An internet standard on online privacy is expected to be published by the middle of next year. In the meantime, the World Wide Web Consortium (W3C) has released a first draft of the so-called "Do Not Track" (DNT) mechanism, with input from the major browser makers. Google, Mozilla, Apple and Microsoft have been debating with …
It won't work
So, you either have to:
1) Make the protection really prevent tracking but ship with all the protection off - most people will not activate it, most web sites will break if you do activate it, and it won't be any different than running NoScript and CookieMonster.
2) Ship with it enabled but make it just an advisory flag, and trust the web masters to honor it - you will be tracked, just as you are now, because there is too much money in tracking (or so the perception is).
3) Ship with it enabled, make it prevent tracking, and break most web sites - again, like NoScript and CookieMonster, but with lots of angry users and angry web masters. Won't happen.
By way of analogy, how would you feel if I came to your house and started telling you how your furniture should be arranged and how your home entertainment system should be set up? You'd rightly tell me to fuck off in no short order.
Even if I trust *you*, how do I know your scripting hasn't been cracked? Remember when the NYT website was serving malware through banner ads?
You come on to my internet, which I am paying for, then you abide by my rules. Which means if I choose to use flashblock and adblock then you can either like it or lump it. If you don't like it you can go set up your own internet.
By way of analogy, how would you feel if I came to your house and statrted telling you how your funiture should be arranged and how your home entertainment system should be set up? You'd rightly tell me to fuck off in short order.
I refuse on principle to let the internet be stolen off those of us who have been paying for it since before commercial parasites tried to claim it as their own. The internet was a much better place before the spivs and whores gatecrashed it.
Just to be crystal clear, I do not care if you threaten to leave the internet, go now please, and shut the door behind you. We know of course that you won't, in which case you'll just have to abide by what the internets users and owners, who pay for it, want.
@ Jim 40
Excuse me? YOU come onto MY site when you type my site's URL into your browser (or click a search result leading to it, and then I PAY for the bandwidth you use accessing it. Since when, and how, do I come onto your internet? YOU make the choice to come to my site. If you don't like the way it's set up, then you can go somewhere else. So go now, please, and shut the door behind you.
@ Steven Roper
Typically overweening sense of entitlement from someone who labours under the misapprehension they own everything.
In the vanishngly unlikely event I'd be on your site how are you going to stop me? You need the internet infinitely more than it needs you.
You have no choice but to suck it up, now get over yourself.
Is a tiger still a tiger if it has no teeth?
I actually took some time to read the draft standard, and on the whole it seems to be fairly well thought-out: DOM-compliant, HTTP 1.1 compatible, easily implementable (or should be, on the client side, at least), and reasonably elegant.
However, the main thing that concerns me is that there doesn't seem to be any mechanism for enforcement of the DNT (Do Not Track) preference even if the web server in communication with the browser does not honour the request.
For example, I would think that a browser whose DNT preference is set to "1" (true/on) should automatically set/override any Web Storage / Web SQL DB / Indexed DB storage preferences to "off" or "session only," but a perusal of the listed Issues (in the draft specification document) implies the topic hasn't been brought up for discussion...
Personally I'd prefer to see a set of integrated tools and techniques to make 'cannot track' a easy to use point and click default option for all users, irrespective of browser. As it stands there's plenty of addons available that mitigate most aspects of tracking, but they're still too complicated for many 'average' users.
Leaving 'do not track' as a matter of trust is ultimately not the solution, because I don't at all, and I doubt I'm alone in that. A hefty and enforced change in the law might help, but I won't hold my breath.
Moving the goalposts
1) People complain about spam, usage tracking and "targeted advertising" (apologies for the USAian).
2) Those with vested interests carefully reframe the issue to move away from an opt in / opt out argument.
3) Those with vested interests very kindly offer us an opt out "solution" (apologies for the idiotism).
I say, "Fuck 'em all!"
hosts table: 127.0.0.1 ssl.google-analytics.com www.google-analytics.com etc
"Mozilla added a DNT http header to Firefox, thereby giving surfers control"
Oh please, cmon reg.
