back to article Apache man disables Internet Explorer 10 privacy setting

Apache HTTP daddy Roy Fielding has patched his popular server, telling it to ignore user privacy web settings in Internet Explorer 10. The Fielding patch will mean millions of web servers will ignore the Do Not Track header that's sent to them by users in IE 10, the browser for Windows 8. Apache is used by nearly 600 million …

COMMENTS

This topic is closed for new posts.

Page:

Black Helicopters

it's pretty obvious how to turn it off

in both the explanation for the express setup and the custom setup, as well as in IE10 itself it's pretty clear that you're making a choice and that it's following the letter of the standard not some personal interpretation (unfortunately by someone with a bit of power - and you forgot to mention he works for Adobe in his day job)

the downside of his behaviour is that more folks will need to opt for things like porn mode and resort to AdBlock and the like.

wonder which advertiser promised a suitcase full of unmarked sponsorship to Apache in return for them slipping this fix in

26
6

Re: it's pretty obvious how to turn it off

A more obvious (and far cheaper) solution is to stay as far away as possible from Windows 8.

24
23
Silver badge

Re: it's pretty obvious how to turn it off

It's not a case of being obvious, it's a case of the power of the default. If DNT is enabled for everybody then marketing networks will simply ignore the preference altogether claiming quite rightly that it does not reflect the user's choice. This in turn renders it a worthless setting.

One could say that Microsoft cynically enabled it by default because either a) it shuts out competitors from gathering data from the Windows 8 ecosystem, or b) it voids the purpose setting completely. Either way Microsoft stands to gain.

28
5
Silver badge
Stop

Re: it's pretty obvious how to turn it off

Windows 8 has several good points. DNT is one of them.

Personally, I use Firefox but I have to go and find the setting every damn time I install it. For the "default" browser that the technically non-adept are likely to use to turn off tracking by default - that's a good thing by the standards of anyone who isn't just out to score points against Microsoft.

If Opera did this, the fourteen people who use Opera would be crowing it from the heavens.

17
23
Anonymous Coward

Re: it's pretty obvious how to turn it off

@DrXym, or you could say that MS shut out advertisers in preference for their customers' privacy.

Then again, it's not very fashionable to say anything positive about MS or Win8 here, is it?

19
14

Re: it's pretty obvious how to turn it off

So basically you're saying that advertisers will respect DNT right up until the point people actually start using it. This cynical point of view may well be true, but it's more a reflection of advertiser's willingness to annoy and disrespect the people they're advertising to in the name of making a buck than it is Microsoft's bad faith.

Microsoft clearly have the right of this. If you polled a thousand web users, how many would really want advertisers to track their browsing habits? I'm betting not many. Privacy should be the default, not a privilege to be exercised by an elite few. If DNT isn't going to work when it's the default then it isn't going to work at all, and when self regulation fails then the advertising industry will have to accept government regulation of their behaviour.

23
6
Anonymous Coward

Re: it's pretty obvious how to turn it off

The obvious solution is to lock all advertising 'executives' and any other scum involved in that sordid trade in the hold of a ship and sink it in the Marianas Trench !

12
1
Silver badge

Re: it's pretty obvious how to turn it off

"@DrXym, or you could say that MS shut out advertisers in preference for their customers' privacy."

You could say that but you'd be wrong. Windows 8 will be loaded down with Bing apps which will be analogous to Google apps on Android. They'll be tied into a single sign on through Live.com in much the same way too and will be tracking your location, searches and all the rest. If you think for a second that these will honour your privacy you're living in cloud cuckoo land. The primary reason for DNT is to give MS an unfair advantage in gathering data and in setting up their own ad services and to shut out other providers.

15
7
Silver badge

Re: it's pretty obvious how to turn it off

"It's not a case of being obvious, it's a case of the power of the default. If DNT is enabled for everybody then marketing networks will simply ignore the preference altogether claiming quite rightly that it does not reflect the user's choice. This in turn renders it a worthless setting."

How is a user actively turning it on less of an expression of choice than a user actively turning it off? It isn't unless one has a subjective bias.

And the choice is fully presented to the user during IE10's installation or first use. It just happens that it explains in unambiguous language what that choice is and has it off by default. The user is given plenty of opportunity and information to turn it on if they want to. The choice requirement has been fulfilled. The issue is that advertisers were hoping the choice would be something users remained unaware of, in some buried setting somewhere.

