Mozilla is planning to add a so-called "do-not-track" feature to browsers for Firefox users who want to outfox cookie-bothering behavioural advertisers. The open source browser maker's global privacy and public policy wonk Alex Fowler admitted that convincing website operators to agree to such a proposal remained a big stumbling …
I'm really baffled by this
With Firefox, if you set the cookie "Keep until" to "When I close", then you erase all cookies every time you close the browser. Why isn't that better than trusting the website you visit to honor a "do not track" flag?
"Please, mister advertiser! *Please* don't give me that bad old tracking cookie!"
So, seriously, why does anyone bother with a lead balloon like this? Is it just so Mozilla Co. can say "Look, we pretend to care about your privacy more than Microsoft pretends to!"
Can't fake an IP address
And sure, yeah, I really feel safe about this opaque blob of closed-source binary code with the four-color glossy website that promises to "protect my identity". Oh, and "how to help: download our crap, tell your friends it's chocolate ice cream, then send us money!"
Yeah, that's just trustworthy as *hell*. Shill, much?
Like this will work
Until governments force the web sites to honor the requests from browsers not to track users, I don't see many volunteers. Even then I think a few sites will have to be made examples of to show them they mean business before they fall in line.
The title is required, and must contain letters and/or digits.
<cynicism> "Meanwhile, the world's largest ad broker Google is reportedly set to announce a "keep my opt-outs" privacy tool later today, that will allow its Chrome browser users to scream "in your face, OBA!" - or something. ®"
Of course, knowing Google, they're going to allow themselves a back door or other workaround so they can still collect the data. As for Microsoft claiming to wanting to respect the user's sphere of privacy: huge, rolling laugh!</cynicism>
That aside, I find this sort of thing to be a little overdue, though the header approach suggested by the Mozilla Foundation will of course only work so long as the operators of the web sites actually respect those headers. Which I doubt the more commercially-oriented ones will do.
For anyone who wants to get ahead of the curve on the whole tracking issue, the latest NoScript and Adblock Plus add-ons already provide this feature.
There was a problem retrieving the site
Sorry, in order to view this post you need to opt-in to OBA in your firefox preferences.
Alternatively, use DNS-based blocking of known tracking sites and a cookie-filtering proxy server. I might even make the next version of my cookie-cruncher return "doctored" versions of known tracking cookies, so as to poison the analytics data thus gathered.
Standard fingerprint please!
I wish they'd implement a feature where you can set the fingerprint of the browser to the the same as everyone else thus stopping the way people are really tracked.
Paris because she knows a thing or two about being fingered.
The Torbutton extension for Firefox does this and I think it is possible to configure it to do it without using the Tor network.
More information about tracking here: https://panopticlick.eff.org/
Wrong way round
So I have to opt-in to achieve an opt-out?
If tracking is *so* beneficial to advertisers why don't they ask you to opt-in and pay you for your trouble?
To think that after all this time...
...this is still relevant:
Your post advocates a
(x ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting trackers. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.):
(x ) Requires immediate total cooperation from everybody at once
Specifically, your plan fails to account for
(x ) Dishonesty on the part of trackers themselves
(x ) Extreme profitability of tracking web users
and the following philosophical objections may also apply:
(x ) Any scheme based on opt-out is unacceptable
Anyone who hasn't seen this before will just have to wonder what other options there were (and what I put in the "Furthermore, this is what I think about you:" section). Those who have know what it contains, the reasons why it won't work and are probably having a damned good laugh.
Here is a better idea.
Opt out programs only work if you are dealing with a scrupulous website.
"Delete all cookies after a session" would be a better option.
What this really means
What this REALLY will mean:
Browser: My master has said he'd better not catch you tracking us!
Web site: OK, you won't *catch* us tracking you.
Browser: OK. <beat> Wat?!
Web site: <snigger> (sotto voice) "anybody want to buy some *ahem* anonymized tracking data?"
My cookies bite the dust unless I trust the site, and I trust very few sites. I give El Reg elbow room, but then I like to live on the edge. Yeah! Go me!
I've never understood why no one has been arsed to write a random cookie stuffer.
Everytime they ask for their cookie give them some total pile of tripe. They've probably never coded for it and so their site will find all sorts of interesting features. If enough people did it then they'd soon stop.
What would happen if you gave them a load of binary zeroes. The maximum size of a cookie stored in a browser is 4Kb (well, true for IE, other browsers may vary), but what happens if your plugin sends back 4097 bytes? Can you make their cache overflow? If the tracker is specifically expecting a certain length cookie, what happens if you send them back too little or too much? Can you cause crashes on the ad server? If the cookie contains data with some sort of semantic meaning, can you cause it to form a logic bomb (e.g. self reference to cause an infinite loop, or infinite recursion)?
I wonder if FF already has any plugins which do this sort of thing?
Re: random cookery...
"I've never understood why no one has been arsed to write a random cookie stuffer.
Everytime they ask for their cookie give them some total pile of tripe."
Actually, I started to do this about a decade or so ago. I stopped when I realized that if _I_ were distributing cookies, I'd protect myself by generating cookies which contained a cryptographic checksum. Then when I received a cookie back from a browser, I'd check whether it self-validated before using it.
