Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Chrome Facebook Privacy The Internet

'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything (gizmodo.com) 228

An anonymous reader quotes a report from Gizmodo: When you go into the privacy settings on your browser, there's a little option there to turn on the "Do Not Track" function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop a porn site from keeping track of what she watches, or keep Facebook from collecting the addresses of all the places she visits on the internet, or prevent third-party trackers she's never heard of from following her from site to site. According to a recent survey by Forrester Research, a quarter of American adults use "Do Not Track" to protect their privacy. (Our own stats at Gizmodo Media Group show that 9% of visitors have it turned on.) We've got bad news for those millions of privacy-minded people, though: "Do Not Track" is like spray-on sunscreen, a product that makes you feel safe while doing little to actually protect you.

Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn't respect DNT, it does "provide multiple ways for people to control how we use their data for advertising." (That is of course only true so far as it goes, as there's some data about themselves users can't access.) From the department of irony, Google's Chrome browser offers users the ability to turn off tracking, but Google itself doesn't honor the request, a fact Google added to its support page some time in the last year. [...] "It is, in many respects, a failed experiment," said Jonathan Mayer, an assistant computer science professor at Princeton University. "There's a question of whether it's time to declare failure, move on, and withdraw the feature from web browsers." That's a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place.
Only a handful of sites actually respect the request -- the most prominent of which are Pinterest and Medium (Pinterest won't use offsite data to target ads to a visitor who's elected not to be tracked, while Medium won't send their data to third parties.)
This discussion has been archived. No new comments can be posted.

'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything

Comments Filter:
  • by Anonymous Coward

    "porn site from keeping track of what she watches"

    umm...right....

  • by Anonymous Coward

    I use spray-on sunscreen all the time. Why are you saying it doesn't do anything?

    • Re: (Score:2, Offtopic)

      by mnemotronic ( 586021 )

      I use spray-on sunscreen all the time. Why are you saying it doesn't do anything?

      Must have been a typo. It actually does work, just not for the advertised or intended purpose of screening your skin from the sun. It does, however, keep you from being shat upon by passenger pigeons. Guaranteed. It's also a mild cognitive dyslexia stimulant, so it will ability your enhance to rismead docuportant implants.

    • by Anonymous Coward

      They probably meant spray-tan, which does nothing. Spray-on sunscreen is just immensely wasteful, much like all spray-on things, you waste butane or some other compressed gas in the process.

      The DNT kinda got fucked over by Microsoft because they released MSIE with it... enabled by default, which defeated the purpose of an opt-in mechanic.

      Now... what would have prevented this was having an actual standards-based privacy (remember P3P? That also is routinely ignored by everything) mechanic where the user is n

      • They probably meant spray-tan, which does nothing.

        Yes it does. It gives you a temporary tan that lasts until your next shower.

        Here's proof that it works [google.com]

        • by AmiMoJo ( 196126 )

          It makes no sense that a guy with so much money would get such a bad tan, and then maintain it for such a long time. Maybe someone told him it looks great and be believed them.

          Then again I can't understand why middle aged men get tans either. It never, ever looks good.

      • They probably meant spray-tan, which does nothing.

        Don't tell The Donald.

      • by Luthair ( 847766 )

        The DNT kinda got fucked over by Microsoft because they released MSIE with it... enabled by default, which defeated the purpose of an opt-in mechanic.

        They did, but no one was ever going to honour it without being forced to which is why we need legislation.

        • no one was ever going to honour it without being forced to which is why we need legislation.

          So.. I suppose this is a good day to come clean and admit that I'm one of the people who thought (and said) DNT is basically a good idea. I still do think it's a good idea .. or rather, it was. And while I can see you probably disagree with me, you've also put your finger on how we might come together (but see below, because we still might not).

          We had to ask, before we could justify making demands. DNT was a way of a

          • by Luthair ( 847766 )

            I don't think a government should be able to tell people what they're allowed to do internally on their own computers and their own storage. If you don't like that people remember all the information that you constantly go out of your way to give them, then stop sending it! It's the sender's responsibility, not the receiver's.

