petition."
Knight: "What is 'a petition'?"
Teacher: "It's a kind of a plea."
Knight (talking to himself, writing it down into a diary): "They sent the Emperor a strongly-worded plea."
Re: (Score:3)
Let me guess who they'll exempt.
1. Themselves
2. Anyone associated with the government.
So why bother.
Re: (Score:2)
Don't forget...
3) Super-Pacs / Political Advertisers
4) Non-profits and charity
Re: (Score:2)
Don't forget lobbyist, lobby companies, and large donation companies, individuals, and whomever they want to add to the list.
Re: (Score:3)
If they don't change their ways, they may get another strongly worded letter about it!
I suppose that's fitting, given that Do Not Track is absolutely nothing more than a strongly^W weakly worded letter anyway.
Everything surrounding the feature is a complete joke, from Mozilla introducing it in the first place to people who think it will really make even a small difference. Do Not Track is absolutely the same as walking around a bad neighborhood with a Do Not Mug sign hanging around your neck. It will not work.
For everyone babbling about "if everyone does it then advertisers won't respect i
Re: (Score:2)
If it's really useless, then why is W3C opposing it and Microsoft's plans to enable by default?
Increase in tracking (Score:5, Interesting)
Do Not Track for Windows Update (Score:1, Flamebait)
Maybe MS can disclose just how much tracking they do everytime a Windows installation phones home for Windows Update.
Re:Do Not Track for Windows Update (Score:5, Informative)
While playing closed-minded open-source Microsoft-bashing zealot on Slashdot is, in the eyes of many here, a route to being cool -- if you want to know, you could always use Google, Bing, or just run Fiddler and look for yourself.
The protocol is fully documented by Microsoft and not hard to find if you have some keyword ninja skills and a search engine.
Re: (Score:2)
Re-read my post. It's not what is being sent, it is what's being kept and tracked.
Re:Do Not Track for Windows Update (Score:5, Insightful)
Re-read my post. It's not what is being sent, it is what's being kept and tracked.
Look at the protocol. They can't keep more than is in there.
Re: (Score:3)
Which is way more than what your cookies gives away, including your complete list of software installed, MS specific information on licensing, and other bits of information which gives Microsoft the ability to track you via the IP address used to contact the Windows Update servers.
So how much of this is being kept, and for how long? Would you care to share?
Re: (Score:2)
and this can be bypassed rather easily by
1 grab an update set using WSUSOFFLINE
2 use that media to do your updates
3 and an undisclosed number of OTHER computers
4 rinse and repeat as needed
Re: (Score:2)
So why can't I have Do Not Track as default for that as well?
Re: (Score:1)
Microsoft may have certain patents on business models that will be enhanced in value if freewheeling competitive models are squelched.
I hate to be cynical, but corporations rent-seeking to hamper competition is the problem, not the solution.
if they care about it so much (Score:5, Insightful)
why don't they make it into a law that you have to have a "TRACK ME PLEASE" cookie for it to be legal to track your flow through multiple domains..
Re:if they care about it so much (Score:5, Informative)
Mozilla discussed that DNT would have no value if enabled by default -- https://blog.mozilla.org/privacy/2011/11/09/dnt-cannot-be-default/ [mozilla.org]
Microsoft will undermine DNT if they enable it for everyone.
Re: (Score:1)
Perhaps most people do not want to tracked? If people want to be tracked, let them opt in.
Re:if they care about it so much (Score:5, Informative)
it is 100% optional to follow the "Do not track" flag. If it's on by default it'll be ignored by default. If it's only on by a % of people that care then it will have a better chance of being followed.
Re: (Score:2)
You really believe that?
Why would an advertiser reduce his exposure voluntarily?
It needs to be on by default, with massive fines for ignoring it. Seriously, have all those zombie apocalypse movies eaten away the brains of the /. crowd? Since when do we accept opt-out as a viable way? Haven't we concluded this discussion 10 years ago and agreed very strongly that opt-in is the only way that will not be massively abused?
Re: (Score:1)
"a better chance than zero" doesn't mean much.