8
6
Anonymous Coward

Re: it's pretty obvious how to turn it off

"It's not a case of being obvious, it's a case of the power of the default. If DNT is enabled for everybody then marketing networks will simply ignore the preference altogether claiming quite rightly that it does not reflect the user's choice. This in turn renders it a worthless setting."

It's already a worthless setting. It does nothing other than express a preference that scumbags will happily ignore anyway. 'Apache dude cuddles up to big business and acts like an ad-agency knobhead' would have been a better article title.

"One could say that Microsoft cynically enabled it by default because either a) it shuts out competitors from gathering data from the Windows 8 ecosystem, or b) it voids the purpose setting completely. Either way Microsoft stands to gain."

Conversely one could say all you argument does is illustrate what a pile or shite DNT currently is.

11
5
Silver badge
Stop

Re: it's pretty obvious how to turn it off

Windows 8 will be loaded down with Bing apps which will be analogous to Google apps on Android. They'll be tied into a single sign on through Live.com in much the same way too and will be tracking your location, searches and all the rest. If you think for a second that these will honour your privacy you're living in cloud cuckoo land. The primary reason for DNT is to give MS an unfair advantage in gathering data and in setting up their own ad services and to shut out other providers.

I'm running Windows 8 (release version) and you're wrong. The apps included make very sure that you agree to any service - location, whatever - that they use before allowing you to use them. Some offer opt-outs at that point, too.

What you've forgotten is that somebody who installs Windows 8 is Microsoft's customer. That's very different from Google, where you are their product and the advertisers are their customer. One could easily say that both companies are interested in keeping their customers happy.

The individual user's task here is to figure out which one works better for them. Do you want to buy some software or do you want to be sold to a spammer? Your call.

12
9
FAIL

Re: it's pretty obvious how to turn it off

It would seem that Firefox has the same default behaviour. Navigate to http://www.mozilla.org/en-US/dnt/ and it shows you what your setting is. I've certainly never explicitly ticked the box in the Tools -> Options -> Privacy tab, although perhaps it slipped past my beady eyes when installing it. Either way, DocFielding should now submit a patch to ignore the FF setting, obviously.

FAIL for Fielding, not for FF (or MS, for a change)

6
1
FAIL

Re: it's pretty obvious how to turn it off

if i could down vote you 3 times i would

((( @dogged

Windows 8 has several good points. DNT is one of them.

Personally, I use Firefox but I have to go and find the setting every damn time I install it. For the "default" browser that the technically non-adept are likely to use to turn off tracking by default - that's a good thing by the standards of anyone who isn't just out to score points against Microsoft.

If Opera did this, the fourteen people who use Opera would be crowing it from the heavens.)))

DNT was never meant to be enabled by default, this was to be expected to happen <DNT enabled> what browser IE10 Ignore DNT flag as its not been set by the user

AVG is as bad as it installs an DNT plugin that enables DNT by default on all browsers where the plugin is supported (if you uninstall it iAVG nags you to death to reinstall it), maybe some one important can give AVG the up on not to do with DNT

3
8
Silver badge

Re: it's pretty obvious how to turn it off

"You could say that but you'd be wrong. Windows 8 will be loaded down with Bing apps which will be analogous to Google apps on Android. They'll be tied into a single sign on through Live.com in much the same way too and will be tracking your location, searches and all the rest."

Actually it's pretty easy to see what information a ModernUI app is asking for and grant it or refuse it. I've been using Windows 8 for a while and it's pretty good about this sort of thing. Microsoft and Google have fundamentally different business models. Google sells your behaviour to advertisers to make their money. Microsoft ask for the money from you. You're the customer with Microsoft. With Google, the advertisers are their customers.

5
3
Anonymous Coward

Re: Firefox has the same default behaviour

I don't know what you've done to FF, but I've never changed mine and it says Do Not Track is OFF

2
0

Re: Firefox has the same default behaviour

> I don't know what you've done to FF, but I've never changed mine and it says Do Not Track is OFF

How peculiar - on my home machine it's off. Both machines were fresh installs, one from a corporate server on WinXP (where it was turned on) and the other a domestic Win7 rebuild (turned off)...