I have no idea whether companies like DoubleClick do this sort of thing, but I can't escape the conclusion that if they don't, they wouldn't be able to stay in business.
Worth saying again
You can have all the functionality of Google without the ads and tracking by using Scroogle instead. You can even have your searches and results encrypted to and fro. Start at http://www.scroogle.org
No one knows what "Do Not Track" means...
There needs to be more rules to protect people's privacy from corporations with more power to exploit technology than the average person has to protect themselves from new threats. People are misled concerning cookies. They've been misled about things like Do Not Track and net neutrality. And they've even been misled about the benefits of targeted advertising. Obviously Do Not Track is not enough, but it would provide for a standard for opting out that would be the same for all clients (browsers) and servers (advertisers). If there is going to be a standard for opting out, there should be a standard for what opting out means and how it will be enforced, too.
Relying on self regulation won't work for this reason, but if users and law makers were better informed, a Do Not Track system that was effectively backed up by law could work without requiring a third party to maintain lists, servers, or other systems. (Although it would make more sense to to give consumers privacy rights against unethical business practices and all forms of tracking embedded in technology.)
Until laws are passed to back up Do Not Track headers sent by browsers, all the Do Not Track plugins endorsed by browsers are simply deceptive marketing techniques and all unofficial ones are simply a proof of concept.
killing the internet
I have a website with cookies. it provides real and popular info that people enjoy visiting. I offer products around the subject for sale. you choose if its of interest. I pay to host this site from the income it generates.
Stick on ad blockers and cookie tracking blockers and my site is too costly to run, so I will shut down and people will loose a useful resource on the subject.
the majority of cookies are harmless and help support sites to keep open. but dont block them because big chunks of information will just vanish...
Re: killing the internet
I understand your point. Personally, I use ad blockers for the purpose of random surfing around, but tend to whitelist the web sites I love and visit frequently. I also randomly click on ads on such sites every now and then even if I am not interested, just to show a little support. This, in my opinion, constitutes a fair compromise.
Having said that, however, you must realize that the only way of ensuring you get paid for the content and service you provide is to either ask for voluntary donations or build a paywall. There is no replacement for real money.
I use the Ghostery Extension in Firefox that enables me to block trackers. Its shows the trackers that are used on each site you visit. What astounds me is the NUMBER of trackers some websites use and the plethora of tracking services that are revealed!
Advertiser Tracking -- Not That Bad!
People really need to stop this Knee jerk reaction that "advertisers tracking" is bad.
Online ad providers do not track the private data of the user, instead Online ad providers track their OWN data and that of the merchant.
In fact, you get more privacy than you do with you banks tracking, that tracks not only only all your exoctic purchases, but knows exactly who you are and the very location the purchase was made!
When you get cookied by an ad provider - they dont store "John Smith, Male, 32, Single/Married/Other" instead they store a code chain that tells them "The operator of this browser click on [advertisers link] on website [X] on date of [x]"
Later on the advertisers site, that cookie is "read" and sales data reported to the ad provider by the merchant why........ so the provider can pay commission to the referring website of that user.
Again at no point is it possible to determine the "Person" that bought any product, only the origin before the users came through.
Want to see how much ad providers help the "common user" ? Well Google loyalty sites! Loyalty sites use ad providers to track their users across hundreds of merchants....... but they pay the USER the commission that they make off those adverts.... sometimes up to a hundred pound sterling for something like a mobile phone contract.
Just get a *really* good hosts file
I use the one that is published and updated regularly at http://someonewhocares.org/hosts/ - it speeds up my browsing, saves monthly download allowance and I've hardly seen an ad or tracking cookie since I started using it.
I prefer not to trust others to protect me if I can do the job myself.
As some of the folks who run websites say, unless they can collect someone's data (or have another source of revenue), they can't stay in business. I'd like my 'net services to remain free, so unfortunately, those who don't know any better must suffer.
I prefer not to trust others to protect me if I can do the job myself.
There are plenty of tools available which will help preserve your privacy on the 'Net. When I want to surf anonymously, I surf using a Linux "live CD". There's no personally-identifiable data on the system, so I don't even have to trust Mozilla. (The hard disk on my laptop is encrypted to protect the data if it's stolen, so even if the live CD tried to be helpful, it can't mount any filesystems from the hard disk.) When I'm through surfing, I reboot and ALL information related to that session vanishes. Of course this prevents bookmarking sites, but security and convenience are often at odds.
If I were a little more paranoid, I'd put The Onion Router (TOR) on my firewall then create a (very slightly) customized live CD which used my TOR installation as a proxy server. (Using TOR would prevent the target website from seeing my IP address, and prevent my ISP from seeing the website's address or any data I exchange with the website.)
If you wanted it to be more convenient, you could probably copy the live CD to hard disk, then run a copy as a virtual machine. You'd just have to remember to delete the virtual machine after each session.
erm, stupid stupid stupid
This relies on the website listening to this new header and behaving. Honestly how stupid can you get, clearly this has less chance of working than a snowball does of living in hell.