Make it illegal to track people against their consent, put the onus of proving that consent on those doing the tracking, and then do stings and actually put people behind bars. That would still not "solve the problem", but it would be more than a joke.
But oh wait, that's not possible, it would involve too many 3 letter agencies. So instead, have some stuff that doesn't matter at all, and argue about it. Go to court over it, fight the good fight, la-di-blah.
Re: (Score:2)
Re: (Score:2, Insightful)
This isn't the usual opt-in vs opt-out issue. DNT is explicitly trinary: yes/no/didn't_say. DNT is itself just a form of communication, not a policy imposed upon advertisers (yet).
If you default people to DNT:1 without asking them, you are actually undermining DNT for people who did actually want to answer Yes.
For Christmas, would you like
?
You're saying everyone should
Re: (Score:3)
So only those elites who know about the feature will have its protection? It sounds like you're saying that _you_ want protection from tracking and you will only get it if the masses aren't smart enough to turn it on.
The solution if you don't want it on by default is to ask the user when the browser is installed. Most users don't even know that options exist on browsers, so any privacy or security options should always be set to the default that is best for the user and not best for corporations/advertise
Re: (Score:2)
DO we care? (Score:2)
On the street, everyone says they want fair government. In the voting booth, everyone says they don't care.
On the street, everyone says they don't want to be tracked. In the preferences window, everyone says they don't care.
When you say most people do not want to be tracked, I just don't know whether or not to believe you. You understand my confusion, don't you?
My fellow Americans, you have public and informa
Re: (Score:2)
There is apathy and then there is ignorance. The vast majority of computer users do not know there are options in this regard or how to change them.
Re: (Score:2)
facebook.com
Re: (Score:2)
Then if on-by-default is disallowed we need to have browsers that pop up a request during installation that asks the users if they wish to opt-in or opt-out. Leaving it as a hidden feature that only a a minority of users know about is absurd. This is why opt-in is so popular with businesses because they know most people won't even know there is an option.
Re:if they care about it so much (Score:4, Insightful)
Mozilla discussed that DNT would have no value if enabled by default
Mozilla, who gets about 90% of their income [computerworld.com] from Google, sides with Google on this one?!? What a shocker!!
Re: (Score:2)
No, they're right on this one. No on is required to implement Do Not Track (advertisers could choose to ignore it). Right now they're going along with it for PR reasons, because it doesn't really cost them anything (people who click "Do Not Track" wouldn't click their ads anyway). However, it everyone sends DNT headers, how make ad companies will willingly support that?
Like other people have mentioned -- if Congress wants DNT as the default, it needs to be required by law. Otherwise, making it the default m
Re: (Score:2)
Like other people have mentioned -- if Congress wants DNT as the default, it needs to be required by law. Otherwise, making it the default means making it meaningless.
Yeah, and getting a law passed in the US is like impossible man. What group of people could do that?
I generally have zero trust in MS, but I applaud [photobucket.com] them on this move. Whether it pans out or not, you have my most sincere thanks for the effort Microsoft.
Re: (Score:2)
You applaud them for their efforts in making DNT useless? You need to understand -- If they do this, it won't help privacy, it will just make DNT meaningless (since no one will support it).
Re: (Score:2)
Re: (Score:2)
Although they have obvious bias, I believe that they are right on this one. On by default, ignored by default.
Re: (Score:1)
I wonder what's behind that reasoning from Mozilla.
It's not like it would be very complicated to make a feature in the bro
Re: (Score:3)
No, more like enabling it by default will undermine their revenue stream from Google. There is no good reason why being tracked should be the default other than to please ad companies.
Re: (Score:2)
https://blog.mozilla.org/privacy/2011/11/15/deeper-discussion-of-our-decision-on-dnt-defaults/ [mozilla.org]
Re: (Score:2)
Does Mozilla Prompt the user to make that choice on initial setup? Nope. They're expecting users to know that there is an option to not track.
Frankly, what MS should do (as well as any other browser for that matter) is ask when you first install IE10 if you want to turn DNT on with the default being off. It will give Ad firms the off as default setting they want from browsers as well as give Microsoft the result they want (DNT On for the majority of users) since I'd bet that anyone that reads it will click
Re: (Score:2)
Re: (Score:2)
I understand Mozilla's argument. But I don't agree with it.
