no, no, no
"the privacy mechanism should come in the form of a cookie or other persistent web browser setting."
No... The privacy mechanism should be as standard, and a persistent browser setting should be used to opt *in*
The Federal Trade Commission recommended consumers be given a “do not track” option that prevents websites and advertisers from compiling data about their web-browsing habits. In a report published Wednesday, the consumer watchdog agency said the privacy mechanism should come in the form of a cookie or other persistent web …
Hi website I don't want to track me. Please can you give me a cookie to flag that I don't want you to track me. Please then look for that cookie every time I go to your site so you'll know not to track me. To prove that you're tracking my desire to not be tracked, please log every time I visit.
How about a "DO Track" option for the "nothing to hide, nothing to fear" brigade who don't mind their data being mined, pimped and retained indefinitely, whilst the rest of us who object to being viewed as walking, talking bags of money by advertisers and marketers can be free to browse the internet privately, safe in the knowledge that we might be looking at ads that aren't specifically tailored to our browsing history.
...alternatively, make such tracking illegal and then we don't have to worry about it.
But that would be too simple, no?
By the way, spotted this the other day :-
http://www.thinq.co.uk/2010/11/30/facebooks-button-tracking-you/
...and then prompty installed the "Cookie Monster" plugin for Firefox!
Meh, so each time I clean my cache, I'll have to remember to keep the only good cookie in the jar? My vote goes for the web browser setting, but how are they going to implement that? Create a standard for it? Anyway, I'm not too bothered: AdblockPlus does the job for me.
Gaol time for the leaders of companies caught at it? Fines wouldn't deter Google/Microsoft et al.
In fact, even porridge wouldn't do it as the lawyers would just string it out and plea bargain.
A way has to be found to either make the data valueless or prevent it being captured.
We don't track you... what data? How did that data get there... it was collected by mistake, it was ummm a programming error by a junior coder. We will destroy the data as soon as we are finished with it, I mean as soon as we finish our investigation of how it happened* and make sure it will not happen again.
I seem to remember hearing something like that some place...
*that is, how we got caught
google is going to be exempt from this.
why do we live in an opt-out world? Why can't we have an opt-in world?
Why do we have no control over our credit reports?
It didn't seem that bad before but now the same companies that run the credit reporting agencys also are invested in making money off the information.
...especially given the aftermath of the recent Wikileak release:
"staff believes that the extent of access should be proportional to both the sensitivity of the data and its intended use"
Haha, thank you government for that little bit of sage advice. Pot... kettle much?
As masochist as it sounds I actually intend to read into this more, but at first glance this seems to have all the trappings of ineffective bureaucratic hot air. There also seems to be quite a bit of fawning, if not deference to the status quo:
"businesses should be able to engage in certain “commonly accepted practices” without seeking consumer consent"
We could do with a bit of that on this side of the pond. We're well on our way to a mark II RIPA rip off, and I'm sure that once the ConDems really get the bit between their teeth their beloved party donors can expect to have the entire UK populations stats, details and habits to slice 'n' dice as they please, EU protections notwithstanding.
Not perfect though. I'd be unsurprised to see the "don't track me" cookie used to rather effectively do the opposite of what was intended by the less than scrupulous, who don't seem to be in short supply these says.
The thing with 'growing the economy' is that someone - usually the consumer these days - has to take it up the rear sans lubrication, and listen to a little political homily as an unwanted bonus.
privacy by design == security by design ?
security by design => privacy by design ?
privacy by design => security by design ?
Are these the same ? Or one implies the other ? They are clearly related. Security will be required to prevent "unscrupulous" webSlime from circumventing any regulatory or technical mechanisms.
And since security by design has not been, or ever will be, achieved, privacy is unlikely.
And how long has it been since anything on the web was scrupulous ?
As usual this stuff is "agreed", they will never go so far as to impose sanctions or financial penalties against these scumbags. I realise there are grey areas, for example I don't want a £20,000 bill just because my local steam railway enthusiasts site accidentally put a cookie on your browser, all the same I am sick and tired of being treated like a piece of meat by these "data collection agencies".
Here we go:
Got get the latest version of Firefox from http://www.getfirefox.com
Having installed the latest version of Firefox go to "Tools" and then "Add-Ons" and then look for the following:
*Google (DoubleClick) Advertising Cookie Opt-Out - http://www.google.com/ads/preferences/plugin/ Opts you out of tracking cookies from DoubleClick, now owned by Google.
* Google Analytics Opt-out Browser Addon - http://tools.google.com/dlpage/gaoptout (also available for IE & Chrome)
* Beef Taco - https://addons.mozilla.org/en-US/firefox/addon/180650/ This installs over 100 opt-out cookies in an instant. Easier and much more thorough than going to the NAI site.