            People aren't giving them information. If you go to a website, you don't expect them to also give Facebook, Google, Twitter, Medium and 973 advertising networks access to that as well. The purpose DNT is really about these third parties tracking you around the web.

    • by Z00L00K ( 682162 )

      It gives you cancer due to all the solvents.

    • Re: (Score:2, Informative)

      by jeremyp ( 130771 )

      If you follow the links, it tells you.

      1. Most people don't apply it properly - you have to spray it on and then rub it in which negates the point somewhat.

      2. A lot of it gets wasted.

      3. While sun screen chemicals are known to be safe when applied to the skin, the situation is less certain about what happens if they are inhaled, which is more or less impossible to avoid when using spray on sun screen.

      On the other hand, it is better than using no sun screen at all.

      • by fintux ( 798480 )
        So the comparison fails - and none of those three points apply to DNT. It would have been better for example to compare DNT to homeopathy instead.
  • by Kunedog ( 1033226 ) on Tuesday October 16, 2018 @10:48PM (#57490180)
    Same is true of on-site privacy settings. Simply asking a site to behave does nothing. Enforce it by blocking their servers, and deleting their cookies. Don't use the site at all, if practical.
    • Clearly the world just needs to get off its butt and adopt real privacy and security [ietf.org].

    • Same is true of on-site privacy settings. Simply asking a site to behave does nothing. Enforce it by blocking their servers, and deleting their cookies. Don't use the site at all, if practical.

      But by taking information from your computer when you have Do Not Track a violation of the Computer Fraud and Abuse Act? You don't want them to use your computer in that way, yet they are. I also wonder the same thing about Microsoft's auto-update and reboot program. If I don't authorize the computer to upgrade and reboot, are they violating this law also? I know you'll say that the terms of use give you no right to deny these uses. However, I have no choice but to use a bank in the ordinary course of m

  • by raymorris ( 2726007 ) on Tuesday October 16, 2018 @10:49PM (#57490182) Journal

    The major advertisers had agreed to follow the standard. Then Microsoft quickly killed any chance of that happening by violating the standard in their browser. The agreement was that users could actively choose send DNT, selecting privacy over customization.

    Microsoft made it the *default* setting, so a DNT header was sent for everyone, though most people have never heard of it. There is no chance that sites would a) degrade their site and b) lose money, by default, for every Windows user. Once Microsoft did that, the only reasonable thing for sites to do was ignore it.

    Had Microsoft NOT violated the standard by setting it as the default, there would at least be a chance the the advertisers would have respected it for the small percentage of users who actively made that decision.

    • Re: (Score:3, Interesting)

      by Todd Knarr ( 15451 )

      I don't recall Microsoft's implementation violating any of the published specifications. It didn't conform to what the advertisers wanted (opt-out implementation with the default being "allow to be tracked"), but it doesn't violate the spec. To quote from the spec (Tracking Preference Expression [w3.org] W3C Editor's Draft 07 March 2016):

      A user agent MUST have a default tracking preference of unset (not enabled) unless a specific tracking preference is implied by the user's decision to use that agent. For example,

      • I don't recall Microsoft's implementation violating any of the published specifications.

        It didn't violate the standard, but it certainly violated the spirit. Microsoft's action was designed to sabotage DNT. It was a successful attempt at "Embrace, Extend, Extinguish", the same strategy they employed to kill so many other standards.

        DNT was intended to indicate an affirmative desire to not be tracked. It was never intended to merely indicate laziness and apathy.

        Microsoft knew they were destroying DNT. This was clear, intentional evilness.