DNT has two tracks: Either a small majority of users will enable it and it will be honored by all web sites (highly unlikely) or a large majority of users will enable it and web sites will continue to operate as it currently does. In both scenarios, the end user is relying on a third party to honor a wish.
When it comes down to the almighty dollar, companies have absolutely no incentive to actually comply with DNT. Unless DNT comes with the punish
Re:if they care about it so much (Score:5, Insightful)
FTC - Google - Safari (Score:2)
While there were some finer points to the case, how does all that fit in with the FTC investigating Google's 'circumventing' of Safari's 'privacy' options?
http://tech.slashdot.org/story/12/05/04/2156218/google-facing-ftc-fine-over-safari-privacy-breach [slashdot.org]
Re: (Score:2)
Adhering to it is not mandatory.
The second the first advertiser ignores it is the second it ought to become mandatory, with fines equalling the ridiculous amounts the MAFIAA asks for copyright infringrement.
Re: (Score:2)
yes, but it's a law making organ that's now bitching about it.
they could make a law that would make all tracking opt-in mandatory, not sending stern letters about dnt that has nothing to do with them.
if it's on by default or not wouldn't affect too much that it will be ignored by advertisers.
Re: (Score:2, Troll)
Because then 80% of the internet websites you love to see for free will cease to exist as their advertising revenue stream dies. I'm sure you'll have no problems paying for all those sites, right? Just like slashdot users just loved it when the NY Times put up a paywall.
Re: (Score:1)
Advertising in no way requires tracking. Stop being such an obtuse douche.
Re: (Score:2)
Advertisers pay higher rates for more targeted advertising.
So rates would go down, but ads would have to go up because they'd be less effective.
Advertisers would be mad, websites would make about the same.
Ads don't increase the amount consumers spend - they influence consumers choice of where that money goes. If each ad is individually less effective, the balance is maintained and advertising's total effectiveness won't change. If each ad is individually more effective, the balance is maintained but we've taken probably the most important step to a totalitarian state, since this tracking data is a candy shop for the government. It's an arms race that provides no net benefit and your privacy is the cost.
Re: (Score:2)
Re: (Score:2)
Why not use ghostery and use browsers' built-in cookie settings?
Do Not Track, Do No Evil, they're all the same. (Score:2, Interesting)
While I applaud MS for their privacy efforts, I am cynical, and I largely see this as a marketing move on their behalf. They've seen how Google has copped some flak over privacy concerns, and it's obvious they want to position themselves as the privacy-respecting alternative. But I have no doubt that if Bing and Microsoft's cloud services become as popular as Google's, they will mine every last bit of data they can get their hands on.
They're all as bad as each other, says I.
Re: (Score:1)
I don't give a shit why they're doing it. I'm just glad *someone* is.
I mean, WTF, the W3C is *opposed* to this?!?!? Did Google bribe them or something?
Re:Do Not Track, Do No Evil, they're all the same. (Score:5, Insightful)
If it's the default, there will be virtually noone who turns it off...
Those who care about privacy will leave it on, those who don't care won't even realise the option exists.
Subsequently, advertisers will ignore it because it becomes fairly meaningless, and not ignoring it would lose them potential eyeballs who don't care about being tracked. So the feature just becomes worthless.
On the other hand, if its off by default then only those who care about privacy will turn it on. Advertisers are quite happy to lose these eyeballs, as these people would generally not respond to advertising anyway. Everyone wins.
The whole purpose of the DNT header is to allow users to make a statement of "I do not want to be tracked", but if you make it the default it will just be a statement of "I have probably not bothered to change the default settings and most likely don't even realise such settings exist"
Re: (Score:2)
On the other hand, if its off by default then only those who care about privacy and know about this option will turn it on.
There, fixed that for you.
The people who know about this option are those that know how to install Adblock or Noscript in the first place.
So the as long as DNT is not on by default, it hardly makes any difference for the advertisers, but they can claim that they respect the wishes of the users.
Meaning if DNT is off by default it is mostly meaningless.
