I'm really baffled by this
With Firefox, if you set the cookie "Keep until" to "When I close", then you erase all cookies every time you close the browser. Why isn't that better than trusting the website you visit to honor a "do not track" flag?
Mozilla is planning to add a so-called "do-not-track" feature to browsers for Firefox users who want to outfox cookie-bothering behavioural advertisers. The open source browser maker's global privacy and public policy wonk Alex Fowler admitted that convincing website operators to agree to such a proposal remained a big …
And sure, yeah, I really feel safe about this opaque blob of closed-source binary code with the four-color glossy website that promises to "protect my identity". Oh, and "how to help: download our crap, tell your friends it's chocolate ice cream, then send us money!"
Yeah, that's just trustworthy as *hell*. Shill, much?
<cynicism> "Meanwhile, the world's largest ad broker Google is reportedly set to announce a "keep my opt-outs" privacy tool later today, that will allow its Chrome browser users to scream "in your face, OBA!" - or something. ®"
Of course, knowing Google, they're going to allow themselves a back door or other workaround so they can still collect the data. As for Microsoft claiming to wanting to respect the user's sphere of privacy: huge, rolling laugh!</cynicism>
That aside, I find this sort of thing to be a little overdue, though the header approach suggested by the Mozilla Foundation will of course only work so long as the operators of the web sites actually respect those headers. Which I doubt the more commercially-oriented ones will do.
...this is still relevant:
Your post advocates a
(x ) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting trackers. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.):
(x ) Requires immediate total cooperation from everybody at once
Specifically, your plan fails to account for
(x ) Dishonesty on the part of trackers themselves
(x ) Extreme profitability of tracking web users
and the following philosophical objections may also apply:
(x ) Any scheme based on opt-out is unacceptable
Anyone who hasn't seen this before will just have to wonder what other options there were (and what I put in the "Furthermore, this is what I think about you:" section). Those who have know what it contains, the reasons why it won't work and are probably having a damned good laugh.
I've never understood why no one has been arsed to write a random cookie stuffer.
Everytime they ask for their cookie give them some total pile of tripe. They've probably never coded for it and so their site will find all sorts of interesting features. If enough people did it then they'd soon stop.
What would happen if you gave them a load of binary zeroes. The maximum size of a cookie stored in a browser is 4Kb (well, true for IE, other browsers may vary), but what happens if your plugin sends back 4097 bytes? Can you make their cache overflow? If the tracker is specifically expecting a certain length cookie, what happens if you send them back too little or too much? Can you cause crashes on the ad server? If the cookie contains data with some sort of semantic meaning, can you cause it to form a logic bomb (e.g. self reference to cause an infinite loop, or infinite recursion)?
I wonder if FF already has any plugins which do this sort of thing?
"I've never understood why no one has been arsed to write a random cookie stuffer.
Everytime they ask for their cookie give them some total pile of tripe."
Actually, I started to do this about a decade or so ago. I stopped when I realized that if _I_ were distributing cookies, I'd protect myself by generating cookies which contained a cryptographic checksum. Then when I received a cookie back from a browser, I'd check whether it self-validated before using it.
I have no idea whether companies like DoubleClick do this sort of thing, but I can't escape the conclusion that if they don't, they wouldn't be able to stay in business.
There needs to be more rules to protect people's privacy from corporations with more power to exploit technology than the average person has to protect themselves from new threats. People are misled concerning cookies. They've been misled about things like Do Not Track and net neutrality. And they've even been misled about the benefits of targeted advertising. Obviously Do Not Track is not enough, but it would provide for a standard for opting out that would be the same for all clients (browsers) and servers (advertisers). If there is going to be a standard for opting out, there should be a standard for what opting out means and how it will be enforced, too.
Relying on self regulation won't work for this reason, but if users and law makers were better informed, a Do Not Track system that was effectively backed up by law could work without requiring a third party to maintain lists, servers, or other systems. (Although it would make more sense to to give consumers privacy rights against unethical business practices and all forms of tracking embedded in technology.)
Until laws are passed to back up Do Not Track headers sent by browsers, all the Do Not Track plugins endorsed by browsers are simply deceptive marketing techniques and all unofficial ones are simply a proof of concept.
I have a website with cookies. it provides real and popular info that people enjoy visiting. I offer products around the subject for sale. you choose if its of interest. I pay to host this site from the income it generates.
Stick on ad blockers and cookie tracking blockers and my site is too costly to run, so I will shut down and people will loose a useful resource on the subject.
the majority of cookies are harmless and help support sites to keep open. but dont block them because big chunks of information will just vanish...
I understand your point. Personally, I use ad blockers for the purpose of random surfing around, but tend to whitelist the web sites I love and visit frequently. I also randomly click on ads on such sites every now and then even if I am not interested, just to show a little support. This, in my opinion, constitutes a fair compromise.
Having said that, however, you must realize that the only way of ensuring you get paid for the content and service you provide is to either ask for voluntary donations or build a paywall. There is no replacement for real money.
People really need to stop this Knee jerk reaction that "advertisers tracking" is bad.
Online ad providers do not track the private data of the user, instead Online ad providers track their OWN data and that of the merchant.
In fact, you get more privacy than you do with you banks tracking, that tracks not only only all your exoctic purchases, but knows exactly who you are and the very location the purchase was made!
When you get cookied by an ad provider - they dont store "John Smith, Male, 32, Single/Married/Other" instead they store a code chain that tells them "The operator of this browser click on [advertisers link] on website [X] on date of [x]"
Later on the advertisers site, that cookie is "read" and sales data reported to the ad provider by the merchant why........ so the provider can pay commission to the referring website of that user.
Again at no point is it possible to determine the "Person" that bought any product, only the origin before the users came through.
Want to see how much ad providers help the "common user" ? Well Google loyalty sites! Loyalty sites use ad providers to track their users across hundreds of merchants....... but they pay the USER the commission that they make off those adverts.... sometimes up to a hundred pound sterling for something like a mobile phone contract.
As some of the folks who run websites say, unless they can collect someone's data (or have another source of revenue), they can't stay in business. I'd like my 'net services to remain free, so unfortunately, those who don't know any better must suffer.
I prefer not to trust others to protect me if I can do the job myself.
There are plenty of tools available which will help preserve your privacy on the 'Net. When I want to surf anonymously, I surf using a Linux "live CD". There's no personally-identifiable data on the system, so I don't even have to trust Mozilla. (The hard disk on my laptop is encrypted to protect the data if it's stolen, so even if the live CD tried to be helpful, it can't mount any filesystems from the hard disk.) When I'm through surfing, I reboot and ALL information related to that session vanishes. Of course this prevents bookmarking sites, but security and convenience are often at odds.
If I were a little more paranoid, I'd put The Onion Router (TOR) on my firewall then create a (very slightly) customized live CD which used my TOR installation as a proxy server. (Using TOR would prevent the target website from seeing my IP address, and prevent my ISP from seeing the website's address or any data I exchange with the website.)
If you wanted it to be more convenient, you could probably copy the live CD to hard disk, then run a copy as a virtual machine. You'd just have to remember to delete the virtual machine after each session.
Biting the hand that feeds IT © 1998–2019