DNT is a little white flag that pleads with the ad industry not to track. It offers no 'control' at all. Most ad firms ignore it.
These surveillance technologies should be opt in. The reason they are not opt in is because no one wants to be stalked across the web.
Take a step back, folks. What do you think is being tracked? Someone mentioned Google Analytics. They don't care that Dave visited the site, only that someone did. There's no personal data in GA whatsoever. It's not in their interest. GA tells the site owner 50,000 people visited his site today, what browser they used to do it, and not a jot about who any of them are.
Advertisers might care who you are - but only so they can tell what you're likely to buy. A brand might want to know that you looked at their shirts last week, because it's an opportunity to sell a shirt. Knowing that you own a car gives someone the chance to sell you car insurance. And so on. Advertising makes the web go round. Knowing that you're called Dave doesn't help, so they won't want to know. I understand that some would want a DNT option, because of this type of thing, but it shouldn't be mandatory.
Meanwhile, advertisers pay for my site to exist. If you block ads, why should I serve my site to you?
That's capitalism, folks. Good and bad in equal measure. Until you invent your own socialist internet, where ISP revenues are distributed among site owners, that's how it's going to stay.
Oh, and if the *government* wants to know what Dave Smith of 29 Acacia Avenue is doing on the internet, they can find out easily through a court order and your friendly ISP. There's nothing whatsoever you can do about that. :-)
You seem to have failed to recognise the difference between "advertising" and "targeted advertising". Both are unpleasant. The first is, arguably, a necessary evil. The latter results in me being visually spammed with the most pretentious wank in human history (car adverts) just because I wanted to know what a "Caravelle" was.
"Advertisers might care who you are - but only so they can tell what you're likely to buy."
Exactly. But that's the crux of the issue: While ** I ** may not have a problem with adverts being skewed toward my interests, I may have a problem with other people being able to deduce hidden proclivities and unearth buried skeletons based on the advertising content served to my browser.
People can learn a lot about your interests by paying attention to the ads that appear when doing web searches, especially if you let your wife/husband/girlfriend/boyfriend/significant other/visiting family member use your computer (or other "shared" computer in your home).
For example: Suppose you're a heavy pr0n user, and have done a lot of targeted searching to satisfy your, ahem, urges while travelling internationally. Then your human-rights minded cousin visits for a day or two before heading to his/her next rights convention, and asks to use your browser to look up news on the latest military crackdown in Bangladesh.
Imagine what they would think if, on every search page they scan, ads appear in the sidebar offering "sex tourism" junkets to Bangladesh, even though your cousin is searching for news on a completely different topic. All the while, you've been judicious about keeping your system clean of malware, so the computer itself is running well and does not appear to be obviously infected with invasive, browser-hijacking, pop-up pr0nware, so you can't even use "must be a virus" as an excuse.
Thus, the problem isn't what advertisers think about me; it's what other people exposed to the ads served to me on a consistent basis think about me.
"...it's an opportunity to sell a..."
You say "opportunity", I say "visit". Your vision of tracking as 'OK' relies on the assumption that just just because I have briefly looked at something, it's OK for one of your snouted chums to jump out of the woodwork and start pimping crap to me. Big assumption, rather arrogant and imposing, don't you think?
Maybe I was only trying to find out whether I needed part X or part Y for my car and am quite capable of looking out my own insurance at the time I need it, rather than needing to be 'informed' by what will doubtless prove to be a deceitful ad at some level.
If advertising does indeed make the web go round, its only because of some pretty lazy thinking on the part of the business latecomers who really couldn't come up with a better idea that fitted their cynical, invasive worldview. The web actually went round before advertising showed up, and the worthwhile bits would still revolve satisfactorily if 98 percent of the ad funded crap (your site does what?) around now vanished overnight. If ad revenue is your sole income, you are going to be sorely fucked when the race to the bottom reaches its logical conclusion.
"That's capitalism, folks"
Ahh, the stars 'n bars excuse for everything. ABP, Tor, NoScript, Ghostery etc, etc, etc. You're not the government, so nothing whatsoever you can do about that. :-)