but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so
A smart reaction to the given reason companies were ignoring DNT. But as long as more than X% of people enable it, websites that want to track will keep coming up with lame excuses to ignore it.
Hopefully those who are privacy-conscious will be able to use some kind of browser extension that checks for the "Tk" header response and also has a list of known offenders. Defining whether a site is an offender or not and what institution is going to keep track of that is the hard part though.
> websites that want to track will keep coming up with lame excuses to ignore it.
DNT is a political solution, IMHO. Many websites and industries claim that consumers accept tracking. If the consumer sends a contrary message every time they connect, tracking them anyway is a practice that is difficult to defend in front of the FTC and Congress, and in the court of public opinion. On another level, it's simply rude.
Would hold a lot more water if it weren't a NEGATIVE affirmation, with an unreasonable default (assuming most people WANT to be tracked unless they take the trouble to tell you otherwise?)
Option should have been "Track Me", unselected by default. If a person wants to be tracked, let them say so.
I think this is definitely true. If my parents were prompted when they installed IE with an explicit message that said "Do you want to be tracked by websites you visit in Internet Explorer?" my dad's response would probably be "wtf they can do that?" and then promptly select "NO".
You have to assume they at least wouldn't allow the question to be presented in a straw-man manner like that; nobody would agree to being tracked if they didn't see what the point of the tracking was.
The actual positive form of the question, ignoring the politics and just thinking about user intent, would be something like "Do you want this computer to serve a unique fingerprint to websites, allowing companies to both reconstruct your identity between sites on their network, or to persist your identity after you have purged cookies and other session data? Companies tend to use this tracking ability to enhance your advertising experience, to collect statistics on the usage of their sites, and to ensure they don't double-count you. Malicious uses of this data are also possible, though currently rare."
The important bit of the question, when phrased this way, is that it doesn't just ask about a mechanism (the DNT header), but about the user's intent—and because of that, it's activation state could be made to control all sorts of things besides the DNT header. For example, saying "no" to the question should cause the browser to try to add some per-domain jitter to its answers to questions about what links are visited, what fonts are installed, what the User-Agent string is, etc., so that the browser can't be fingerprinted.
I don't understand your opinion regarding any kind of straw man fallacy. Can you elaborate on where the fallacy emerges?
The idea that advertising needs "enhancement" sounds suspicious. Couching the premise of the question in 77 words of pseudo-legalese-style terms and conditions would muddy the waters, and sow confusion, and probably innure users to do anything to make the checkbox go away, so they can simply get to the internet.
Politics aside, that kind of twisting and turning smells like a dark pattern, in my opinion.
I think where the straw man fallacy comes from in what I set up is that it's not the websites themselves that are doing the tracking per se...it's your computer that's letting the company running the website know that this is a unique user. Because tracking in this manner isn't specifically illegal, a terms-and-conditions-may-apply statement probably is what's necessary. My original hypothetical question likely is too simple to survive a challenge. The "77 words of pseudo-legalese" that derefr posited would also help someone like my dad truly understand what's going on in the background and, heck, may even encourage him to research the matter more. Hopefully on a browser set to Do-Not-Track.
> nobody would agree to being tracked if they didn't see what the point of the tracking was.
An excellent point. It's like asking, "do you want to pay $100?" or "do you want to pay higher taxes?" without indicating the benefits you receive in return.
What does Do Not Track even mean if it does not signify the user's wishes? Why would people be expected to respect a request not to be recognized that somebody doesn't even know they're making?
In its current state, Do Not Track is literally meaningless. Any company that respects Do Not Track is probably just not tracking anyone at all, because as long as Do Not Track is the default, it does not actually represent a user's preference.
Well, for example, I've heard more than one person say things along the lines of, "If I'm going to see ads, I would rather see relevant ones than irrelevant ones."
But more importantly, this isn't a binary flag. People might want to be tracked, they might want not to be tracked, or — most likely in my opinion — they might not give two hoots. Similarly, when people walk into an physical place, they might want to be looked at, they might not want to be looked at, or they might not be particularly concerned with whether anyone in particular is looking at them.
I disagree I think. Non tech-savvy people, who don't understand the legal implications of default DNT or don't even know that they ARE being tracked, are precisely the reason why the user must be prompted. You'd never get a site-blacklisting to hold up in court otherwise.
It was always the intention of DNT to represent the user choice.