1
0
Thumb Down

Re: it's pretty obvious how to turn it off

The snide remarks about Opera are tiresome. And anyway Opera 12 has a Do Not Track option, and the default is off.

2
1
Silver badge

Re: it's pretty obvious how to turn it off

I think Roy Fielding, a main contributer to the http spec and producer of this <http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation_2up.pdf> which I've read and likely not one of you other posters have, did the right thing. I think he handled it badly though.

DNT only works if there is there is reason to assume a user has made the choice freely and knowingly. MS was using a standard for its own benefit against google. They did not care about the users on this and anyone who thinks they did, or that it will benefit them for very long, isn't so bright. Quite frankly if the commenters here are too witless (on a tech site of all things) to work out the basics of how to go further than not track, how to actually block ads and all connections with web servers, using the most basic facility of a block list and downloaded from <http://winhelp2002.mvps.org/hosts.htm> which ***even includes a batch file to insert it for you***, then you have bigger problems than cookies.

All these angry, angry sheep blasting out their righteous fury into the mockingly deep comments bile-pit of the reg without having too much idea that their online privacy is a bit wider than a tracking cookie -- please install windows 8 for your own protection and enjoy your last bath in mint sauce.

(NB there are some here who may or may not agree with me but made some intelligent points, thank you)

1
1
Silver badge
Thumb Up

*snork*

From a comment -

"Wow. Just... wow. I had not realised just how much @royfielding's employers make from the User Tracking business.

http://www.adobe.com/uk/solutions/digital-marketing.html

"

Well played, sir.

16
0

This post has been deleted by its author

So why not change the option text from "do not track" to "let anyone follow my every move" and the default can remain unchecked.

4
0
Joke

Or what it should always have been called "please be nice and honour my request that you do not track my activity" - PBNAHMRTYDNTMA for short

1
0
Paris Hilton

waah waah waah..

.. i'm a big girls blouse is what i heard from the Apache guy here.

He has found an angle to have a go at MS and big up his own software. Are we surprised?

Bored now.

11
8
Anonymous Coward

Irony...

"@royfielding you have a PhD FFS, you should know better than to leverage open source to sneak in your own personal political agenda"

From what I've seen of folk getting PhD, it's the icing on the cake that gives them the arrogance to start to leverage their own personal political agenda.

AC, 'cos I want to keep my cushy job in academia :)

7
3
Anonymous Coward

Re: Irony...

"@royfielding you have a PhD FFS"

intelligence != common sense

2
0
Anonymous Coward

Re: Irony...

The arrogance of Fielding is astonishing. Why is choice of browser any less valid a choice than choosing some setting in a browser? MS have publicised the DNT default enough for people to actively choose IE over another browser because of that feature. Is Fielding saying that they shouldn't be allowed to make such a choice?

It's pretty clear that Fielding has a problem with MS. Here we have a company selling a large amount of proprietary software doing something good for the consumer. And on the other hand there's an open source proponent saying that consumers shouldn't be allowed to benefit. Normally one would expect it to be the other way round. What an a-hole.

5
4
Anonymous Coward

Re: Irony...

It is a little like MS automatically setting the URGENT flag in TCP.

By giving traffic from MS hosts a default setting which gives the users an advantage, everyone now ignores the urgent flag. Just because some traffic from an MS host might be urgent, doesn't excuse setting the flag for everything.

The point is that while some people choose IE10, the vast majority of IE10 users have not made a conscious decision to use it over another browser, so the DNT option is not a choice. Opera users, however, probably did choose their browser and therefore a large number probably did choose the attributes associated with it.

0
1
Silver badge

Well now I've seen everything!

Microsoft are the good guys and Apache the villains.

What is the good of a choice if you're only allowed it on the condition that you choose what the other party wants you to choose? What the advertising industry is saying is that sure, you can have your token gesture of privacy so long as only a statistically tiny handful of people use it and all their friends, family and everyone else they know continue being tracked. Some people think that it's fine to have it off by default because they themselves will turn it on. Well I find that rather self-centred. If one thinks that privacy is a good thing (and rather obviously from my post, I do), then why should it be the preserve of the technologically aware only?