        • DNT was fucked and evil right from the start. It was designed to stifle and block efforts to create a standard that took control out of the hands of the advertisers and put it in the hands of consumers. The advertisers led by google came up with the DNT which they basically promised to honour as long as no one actually really used it. The whole thing was bullshit from the start, calling MS evil for this is like calling Van Helsing Evil for murdering Dracula.
          • Speaking of "evil" it reminds me a lot of the "Evil Bit [wikipedia.org]". Let's just just make a thing that we send to web sites so that they don't track us. Of course, everyone will comply and nobody would ever track them if you asked them not to. They actually directly link to the Do Not Track article right in the Evil Bit Article.

        • by Anonymous Coward

          Microsoft may be evil, but they didn't kill DNT. DNT was useless from the start. Consider, if only a few used DNT:

          1. Most would not care about DNT, because almost nobody uses it. Why waste the effort of supporting it?
          2. Information about DNT somehow goes viral. The masses, tired of ads, enable DNT in their browsers. DNT becomes the fad of the month.
          3. The majority (or signigicant minority) uses DNT, so businesses choose not to use it - for the same reasons they choosed not to use it when Microsoft made it

        • what a load of crap. The standard did exactly what it was intended to do, it has been 100% successful. It was created purely to delay any real action that was been suggested by governments and pushed by other standards at the time. DNT was never designed or intended to succeed as a technology in itself, it was purely google, Mozilla et al protecting the Ad industry from much harsher measures. It is truly disappointing that google got away with this. I mean for fucks sake the whole promise was "as long as th
    • by mentil ( 1748130 )

      Lol no. Advertisers were looking for even the tiniest excuse. If Microsoft hadn't enabled it by default, then the advertisers would say that noone knew about or was activating DNT, therefore they weren't going to waste time and money coding in a separate codepath to respect it. How many people were still using MS browsers at that time, anyhow?
      Honestly that excuse wasn't needed, since it was a simple "money lost from not supporting DNT | money lost from supporting DNT" calculus with the latter being much mor

    • The fuckwits writing the standard as voluntary killed any hope of it being successful. MS were the only ones that had a sane approach at the time with everyone else demanding you had to know about the feature and find it and turn it on. basically they were trying to make this a feature for the technically savvy only hence it was a fail right from the start. Incidentally MS didn't violate the standard, they changed the standard to make what MS was doing a violation as they realised everyone would want the fe
    • by ChatHuant ( 801522 ) on Wednesday October 17, 2018 @12:37AM (#57490416)

      You say Microsoft broke DNT because they actually used the header, so poor tracking networks had no choice but ignore it. You don't seem to realize that your complaint is a real life example of a catch 22: ad slingers promise they'll respect the DNT header only as long as users promise not to use it.

      The reality behind this absurd design is more interesting: the alleged "standard" had never been anything more than a publicity stunt orchestrated by Google and their (at that time) lapdog Mozilla. The reason why they did that was to block a competing DNT mechanism [theregister.co.uk], proposed by Microsoft as a W3C standard. Microsoft's design stopped your browser from connecting to a tracker site completely. It didn't rely on the tracker's good will and honesty; it was a pro-consumer, not pro-ad industry solution.

      Google realized the danger, and proposed a different mechanism (the current "standard"). Via their membership in the Digital Advertising Alliance [digitaladv...liance.org] and other ad industry groups (participants in the W3C's standardization commitee), they forced it [theregister.co.uk] through, with great fanfare, thus blocking the consumer-friendly alternative.

      The ridiculousness of the design was obvious [theregister.co.uk] at the time. Just a few things: it's impossible to enforce your settings against a non-cooperating site. It's impossible to even confirm whether your request is being honored. There's no mechanism for a site to notify you in advance that it won't respect the DNT header. Add the fact that it's opt-out (leaving the less-technical majority of users unprotected by default), and it's pretty clear who the "standard" was for - hint: it was not for consumers.