It was just not explicit that it should be OFF by default. Reviewers fault. Microsoft, made a Marketing stunt of enabling it by default 2 years ago, in practice killing the point of DNT and setting back the industry several years.
With a default option DNT would have no reason to be honored by any site owner. We could be enjoying native DNT tracking right now if Microsoft hadn't done that stupid dick move 2 years ago.
How many years we'll need before the number of users that already have DNT set to ON by default are negligent is hard to measure.
This should be a post apologizing for the trouble they caused and for destroyed the point of a W3C proposal that set back the industry for several years. Instead it looks like another Marketing stunt.
While I'm all for having DNT's default set to ON, how much does it really change?
Is there really any impetus for companies to not track you when you send a DNT header? Is there really any governing body that enforces it in any meaningful way?
I can imagine a release of a plugin similar to Privacy Badger or Ghostery that whitelists sites that honor DNT and follow a reasonable privacy policy. I'd use it.
This may seem paradoxical, in that this plugin would only work correctly by not sending DNT to those sites.
But I've found that some tracking cookies are useful (the one for editing Wikimedia projects, for example), and sites should be able to earn their way onto a whitelist, as long as they honor the requests of people who say "No. Don't track me. Not even you."
Really? Its Microsoft's fault? I totally agree that "Don't Track" should be the default. I get the new proposal as well - but to say that they somehow set it back is BS.
What is holding it back is that there are no teeth to it - no laws that you must respect it - and lots of rewards for ignoring it. That's what needs to change.
DNT is not a technology that will automatically restrict people from tracking you like adBlock for instance. The idea is that good citizens will honor your choice of not be tracked.
It needs buy in from both users, advertisers and publishers. If you make it so that you only get approval from users, advertisers and publishers will ignore it and the whole thing collapses. They already have very little incentive to honor it.
We could have seen laws, in the future, requiring business to honor it. But this move by Microsoft gave publishers/advertisers all the weapons they would need to fight those bills. It no longer express the choice of the users, and that was the key of DNT.
Microsoft move completely removed any possibility that publishers or advertisers could support it, basically killing the proposal. It is their fault. Do not expect to see anyone honoring it anytime soon.
> Microsoft move completely removed any possibility that publishers or advertisers could support it, basically killing the proposal. It is their fault. Do not expect to see anyone honoring it anytime soon.
Most advertisers that I read about who were also vocal against DNT said they would not honor it before Microsoft even made it a default. Quit kidding yourself that Microsoft's decision did anything but hasten its irrelevance.
At the very worst, it should have only been an unselected, mandatory radio button at install or first run. "Do you want IE to ask websites to stop tracking you?"
>DNT is not a technology that will automatically restrict people from tracking you like adBlock for instance.
But turning the browser-side setting into that? Now there's an idea.
> With a default option DNT would have no reason to be honored by any site owner. We could be enjoying native DNT tracking right now if Microsoft hadn't done that stupid dick move 2 years ago[...]This should be a post apologizing for the trouble they caused and for destroyed the point of a W3C proposal that set back the industry for several years. Instead it looks like another Marketing stunt.
You're taking this really far out into left field and what you're saying is incorrect. DNT is a useless standard; it requires the visiting site to receive the preference and act appropriately on it. There is no way to enforce that the site acts appropriately. Sites that want to track users were always going to anyway. Except for maybe a few exceptions (such as I would expect browser makers to follow the standard) almost no one was ever going to honor this even before Microsoft's decision.
If you have a business where tracking users can make it more profitable and the W3C came along with a standard that said "if you receive this bit pretty please don't track the user please" why would you even care? There is nothing anyone can do about whether you track or not. At worst someone on a blog publishes a rant about how you're ignoring it but big whoop; countless other sites are also going to be ignoring it.
I think evidence goes the other way. You can ask web crawlers not to index certain pages with robots.txt even if it would be better for their business if they did. And this is widely respected. Now imagine that IIS put "* deny" in the default site config; it would get a lot less respect.
This example actually highlights an interesting difference between the two.
I think one of the reasons robots.txt is generally respected is that there's a stick behind that carrot; hypothetically (what with us all using so much cloud these days), a site administrator that noticed a traffic spike commensurate with something ignoring robots.txt can respond by treating the requests as attacker-originated, which most "legitimate" sites would want to avoid.