I support MS's on by default approach and if that leads to advertising companies being forced back to the negotiating table, so be it. I do not favour a policy of keeping feeding the tiger so that it doesn't bite you. The tiger just gets bigger and more comfortable and demands more. If the whole world ends up giving up its right to not be tracked and monitored on everything they do, then eventually, even those that are technologically competent will find themselves out-manoeuvered at some point and there will be no legal recourse of chance of drumming up popular opposition to when the ISPs decide they're going to record all your habits at their level or the next Phorm, because society will have reached the point that it is a given you are monitored and tracked by corporations.

A choice you're only allowed because you don't exercise it, is a false choice. A choice you are allowed on the condition you leave the rest of society to deal with consequences you dodge, is not an especially ethical choice, imo. I understand the Mozilla foundation criticizing it - about 85% of their income comes from funding from Google, basically "search royalties" - but I'm very disappointed in the Apache Foundation.

26
4
Silver badge

Re: Well now I've seen everything!

Microsoft aren't the good guys. They're just trying to stick it to Google by shutting them out of Windows 8. I bet if you were to read the shrinkwrap that comes with your Windows 8 / RT device that Bing / Microsoft would be exempt from honouring DNT themselves for one reason or another.

11
16

This post has been deleted by its author

Silver badge
Stop

Re: Well now I've seen everything!

Actually, the license has been reworked and rather straightforward.

Bing and other MS properties are not absolutely exempted from DNT.

But nice try. Do you work for Adobe? Or Google?

11
9
Silver badge

Re: Well now I've seen everything!

"Microsoft aren't the good guys. They're just trying to stick it to Google by shutting them out of Windows 8. I bet if you were to read the shrinkwrap that comes with your Windows 8 / RT device that Bing / Microsoft would be exempt from honouring DNT themselves for one reason or another."

Assuming you think advertising corporations not following everything you do online is a good thing (which I do), then we the public benefit from having DNT on. Whether MS also benefit from that or not doesn't change the benefit to me. And it's not the place of some individual in the Apache foundation to decide whether or not W3C standards should be followed. (And IE10 does follow the standards in this - the choice is clearly presented to the user with clear and unamigiuous language).

And you'd better be sure about your comment that MS ignore DNT themselves because otherwise you're just creating groundless FUD which would be unethical. Though I'm not really sure what you mean. Are you saying that MS might somehow reach across the web and turn it off for particular sites or that microsoft.com doesn't honour DNT or what? Because DNT is something that exists between the browser and the web server. It's not something that gets routed via Microsoft HQ. I don't think IE10 contains a secret list of MS's friends that it doesn't send the DNT header to.

As to your comment about "sticking it to Google" in general, Mozilla get hundreds of millions of dollars from Google for making its search engine the defaults for their browser. Do you also object to Google "sticking it to Microsoft?"

6
5

Re: Well now I've seen everything!

"we the public benefit from having DNT on"

I do kind of agree with the sentiments of "Apache man" (the world's worst superhero). Having it on by default dilutes the purpose of user's choice in the eyes of advertisers.

It would be like everyone in the UK automatically being enrolled on the original TPS list, which (until this year) had no penalty for companies breaching: everyone would just ignore it.

Unfortunately, his logic falls down in that if you followed his advice and asked every user on the first run, I'm willing to bet at least 95% of people would still enable it (depending on wording), so you'd get the exact same result.

TL;DR: DNT is a bit of a joke.

5
0
Silver badge

Re: Well now I've seen everything!

"Actually, the license has been reworked and rather straightforward."

And you've seen it have you, in which case where is it? I can see the Windows Phone privacy statement online at the moment and it more or less reinforces the point I was making, namely that the apps on the device need to obtain lots of information and what opt-outs MS provides don't cover the stuff MS gathers and are certainly not the default settings either.

"Bing and other MS properties are not absolutely exempted from DNT."

Sure they are. Bing Maps isn't using IE 10 so therefore the IE 10 setting is not applicable is it? Same for other apps. It might be a web request, but that doesn't mean it's IE. They'll make sure that the data gathering falls outside of general browsing, yet it will still be tied for most people's single sign on.

I'm sure that Microsoft will keep the data private - to themselves, but that does not mean they are not gathering information by default and won't monetize it.

"But nice try. Do you work for Adobe? Or Google?"