      If you want to blame somebody, you should pick Google and Mozilla. All Microsoft did is call the ad industry's bluff and expose Google's DNT for the lie it always was.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Yep, I agree. This is one example of a time where Microsoft did exactly the right thing - privacy by default, and was one of the most shameful aspects of Mozilla's downfall, refusing to support privacy by default. For me, this was a major factor in dropping Firefox, as soon as it became abundantly clear that they favoured large ad networks over the user using logically invalid and morally bankrupt arguments to justify their stance it was ultimately the icing on the cake that pushed me over the edge having a

      • by _merlin ( 160982 )

        The Microsoft proposal is basically Ghostery, uBlock, etc. but with a standard protocol for obtaining the blocking lists.

      • by AmiMoJo ( 196126 )

        they forced it [theregister.co.uk] through

        According to this link Google was one of the ones who objected to it, not one of the ones who forced it through. The people who voted for it included other browser developers like Mozilla and Microsoft.

        The EFF backs Do Not Track. It's imperfect but it's a wedge we can use to push for legally required compliance. The user has made a clear statement that they do not wish to be tracked.

        It's tempting to think that having privacy enhancing add-ons is the answer, simply blocking ad servers and tracking cookies. B

      • You don't seem to realize that your complaint is a real life example of a catch 22: ad slingers promise they'll respect the DNT header only as long as users promise not to use it.

        Not quite. The original idea was advertisers promise to respect the DNT header only as long as users meaningfully make the choice to not want to be tracked. Changing defaults screwed this entire principle.

        • only as long as users meaningfully make the choice to not want to be tracked.
          Changing defaults screwed this entire principle.

          I don't see things quite this way; the whole approach is really weaselly to begin with. The ad industry knows full well that the majority of users don't have the information or knowledge to make this meaningful choice. It cynically intended to use the consumers' lack of information to profit from them, at the same time touting its virtuousness in providing this scam of a standard. When somebody - Microsoft in this case - takes a measure to protect users by default, the ad industry throws a hissy fit, and di

          • Oh I agree it was weaselly and had no teeth. What I'm saying is the original principle was palatable for the advertisers. That changed when it became opt out instead of opt in.

            You said it yourself: "The ad industry knows full well that the majority of users don't have the information or knowledge to make this meaningful choice."

    • This "Standard" was stupid from day one.

      Hell, I illustrated why it was stupid back in 2012 with a fairy tale story nonetheless. [slashdot.org]

      The fact that it took 6 years for people to realize that it was stupid just affirms to me that either people are gullible idiots, or I can see the future.

  • Donut Track (Score:5, Interesting)

    by mentil ( 1748130 ) on Tuesday October 16, 2018 @10:53PM (#57490190)

    Ironically, the 'do not track' bit can be used as a piece of data to help track people.
    All along, the hope was that governments would mandate respecting the 'do not track' flag. AFAIK no such thing has happened anywhere. If there are no big business interests behind it (a la Net Neutrality) it's very unlikely politicians will pay attention to it. OTOH, Congress is currently looking into privacy issues regarding Google and Facebook, so now would be the time to push the US govt. to mandate respecting the DNT flag.

    • by msauve ( 701917 )

      the 'do not track' bit

      It's every bit [sic] as effective as the evil bit [ietf.org].

    • by _merlin ( 160982 )

      How would you go about verifying that it's being honoured? You're depending on the goodness of Big Data. I don't think I could ever trust it.

  • by Anonymous Coward

    Is anyone surprised?

    • by Anonymous Coward

      Is anyone surprised?

      I don't know how anybody can be, since it's been known for years that DNT was the honour system, and that nobody was obeying it. I remember seeing years ago that DNT was pointless and did nothing, and have never enabled it on a browser.

      The only way to avoid being tracked is to directly block connections to the tracking companies and block cookies through real privacy tools.

      In Chrome, get something like HTTP Switchboard, or in Firefox something like uMatrix which does the same thing. Bl

  • by Anonymous Coward

    The only actual solution is to ban all advertising.
    Until you kill this problem at the source, you'll never get your privacy back.
    Yes this will kill a trillion dollar industry, but who fucking cares. We have to accept we've gone wrong. We went down the wrong developmental path, we need to back out, and choose a different path.
    One not based on mass-surveillance and mind-control.