Re: (Score:2)
Is it so hard to pop up a dialog that requires the user to make a choice?
Re: (Score:2)
Minor replacements:
If we move for opt-in, there will be virtually noone who actually opt-in.
Those who care about privacy will opt-out, those who don't care won't even realize the option exists.
Subsequently, spammers will ignore it because it becomes fairly meaningless, and not ignoring it would lose them potential victims who don't care about being spammed. So the feature just becomes worthless.
Yes. Was that kind of what we all came to agree upon when it comes to UCE/spam? Opt-out is an open invitation for
W3C? (Score:1)
Why the fuck would the W3C care about this feature in a browser?
Re: (Score:3)
Because their job is to help standardize browser features?
Why did W3C oppose this to begin with?!?!? (Score:3)
Does anyone have any idea why the W3C opposed this? It seems like a no-brainer.
Never thought I would stand with MS over the W3C, but there you have it.
Re:Why did W3C oppose this to begin with?!?!? (Score:5, Informative)
Re: (Score:2, Insightful)
Pointless argument, if advertisers don't ignore DNT in the first place they will definitely start doing so as soon as it puts a dent in their statistics, default or not.
So long as there is absolutely no penalty for ignoring it, nobody will honor it.
If DNT can be ignored... (Score:2)
then the spec is worse than useless. I admit I did not read it. My current understanding is this is just a stupid cookie.
I have a better proposal. Why not make it easier for users to block "third-party" cookies, i.e. cookies sent from domains different from the current page domain. *That* would block advertisers from tracking you. Also, a javascript hook triggering a nice UI for OpenId sites to ask users if they want to whitelist them for login purposes.
Re: (Score:2)
Hah. Mozilla can't even seem to land THAT basic functionality. After 14 versions, I still get two dozen (no hyperbole) "Confirm Setting Cookie" prompts for the same goddamn cookie, even when I check the "use my choice for all cookies from this site" box.
"Oh, I thought you meant all the OTHER cookies. Tee hee!"
Derp.
Re: (Score:3)
Look, all specs can always be ignored by an implementation. The only things preventing that are actual legislation to the contrary, public embarrasment, and desire for interoperability.
The third of these is not an issue here. Making DNT default undermines the second (because it becomes easier for advertisers to justify ignoring it in the court of public opinion). So unless there's motion on the first option (legislation), making DNT default just reduces its usefulness.
Re: (Score:2)
then the spec is worse than useless
The story is a bit weirder; last year three competing proposals for do not track mechanisms [theregister.co.uk] (from Google, Mozilla and Microsoft) were submitted to W3C. The proposal accepted by the W3C was Mozilla's, despite the fact that it's completely broken. I can't understand why it was even proposed, and even less why the W3C chose it over better alternatives. That bad design is what the kerfuffle is about now: W3C and Mozilla have realized their protocol is not worth a damn, and that ad servers will just ignore it, b
Re: (Score:2)
Thanks for the wrap-up!
Re: (Score:1)
Re: (Score:1)
Does anyone have any idea why the W3C opposed this? It seems like a no-brainer.
DNT requires the cooperation of advertisers to work. So think thru this from an advertiser's perspective: if DNT is enabled everywhere by default, that cuts my business off at the knees and I have no more reason to respect DNT than I do all the people who say "pretty-please-don't-track-me". OTOH, if DNT is only enabled by the ~5% of people who cared enough to take the extra 10 seconds to turn it off, than maybe I should respect DNT to avoid future lawsuits/legislation/villification writ large.
DNT is not a
Re: (Score:3)
To encourage sites that track users to voluntarily respect DNT: if it is on by default, no one will respect it server side. If it is an active choice of the user, there is better chance at gaining support from advertisers and others who track user data, who almost universally oppose opt-out DNT (which equates to opt-in tracking), but generally are willing to accept opt-in DNT (which equates to opt-out tracking.)
Its interesting to note that while MS-the-brow
What the fuck? (Score:5, Insightful)
Unless they're planning on adding the force of law to the DNT bit, all this will do is make advertisers ignore it (and, they could argue, rightfully so since they couldn't be certain that people turned it on of their own volition).