No, and Google are just as bad. You just ascribe saintly acts to a company which has very little reason to perform them and plenty of reasons to harvest that data for its own ends. It may be that there are some settings in the OS to tone down or anonymize things other than web search, just like Facebook, Google, Amazon et all provide them too buried somewhere.

4
5
Bronze badge

Re: Well now I've seen everything! DNT Honeynet/Blackhole

The ONLY (or possibly only) way for DNT to be effective is if things like Better Privacy and the rest are fashioned into a sophisticated in-browser honeynet and adverft blackholer. Or, if some false return bot system could be in it to feed false info to the more brazen collector ad sites. If they WANT info, GIVE them info -- just make them waste their marketing dollars. That will teach them to sell real products, not other people's information. I SOMEtimes respond to ads, but not to very many. Response to too many just gives rise to more unwanted stuff. If I'm interested in ads, it's usually almost exclusively to products I have already purchased or read about in forums I specifically join to learn more about the product or its analogues in the field.

Too damned many moguls and their networks know tooo damned much about too damned many of us. At some point, they're just sloshing around leads information like laundry -- dirty or clean. At some point, the reality is that they're awash in redundant, elusive information when people's moods dictate what they will really respond to. Unfortunately for them, some of these ad businesses operate on artificial funds on hopelessly sinking platforms.

1
0
Anonymous Coward

Re: Well now I've seen everything!

'And you've seen it have you, in which case where is it?'

Everything you want to know is here :

http://www.microsoft.com/privacy/default.aspx

Well that was hard to find wasn't it. You might have to do a bit of reading and click a few links to find the exact privacy policy regarding the exact piece of software/service that you are looking for but it's all there and it doesn't read like a legalese dictionary. It's so easy to understand even you might grasp it once you get over frothing at the mouth about how evil Microsoft are

5
0
Silver badge
FAIL

Re: Well now I've seen everything!

And you've seen it have you, in which case where is it?

It displays pretty clearly when you install the OS.

2
0
Silver badge

Re: Well now I've seen everything!

"Everything you want to know is here :

http://www.microsoft.com/privacy/default.aspx"

Er no it isn't. Where is the privacy policy for the whole of Windows 8 which I asked for? Where do Microsoft say what data they gather? What purpose is the data gathered for? What options are available to disable that data gathering?

I am well aware that there is an IE10 DNT setting but that is not the same as what happens in the Bing apps or MS services. I've said this more than once and people don't appear to get it.

There is also the small matter of people confusing data gathering with privacy. Microsoft undoubtedly gather data every time you use their apps or services. They might hold it privately (partly because such data is valuable) but that does not mean they do not gather it or monetize it through marketing, targetted ads, search results, restaurant suggestions etc. MS are no different from Apple or Google. All of them have reasonable sounding privacy policies, but privacy does not mean they do not gather data and make use of it.

0
1
Silver badge
Boffin

@DrXym

This is interesting, so I've been poking about in the Win8 SDKs to try to find the information you're looking for.

1. There's an explicit setting when you install Win8 regarding whether apps are allowed to send usage metrics to Microsoft. This data is collated under your Microsoft account provided you choose to allow it. If you choose not to allow it, no data is gathered.

2. The DNT:1 header sent by Internet Explorer 10 does not persist into apps. However, each app makes HTTP calls in its own session. You could in theory have an unlimited number of browser sessions open with an unlimited number of applications and there is no means of cross-referencing between them (unless done explicitly through Contracts, where an app sends a 1-way message to IE about, for example, what URL to open).

3. There isn't a Bing Maps app (that I can find). However, the SDK allows developers to build mapping functionality into WinRT Metro apps. Apps can only communicate with each other through Contracts (see #2). This does create the potential for an unscrupulous app-maker to implement app-to-app tracking, but only for apps which they themselves developed. None of the MS apps available implement this (and it's easy to tell because the source code for all the "majors" is provided in the SDK as example code).

The summary is that you could probably track users via apps if you could make them use many of your apps all at the same time but MS don't (and publicly say that they don't). You could not track users between apps and IE10 or (and because this would imply dropping to Desktop mode, I can be certain) between apps and any other browser.

If you wish to indulge in tinfoil-hattery, you could theorize that MS track everything via Microsoft account (if you use one) and that the released source of their apps is not the production source of their apps but that's delving deep into "they'm watchin me with rays, them and their big weasel" territory.