  • by Anonymous Coward

    Packets with nefarious intent are still required to set the Evil Bit [wikipedia.org].

    I don't know how my evil filtering firewall would stop evil if the packets were lying.

  • by BenBoy ( 615230 ) on Tuesday October 16, 2018 @11:34PM (#57490318)

    [only] 9% of visitors have it turned on

    So then, it does something ... it sharpens up browser fingerprinting by making one more unusual ... It would be strange if that information weren't being used to track visitors.

    • No. What the DNT setting does is signal to advertisers that the user is naive.

    • Question 1: Does it add value?

      Tracking customers doesn't actually add anything. Knowing someone bought a spade does NOT mean they want adverts for spades. Big data analysis works on aggregates, not individuals, and automatically personalized content is rarely what the person wants.

      Question 2: Does it improve service?

      Complexity is the enemy of both throughput and stability. If there is no business case or technical case for tracking, you're adding complexity and therefore degrading service. Degraded service

      • Question 1: Does it add value?

        Tracking customers doesn't actually add anything. Knowing someone bought a spade does NOT mean they want adverts for spades.

        Actually, it does add value. Knowing someone just bought a spade should tell you they're not in the market for a spade, so don't waste time advertising them to the customer.

  • Everybody was right about DNT. News at 11.

    Seriously, probably half of us here could dig up some old comment they made where they said exactly this would happen.

  • DNT settings in browsers.

    Then stop blindly accepting cookies.

    The toss in uBlock Origin and Privacy Badger to see how bad the trackers really are. I have hit pages with 40-60 different trackers being blocked, Looks like 18 on this page

    • Specially Privacy Badger, whose authors are in the EFF and which is easily adjustable per-site if needed.
      For me tracking is an issue of the past -as long as Privacy badger lives
        Now I wrote that, I have to consider a donation to EFF... the cat T-shirt is nice...

  • Save yourself the time and punch these fuckers where it hurts the most.

    The best part is, with Nano Blocker you can watch the ad blocking arms race happen in real time. When an ad leaks through, the speed at which it gets fixed amazes me.

  • ...back to using the evil bit for our protection.

  • Who the hell didn't know this and fuck Donald Trump.
  • I often use an incognito window or a privacy browser (like firefox focus), which gives me a cookie wall everytime I visit a website. I wish it would be possible to tell their cookies aren't saved any longer than needed and I can't be tracked that way (and they don't have to show me their cookie wall).
    • by Anonymous Coward

      This is so true; there is some irony on the fact that these webshites set a cookie to flag whether you accepted cookies or not. I have the same problem as I've configured Firefox to delete all cookies on shutdown.

      A lot of that cookie wall stuff came in off the back of new EU regulations which always seemed odd to me in that they thought having a different UI per website for accepting cookies (with all the stuff that goes along with that, such as a HUGE accept button and tiny "reject" text link) was better t

    • by Niggle ( 68950 )

      If you're using Firefox, take a look at extensions such as "Cookie Auto Delete" and "Self-destructing cookies". They can be configured to delete the cookies the instant you close the tab.

  • https://www.eff.org/privacybad... [eff.org]

    it's not as effective as a blocker with loads of blacklist, but it tries to block DNT violators while give some awards to those who are willing to respect DNT...

    It's like consumer activism, I don't think it will success most of the time, but I still want to do it anyway...

  • All we need now is a law that actually makes it do something.

    Having the button already there makes that easier to sell.

    Go Europe!
  • by Anonymous Coward

    1. Never search for anything while logged into Google, Facebook and so on.
    2. At least try to make it harder for the Powers that Be to know how or what you do on the Net Use a VPN.
    3.. Run Linux and a VPN and use one Browser to get your mail gmail.com but never search from a logged in Browser I have 5 to 8 Different Instances of the Browser running on 16 Virtual Desktops.
    4. If you are on eBay use one Browser for that if you stay logged in anyway but never do Internet Search from that Browser.