Microsoft could pop up a dialog asking, but even then, who exactly is going to click "yes, track me"? Perhaps they should get together with some people from the advertising industry to come up with some fair copy that explains the benefits (targeted ads mean that you receive ads that will more likely interest you, after all) and drawbacks of cross-domain tracking, to ensure a semi-educated choice on the part of users.
If they just turn it on and don't ask about it though, expect it to be yet another technology extinguished by poor Microsoft engineering decisions. (I was kinda hoping we were past that, guys.)
Re: (Score:2)
Re: (Score:2)
What exactly are the drawbacks of advertising networks interest-preference cookies?
Reverse question: What are the benefits? If you show me real benefits (and not some "hand-wave" about them* being able to show me ads that are for things that I want to buy) I will stop caring about my privacy.
To answer your question: I perceive that letting businesses have my private information leads to a sharp increase in junk mail, unwanted telephone calls, and spam e-mail which are three areas where I NEVER want to see advertizing -- accept from the 2 or 3 stores where I already spend significant am
Re: (Score:2)
That answer isn't a handwave. It's THE reason for interest based tracking. I understand that web sites are funded by advertising. So if I'm going to see adverts, they might as well be for services that interest me instead of crap that I don't care about. That's the benefit, right there.
Your "perceptions" about online advertising are based on paranoia, not reality. Web advertising companies don't have access to your postal address, telephone numbers or email addresses. All they know is requests arrive with a
Re: (Score:2)
Unless they're planning on adding the force of law to the DNT bit, all this will do is make advertisers ignore it (and, they could argue, rightfully so since they couldn't be certain that people turned it on of their own volition).
And that's when I very strongly want the full force of the law to come down on those advertisers.
DNT signals a preference. It is NOT the job of the advertisers to decide whether or not I really mean it. Their job is to comply. If they don't, my personal vote is for fining them on the same ridiculous scale that copyright infringement is fined. Say, $50,000 per incident. That means per page that I view where they ignore the DNT flag, and if they have two banners on the page, twice.
Yes, I am serious. Draw a li
Re: (Score:2)
You didn't read or didn't comprehend what I wrote.
DNT signals "do not track me". How and why it is turned on is not your business to interpret. Maybe I turned it on intentionally, maybe my cat did it, maybe it is the default setting. That does not matter. The signal is there, obey it.
MS is actually doing the right thing here, and I never thought I'd say that about them. For decades we geeks have argued that opt-IN is the only workable model when it comes to spam. Tracking is not so different. The default sh
smoke and mirrors (Score:2)
microsoft loves to track its users and compile lots of user/usage data... and not just browser users.. DNT on by default makes them look like the good guys.. when we know they aren't.
similarly...
google makes more than some countries' GDP using user tracking data to maximize their profits. adding DNT to chrome makes them look like the good guys.. when we know they aren't.
smoke and mirrors.
___
DNT relies on compliance by the web site and server operators -- something that cannot be forced, legislated, or even
Makes Sense (Score:3)
Re: (Score:2)
and this is just part of the reason I use Ghostery and Noscript in Firefox. For the home network, my router includes a filtering proxy server as the gateway, thus as we become aware of the domains doing the most invasive tracking, I block them there. Seems to work quite well and the system I'm using for this is an old HP Pavilion based on a 700Mhz Celeron (P3 era) with 512 Ram. Hell power consumption is about the same as the last wireless router I'd bought while the performance is far better.
Re: (Score:2)
The smallest powersupply in a Pavilion system of that era was around 120W. My router has a 5w wall wart. I think you may want to re-evaluate the power usage.
Re: (Score:1)
I would be wary to use that as a router unless it runs OpenBSD and is super locked down tighter than a virgins ass. All the malware scanners that infect an unpatched machine in 4 minutes use x86 specific assembly.
One good reason to use a dedicated router with a mips or arm processor is that it can't be infected this way and the firmware and software with it lock them down very tight.
There is also Tomato if you like hacking which is a linux distro designed for Linksys routers
Re: (Score:2, Informative)
Re: (Score:1)
Thats what I am thinking.