It's in Microsoft's best interests to appear to be the "The Good Guy" to their customers. Advertisers are not their customers, users are. Therefore, the logical take-home is that MS is unlikely to fuck over their customers.

You could say the same about Google but in that case, the advertisers are their customers while the users are not.

3
0
Silver badge

Re: @DrXym

Oh, and anyone who says that IE does not EXPLICITLY offter the option regarding Do Not Track might like to examine this screenshot of the Express (not Advanced!) Win8 setup.

IE Express Settings

3
0
Silver badge
FAIL

Lame decision IMO

"But unless the user actively turns it off – or on – the advertisers can choose to ignore the default setting, Fielding argues."

I think its a very lame argument. You can think of Microsoft what you want but they have shown time and time again that when it comes to privacy concerns they're taking their job very seriously. From their web services as SkyDrive where the policies clearly show that whatever you put up there will always remain yours, right to their mobile environment (Windows Phone 7.5) where all tracking options are either turned off by default, or it comes up with the question to turn it on at first use (Microsoft is interested in your browsing history, virtual keyboard usage, speech recognition history, etc.).

Has Fielding ever considered that the only reason Microsoft did what they did could also be an honest attempt at protecting their users?

I would have expected a much more professional approach than this to be honest.

14
3
Anonymous Coward

Re: Lame decision IMO

"Has Fielding ever considered that the only reason Microsoft did what they did could also be an honest attempt at protecting their users?"

Except that it's not, because advertisers will only honour DNT so long as the specification is held that users enable it as a choice (on the assumption that most won't so it won't hurt them too much).

It's an honour agreement between advertisers and browser manufacturers, one which Microsoft have now broken, meaning the advertisers are now able to ignore the DNT header for all browsers - hurting all users.

That is Fielding's motivation for his commit rage - which I think was done in completely the wrong way.

4
0

Wanker!

15
6
Happy

...and that, ladies and gentlmen, is our winner of 'Informed Comment of the Week'.

6
0
Silver badge

Well they could have written "individual who arbitrarily decides to affect the behaviour of millions of web servers around the world without consultation or approval and in defiance of what the W3C guidance", but 'wanker' is shorter.

6
3
Anonymous Coward

Its easy to fix.

Have an option screen with

Please se

Yes (in green) Use Internet Explorer 10's Enhanced Privacy Features. Enable Do Not Track option. Your privacy will be protected and your browsing will not be tracked across sites.

No (inb red) Disable Do Not Track privacy feature. Your browsing habits will be tracked across multiple sites. The information will be sold to other sites for spam and advertising purposes.

Or somethign similar. They could easily fram an option screen in such a way that most people will select a certain option.

2
1
Gold badge

Re: It's easy to fix

Your text for the green option is missing the words "unless the advertiser decides he doesn't give a fuck what you think and prefers to track you anyway".

10
0
Silver badge

Re: Its easy to fix.

Actually the set up screen for IE10 does tell the user about DNT and does so in pretty clear and ambiguous language and does offer a choice. Quite honestly, what proportion of people, when they understand what it is, are going to say: "yes, please, I do want private corporations to track me"? It's going to be pretty low. So really, Fielding's objections seem to basically be that Microsoft are making people a little too aware of the choice. He seems to prefer that it should be tucked away like in Firefox, left there only for the people who read forums like El. Reg. Anything else, he seems to think, will only anger Saruman the advertising companies and provoke their wrath upon Rohan us. Better to keep buying them off as Grima Wormtongue counsels.

4
3
Vic
Silver badge

Re: Its easy to fix.

> in pretty clear and ambiguous language

Errr....

Vic.

0
0
Anonymous Coward

WTF ?

What the heck is this guy smoking ?

He accuses Microsoft (Gosh, I never thought I will come defend Microsoft!) of abusing open standards while himself pushing a patch to ignore those settings. Come on, dude, you can't have two defaults here: Apache web server will ignore DNT settings until they will be turned on or off so the default is OFF (like in Do track me).

And in the end, it is not the bloody damn business of his piece of software to decide that I am "a real human being, with a real preference for privacy over personalization", will I have to beg a web server to believe me ? What a jerk he is!

16
5

Page:

This topic is closed for new posts.

Forums