    And they Call Me

  • by Anonymous Coward

    In a certain way DNT actually does something - I encounter sites that refuse to show data if there is any adblocking mechanism active in the users browser. If I deactivate the current adblocking script they still refuse to work and mourn about "private browsing" or "do not track"-settings still active. This is the very moment I don't want to visit the site. See: adblocking scripts are too ad-friendly now ;-)

  • 25% of American adults use "Do not track", but hey, non-geek Gizmodo visitors obviously have more trouble finding the "Do not track" option in their browser settings than the average American. So much for the credibility of the Forrester Research study. And for Gizmodo, wittingly distributing bogus research results.
  • The only news I see is that spray-on sunscreen doesn't do anything? I've been using it for years and years, and while the chemicals in it may cause premature aging I don't get sunburned using it, so... What gives?

  • by larwe ( 858929 ) on Wednesday October 17, 2018 @07:24AM (#57491244)
    A signal sent from the client that relies on the server side to honor some sort of contract is pointless. Even if there had been industry consensus on "what to do" with DNT, the situation would be more complex than that even in a world full of good actors. For example, GDPR would set limits on how to respond to DNT that differ from the limits set by US legislation. So from the user perspective, the exact effect of DNT would be opaque, it would be basically "turn off as much tracking as is required by the country that hosts the site, or maybe the country the site thinks you're calling from, or maybe the country the site thinks governs your particular account, if you're signed in.

    The inherent lack of clarity is bad enough, but it pales in comparison to the real problem, which is that are very few good actors on the other end of the wire, and an end user has no way to scrutinize them. By the time it is divulged that SiteX is illegally ignoring DNT and storing information outside whatever the local law permits, it's too late - the information is already sold to a thousand different data brokers and it is as undeletable as a nude selfie posted publicly to Facebook.

    The only meaningful solution is to build the protections into the client side, so that the client is prevented from sending data that can be gathered by the server end. The server cannot, and can never be, trusted by the end-user. It's disappointing that the options we have in browsers (even with extensions) are still relatively coarse. For example, we need the ability to block all active scripting (including that embedded in a page, not just by blocking specific URLs to malware Javascript sources) except for a small whitelist of items critical to the function of the site. We need a way of blocking particular APIs from being accessed by active web content (there is NO reason why a website needs to know my battery level on a mobile device. If there was a reason, it would be a very limited use case that I would only enable for that one particular site. Same principle applies to a lot of the data that's used to fingerprint browsers).

  • Did anybody really expect "do not track" to do anything? The "do not track" flag asks low-life web advertisers not to track you, not to harvest your personal information. Why would those advertisers follow your wishes to not track you.
  • "'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything"

    Is "tracking" one of the things it doesn't do? Because that's good. Otherwise it does do something. And that's bad.

  • I don't expect it to do anything, I use it as a form of protest.

  • by sentiblue ( 3535839 ) on Wednesday October 17, 2018 @10:33AM (#57492464)
    For a long time I thought DNT was a browser-level control. Meaning when you turn it on, the browser won't send tracked info to the site. When I realized DNT simply declares that you don't wanna be tracked and it's still up to the site owners to honor your wishes... I thought I was a damn big waste of effort to create a feature that in fact misled millions of people.

    Expecting Facebook and Google to honor your wish not to be tracked? Are you out of your phucking mind? They make money by tracking. If they are forced by the government not to track, they may as well fire all their employees and shutdown their businesses.
  • 'Do Not Track,' the Privacy Tool Used By Millions of People, Doesn't Do Anything

    Who was ever foolish enough to think that it would? It's 100% voluntary with no teeth and no enforcement power whatsoever.

    It was instantly seen as a scrumptious list of people who didn't want to be tracked, and therefore of immense value to spammers, marketers, government agencies, etc etc etc.

    It's like a "Do Not Mug" list, where you publish your name and the amount of cash you have in your pocket, along with your home address.

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...