The Federal Trade Commission recommended consumers be given a “do not track” option that prevents websites and advertisers from compiling data about their web-browsing habits. In a report published Wednesday, the consumer watchdog agency said the privacy mechanism should come in the form of a cookie or other persistent web …
no, no, no
"the privacy mechanism should come in the form of a cookie or other persistent web browser setting."
No... The privacy mechanism should be as standard, and a persistent browser setting should be used to opt *in*
How the hell's that going to work?
Hi website I don't want to track me. Please can you give me a cookie to flag that I don't want you to track me. Please then look for that cookie every time I go to your site so you'll know not to track me. To prove that you're tracking my desire to not be tracked, please log every time I visit.
So what happens...
if you have the Do not track setting/cookie and login/register for an ID to access non-free/non-anonymous data, or make a purchase on a website?
Is that like Dividing by Zero?
They've got this the wrong way round
How about a "DO Track" option for the "nothing to hide, nothing to fear" brigade who don't mind their data being mined, pimped and retained indefinitely, whilst the rest of us who object to being viewed as walking, talking bags of money by advertisers and marketers can be free to browse the internet privately, safe in the knowledge that we might be looking at ads that aren't specifically tailored to our browsing history.
...alternatively, make such tracking illegal and then we don't have to worry about it.
But that would be too simple, no?
By the way, spotted this the other day :-
...and then prompty installed the "Cookie Monster" plugin for Firefox!
"the privacy mechanism should come in the form of a cookie"
Meh, so each time I clean my cache, I'll have to remember to keep the only good cookie in the jar? My vote goes for the web browser setting, but how are they going to implement that? Create a standard for it? Anyway, I'm not too bothered: AdblockPlus does the job for me.
An interesting idea... but what could possibly be the incentive to comply?
Gaol time for the leaders of companies caught at it? Fines wouldn't deter Google/Microsoft et al.
In fact, even porridge wouldn't do it as the lawyers would just string it out and plea bargain.
A way has to be found to either make the data valueless or prevent it being captured.
I can just hear them saying...
We don't track you... what data? How did that data get there... it was collected by mistake, it was ummm a programming error by a junior coder. We will destroy the data as soon as we are finished with it, I mean as soon as we finish our investigation of how it happened* and make sure it will not happen again.
I seem to remember hearing something like that some place...
*that is, how we got caught
Do they understand the web?
So it possibly should come in cookie form. You know the things you REMOVE to stop websites tracking you?
Do Not Track!
umm... so they propose to implement privacy by... installing a cookie... umm...
Reminds me a bit of RFC3514
I immediately thought of RFC 3514 too
In fact, as compliance with RFC 3514 has been minimal, perhaps we should re-purpose the evil bit as the do not track bit?
Mine's the one with "Please don't kick me" on the back.
Privacy by design...
...doesn't "privacy by design" suggest opt-in, not opt-out?
The lobbyists of certain "special interest" groups* will shoot this one down in short order. All because said special interest groups purpose in life is about making life happier, easier etc of the users, and why would you mess with that right?
* aka Google
something tells me
google is going to be exempt from this.
why do we live in an opt-out world? Why can't we have an opt-in world?
Why do we have no control over our credit reports?
It didn't seem that bad before but now the same companies that run the credit reporting agencys also are invested in making money off the information.
So this should work about as well as the do not call list
They will just outsource it to India.
[Obligatory] Users already have this capability
Here we go:
Got get the latest version of Firefox from http://www.getfirefox.com
Having installed the latest version of Firefox go to "Tools" and then "Add-Ons" and then look for the following:
*Google (DoubleClick) Advertising Cookie Opt-Out - http://www.google.com/ads/preferences/plugin/ Opts you out of tracking cookies from DoubleClick, now owned by Google.
* Google Analytics Opt-out Browser Addon - http://tools.google.com/dlpage/gaoptout (also available for IE & Chrome)
* Beef Taco - https://addons.mozilla.org/en-US/firefox/addon/180650/ This installs over 100 opt-out cookies in an instant. Easier and much more thorough than going to the NAI site.
* Better Privacy - https://addons.mozilla.org/en-US/firefox/addon/6623/ To deal with LSO / Flash cookies.
* Flashblock - https://addons.mozilla.org/en-US/firefox/addon/433/ To prevent flash objects and ads from running unsolicited. Gives you a little icon which you can click to see the content.
* CS Lite - https://addons.mozilla.org/en-US/firefox/addon/5207/ Puts a little icon on the bottom of the browser and allows you quickly and easily allow cookies permanently or for the session
* Ref Control https://addons.mozilla.org/en-US/firefox/addon/953/ Simply control what is sent as refferer. I set it to forge. Thus the server at the destination site will see itself as the originator of the visit. This helps prevent profile building.
* Track Me Not - https://addons.mozilla.org/en-US/firefox/addon/3173/ Sends not quite random search requests in the background. This prevents accurate profiles being built from your real search queries.
Also, of course, AdBlock. Although one could argue that most tracking is dealt with pretty well with the measures outlined above
Paris, cos she don't mind being tracked
Thanks for the list!
I've got most of those installed, but I can see there's a couple I'm missing.
It's just a shame that the *user* has to put so much effort into ensuring their privacy instead of being *asked* whether they want their details and browsing habits tracked :-(
Nothing will come of it
As usual this stuff is "agreed", they will never go so far as to impose sanctions or financial penalties against these scumbags. I realise there are grey areas, for example I don't want a £20,000 bill just because my local steam railway enthusiasts site accidentally put a cookie on your browser, all the same I am sick and tired of being treated like a piece of meat by these "data collection agencies".