They are truly scared of losing their prized jewels with IE. Microsoft assumed since IE 9 was good that all of the suddent the mass migration to firefox and then Chrome would stop or even reverse.
As good as IE 9 is the trend just continued. Since people are worried about privacy I think MS is desperately trying to grasp on anything that makes it supperior over its competitors. Unlike Netscape they can't catch up with Chrome.
First they came for the ICANN (Score:2)
Now they are testing the W3C. Do not track is a popular and easily understandable topic so they can make people believe that they know better than an independent standards organisation.
Strongly worded letter. Fap fap fap. (Score:2)
If Markey and Barton want to actually do something, how about some legislation requiring companies to honor the DNT flag?
Oh, right - That would actually risk backlash from their corporate owners. Instead, they get to look like the good guys right before heading off to a night of hookers and blow sponsored by DoubleClick.
The system hasn't broken - The system si
What this really means.... (Score:1)
....don't use IE10 if you don't want to be tracked.
Congress has nothing to do? How about WARS? (Score:1)
All this nonsense is going on in Congress, while Ron Paul is introducing yet another bill to enforce the Constitution, and prevent the government from going into war without a declaration of war with Syria. [youtube.com]
Re: (Score:2)
'jew' only to a degree that I had a Jewish grandmother, sure, Russian? To a degree that I was born in the former USSR and speak the language.
By the way, your comment, it shows insane amount of ignorance. First of all Russia has a naval base in Syria [wikipedia.org], so for USA to attack Syria is a similar situation to Russia attacking Mexico.
Secondly, it is retarded to believe that Israel will be a winner in this situation, unless you are asleep, you should have noticed that USA is bankrupt, which means USA cannot actually
Re: (Score:1)
The entire world uses Israel to keep the middle east destabilized so they don't band together and become a problem by controlling oil reserves. No one is going to let anything serious happen over there, and if it did, you have Israel with American military equipment (undisputed second best in the world), which they've upgraded, oh, and they've been fighting with it their entire lives against everyone around them. I wouldn't want to see America fight Israel, I'm fairly certain if they were unleashed they'd
It just shows... (Score:2)
The real reason for this (Score:2)
Want to bet that this opt-out doesn't apply to any of the apps Microsoft bundles with Windows RT / 8?
Re: (Score:2)
Hmm, obviously MS has developed a version of IE that looks JUST LIKE Firefox, then, because I'm using (what I thought was) FF on a Windows system to type this.
Microsoft doesn't support DNT on the back end (Score:2)
It doesn't apply to any tracking Microsoft does because even though they've gone so far as the standard-breaking client-side DNT-by-default in IE10, they don't support DNT at all server-side on the sites they operate that track user data.
Re: (Score:2)
Why Off by Default? (Score:1)
W3C is against it because it violates the standard (Score:2)
The latest draft of the standard states "[a]n ordinary user agent MUST NOT send a Tracking Preference signal without a user's explicit consent." Having it set by default, without any input from the user, violates that. That seems about as simple as you can get. The real question should be whether or not that wording belongs in the standard.
As other commenters have said, I feel that enabling it by default would have a dramatic impact on advertisers. I feel that they'd be more willing to accept a few indi
best reason for DNT to be default ON (Score:2)
I would bet that even if it was later set to ON (from default OFF) some advertisers would say
But we recorded you on 09/15/2012 at 15:24.35 as opting IN to our program and our policy is to not recheck past the first time.
so whenever a browser dumps and has to be reloaded (and the settings reset) there is a window that could be used.
Plus what happens if DNT is set to ON does the previous data need to be erased??
Re: (Score:1)
AWStats doesn't 'track' you, it simply counts some numbers up from log files. It can't tell you what I bought last tuesday at a participating retailer.
Re: (Score:1)
Awe, 12 year olds with 'tude are so cute.
Lets see, one of them is the company that makes the software ... so they actually DO DECIDE the defaults, its really screwed up that you're too stupid to get that part.
The other one helped create the specification we're discussing ... so again, they have a little bit of a clue about it.
Basically both authorities are about 10 million times more qualified to discuss YOUR software defaults than YOU are apparently.