* Better Privacy - https://addons.mozilla.org/en-US/firefox/addon/6623/ To deal with LSO / Flash cookies.
* Flashblock - https://addons.mozilla.org/en-US/firefox/addon/433/ To prevent flash objects and ads from running unsolicited. Gives you a little icon which you can click to see the content.
* CS Lite - https://addons.mozilla.org/en-US/firefox/addon/5207/ Puts a little icon on the bottom of the browser and allows you quickly and easily allow cookies permanently or for the session
* Ref Control https://addons.mozilla.org/en-US/firefox/addon/953/ Simply control what is sent as refferer. I set it to forge. Thus the server at the destination site will see itself as the originator of the visit. This helps prevent profile building.
* Track Me Not - https://addons.mozilla.org/en-US/firefox/addon/3173/ Sends not quite random search requests in the background. This prevents accurate profiles being built from your real search queries.
Also, of course, AdBlock. Although one could argue that most tracking is dealt with pretty well with the measures outlined above
Paris, cos she don't mind being tracked
How would an opt-in system actually work, if there's a mechanism which is set to 'private' by default?
If a browser install/update comes set by default to 'private', how would a website know whether that was a choice, or just someone leaving the default settings unchanged?
That is, if there was a user who was previously implicitly relying on tracking working, when it stopped working, how would they know what had happened?
It'd be possible for a site to ask whether someone really wanted their setting to be private, of course, but would people with a setting of 'private' want to be repeatedly asked if they wanted to turn privacy off?
I might want a setting of 'private, and don't ask me about it', but would that be something that should actually be the default, if it could potentially break someone else's experience, and explicitly not give them the chance of being warned?
I could be asked at the browser install/update, of course, but then it effectively becomes neither opt-in or opt-out, but opt-either-way.
The idea of the privacy advocates is that any form of personally valuable information should not be obtained by any other party unless they are (a) government and keepers of that data anyway for legal reasons, or (b) given your EXPRESS and EXPLICIT consent to do so, and this consent would follow the "lazy" rule (to borrow from RegEx parlance) in that it applies only to those specific instances consented. Anything beyond that, or any extension of the instance would require another explicit consent.
And for those who break the rules? For accidental exposures, they could be charged with criminal neglect. Intentional instances may be construed as Identity Theft. Oh, and either instance could result in civil damages, too.
I thought the article was about a potential global browser setting to stop sites doing tracking, and that indeed seems to be what the referenced PDF was talking about (pages 66-67).
I wouldn't particularly want individual sites keeping asking me for consent, and indeed, if I was going to refuse consent, unless they were going to ask me every visit, it would be hard for such a system to work without their making some record of what my reply was.
A setting I could /choose/ to set on my browser for 'don't track, don't ask' would be the best solution for me, though it would be something that might not be ideal to set as a default without asking the user (since by its nature, such a setting might not make its presence obvious to everyone.
"A setting I could /choose/ to set on my browser for 'don't track, don't ask' would be the best solution for me"
OK, in non tech terms, change to Firefox and install some of the anti tracking and anti cookie addons like noscript and better privacy, you get asked initially once you visit a site to allow tracking or not and the addons remember your preference.
The key concept here is you have to take your own measures if you want to maintain your privacy.
If we can't track you, we can't log you in. Could be interesting..
Also, tbh, websites like google and facebook make their money out of tracking and monetizing that information. I could easily see them both excluding users who don't allow themselves to be tracked.
... the default should be AUTOMATICALLY OPTED-OUT and only those people who, for reasons most of us aren't going to understand, specifically want to be tracked should be trackable.
That way, advertisers are going to have to come up with a very good explanation why being tracked benefits the end user -- and the silent majority who don't understand and don't care remain untracked.
In the UK at least, this should always have been the default if the UK Data Protection requirement not to collect "unnecessary" information had been interpreted sensibly as meaning that only information*absolutely* needed to do the job (rather than information that is wholly or mainly for making illicit profits) should be collected at all.
The article and relevant bit of the referenced pdf document seem to be talking the possibility of a one-off browser setting to inform sites that someone doesn't want to be tracked, so on a site-by-site basis, potentially people wouldn't need to be asked at all if there was the option for a setting that told the site people didn't want tracking *and* didn't want asking, as well as a setting for 'ask me first if I want to opt in'.
A setting like that seems to be the kind of thing that is probably best not having a default setting at all, but requiring the users to actually configure one way or another.
"The Federal Trade Commission recommended consumers be given a “do not track” option that prevents websites and advertisers from compiling data about their web-browsing habits."
*I* recommend consumers be given a "please track me" option, and a __TRACKME__ cookie that can be implemented in browsers to be served to any site that asks for it.
Anything else is just waffle by people that either genuinely don't understand privacy, got paid to not understand, or just don't care.