Wow there are some Epic quotes in that report
...especially given the aftermath of the recent Wikileak release:
"staff believes that the extent of access should be proportional to both the sensitivity of the data and its intended use"
Haha, thank you government for that little bit of sage advice. Pot... kettle much?
As masochist as it sounds I actually intend to read into this more, but at first glance this seems to have all the trappings of ineffective bureaucratic hot air. There also seems to be quite a bit of fawning, if not deference to the status quo:
"businesses should be able to engage in certain “commonly accepted practices” without seeking consumer consent"
privacy by design ?
privacy by design == security by design ?
security by design => privacy by design ?
privacy by design => security by design ?
Are these the same ? Or one implies the other ? They are clearly related. Security will be required to prevent "unscrupulous" webSlime from circumventing any regulatory or technical mechanisms.
And since security by design has not been, or ever will be, achieved, privacy is unlikely.
And how long has it been since anything on the web was scrupulous ?
Over here please!!!
We could do with a bit of that on this side of the pond. We're well on our way to a mark II RIPA rip off, and I'm sure that once the ConDems really get the bit between their teeth their beloved party donors can expect to have the entire UK populations stats, details and habits to slice 'n' dice as they please, EU protections notwithstanding.
Not perfect though. I'd be unsurprised to see the "don't track me" cookie used to rather effectively do the opposite of what was intended by the less than scrupulous, who don't seem to be in short supply these says.
The thing with 'growing the economy' is that someone - usually the consumer these days - has to take it up the rear sans lubrication, and listen to a little political homily as an unwanted bonus.
How would an opt-in system actually work, if there's a mechanism which is set to 'private' by default?
If a browser install/update comes set by default to 'private', how would a website know whether that was a choice, or just someone leaving the default settings unchanged?
That is, if there was a user who was previously implicitly relying on tracking working, when it stopped working, how would they know what had happened?
It'd be possible for a site to ask whether someone really wanted their setting to be private, of course, but would people with a setting of 'private' want to be repeatedly asked if they wanted to turn privacy off?
I might want a setting of 'private, and don't ask me about it', but would that be something that should actually be the default, if it could potentially break someone else's experience, and explicitly not give them the chance of being warned?
I could be asked at the browser install/update, of course, but then it effectively becomes neither opt-in or opt-out, but opt-either-way.
Simple: They ASK.
The idea of the privacy advocates is that any form of personally valuable information should not be obtained by any other party unless they are (a) government and keepers of that data anyway for legal reasons, or (b) given your EXPRESS and EXPLICIT consent to do so, and this consent would follow the "lazy" rule (to borrow from RegEx parlance) in that it applies only to those specific instances consented. Anything beyond that, or any extension of the instance would require another explicit consent.
And for those who break the rules? For accidental exposures, they could be charged with criminal neglect. Intentional instances may be construed as Identity Theft. Oh, and either instance could result in civil damages, too.
I thought the article was about a potential global browser setting to stop sites doing tracking, and that indeed seems to be what the referenced PDF was talking about (pages 66-67).
I wouldn't particularly want individual sites keeping asking me for consent, and indeed, if I was going to refuse consent, unless they were going to ask me every visit, it would be hard for such a system to work without their making some record of what my reply was.
A setting I could /choose/ to set on my browser for 'don't track, don't ask' would be the best solution for me, though it would be something that might not be ideal to set as a default without asking the user (since by its nature, such a setting might not make its presence obvious to everyone.
"A setting I could /choose/ to set on my browser for 'don't track, don't ask' would be the best solution for me"
OK, in non tech terms, change to Firefox and install some of the anti tracking and anti cookie addons like noscript and better privacy, you get asked initially once you visit a site to allow tracking or not and the addons remember your preference.
The key concept here is you have to take your own measures if you want to maintain your privacy.
Personally, I already do that, it's just that we were talking about a possible more universal approach, and I was talking about the kind of thing I'd see as a good option for someone like me in such a system.
Cant track you? Piss off then..
If we can't track you, we can't log you in. Could be interesting..
Also, tbh, websites like google and facebook make their money out of tracking and monetizing that information. I could easily see them both excluding users who don't allow themselves to be tracked.
@Cant track you? Piss off then
Simple reply to that - Bye Bye
Good idea, but ...
... the default should be AUTOMATICALLY OPTED-OUT and only those people who, for reasons most of us aren't going to understand, specifically want to be tracked should be trackable.
That way, advertisers are going to have to come up with a very good explanation why being tracked benefits the end user -- and the silent majority who don't understand and don't care remain untracked.
In the UK at least, this should always have been the default if the UK Data Protection requirement not to collect "unnecessary" information had been interpreted sensibly as meaning that only information*absolutely* needed to do the job (rather than information that is wholly or mainly for making illicit profits) should be collected at all.
The article and relevant bit of the referenced pdf document seem to be talking the possibility of a one-off browser setting to inform sites that someone doesn't want to be tracked, so on a site-by-site basis, potentially people wouldn't need to be asked at all if there was the option for a setting that told the site people didn't want tracking *and* didn't want asking, as well as a setting for 'ask me first if I want to opt in'.
A setting like that seems to be the kind of thing that is probably best not having a default setting at all, but requiring the users to actually configure one way or another.
Total friggin' FAIL
"The Federal Trade Commission recommended consumers be given a “do not track” option that prevents websites and advertisers from compiling data about their web-browsing habits."
*I* recommend consumers be given a "please track me" option, and a __TRACKME__ cookie that can be implemented in browsers to be served to any site that asks for it.
Anything else is just waffle by people that either genuinely don't understand privacy, got paid to not understand, or just don't care.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...