What's the stick behind the carrot for do not track?
Yeah, sure, your average end-user is totally going to do that.
That's the difference between the two scenarios. A sysadmin will know what to look for and will know how to appropriately react to it. Your average end user probably doesn't know, care, or know how to react to it. And a built-in browser implementation will never happen because all the major companies have it in their best interests not to implement such a feature. If that weren't the case, we'd have had that feature long ago.
I doubt an average sysadmin would ever notice, let alone knowing what to do about it, let alone putting in the time and effort to do it.
Anyway I'm not sure I put the responsibility on the right group. It will probably be down to websites choosing ad networks that respect their users' DNT settings. Just like they choose ad networks that don't host malicious ads or ads that take over the whole page.
adBlock has millions of users. If DNT decreases the adoption or even slows the adoption of adBlocks that's already a big win for adNetworks. You don't necessarily have to track a user to display ads, it's just possible to do more effective advertising if you do so.
> I think evidence goes the other way. You can ask web crawlers not to index certain pages with robots.txt even if it would be better for their business if they did.
I disagree. robots.txt is almost always used for hiding pages that shouldn't be exposed to the internet and are useless to expose. For example you don't need a robots.txt crawling the html document you're statically serving to prove domain ownership for Google Apps.
Everyone wants the most views on their content as possible so the incentive is to let as many things as possible be indexed therefore using robots.txt is limited as much as possible. It would not be good for search engines to crawl the things put into robots.txt.
> At worst someone on a blog publishes a rant about how you're ignoring it
At worst the federal government decides the line the advertising industry has been feeding them about being able to regulate themselves is just that, a line, and decides perhaps consumers need some protections backed by force of law.
That's the only thing that ever had a chance of making advertisers take DNT seriously.
Probably a good approach to deprive companies tracking users of some of their excuses ("it's not really the will of the people if you pre-activate it" ... yeah, sure), but I feel a working DNT implementation will need law support and very harsh punishments. That would be at least far more useful than the EU cookie law in helping people.
> As a result, DNT will not be the default state in Windows Express Settings moving forward
I always disable all of Microsoft's "on" settings when installing Windows, as they usually try to pass some sneaky stuff by me, and even if I don't fully understand what something does, I feel safer having disabled it.
As for the DNT option, I've never really cared for it, as I never use IE for anything.
But my point is that Microsoft tries to hide these "user choices" in its Express Settings when installing Windows, so of course this doesn't reflect people's true choices.
Now if only Microsoft approached their "default settings" there in the same way, and didn't assume stuff like "you want to use a Microsoft account, rather than a local account, don't you?" (This is actually represents two of the top 3 request in Windows 10 user feedback in the Security section - not requiring a Microsoft account by default).
At no point were you required to use a MSA, it was always the preferred option (since you get the sync, OneDrive, as well as automatically signing into the store and any other Microsoft services) but you always had the ability to turn it off in the setup screens, and the option was always clearly labeled. If you didn't want an MSA, local accounts worked perfectly fine as the default account on the box, and you can always convert to and from within the PC settings.
> Without this change, websites that receive a DNT signal from the new browsers could argue that it doesn’t reflect the users’ preference, and therefore, choose not to honor it.
With this change, websites could argue that they don't care and choose not to honor it. Is there any actual enforcement of Do Not Track? If not, the whole idea seems broken at its core.
This whole thing is pretty silly. If you are not sending a DNT signal then almost surly only because you don't know about it or you don't care enough, almost surly not because you really prefer being tracked. Or is there really a relevant group of users preferring to be tracked? If yes, why?
Because I rather like that my search results are improved, my ads are less random, and recommendations are useful.
Sure if you ask the question "do you want to be tracked?" you'll get an obvious no. If you ask the question "do you want better search results?" you'll get an obvious yes.
I did not want to imply any bias in the formulation of the question. I personally don't want to see any ads at all, I don't want to live in a search bubble and I don't care about recommendations. I can not see any way in which tracking and creating a profile about me could provide me enough additional value that I would be willing to compromise on privacy.
But this is of course only me, I hear rumors that there are actually people valuing ads. But I am still not convinced, the right question is neither »Do you want to be tracked?« nor »Do you want better search results?« but »Do you want better search results at the price of being tracked?«. My personal answer is a definitive no but I can't really tell in case of the general population.
The debate on DNT is completely sterile as this thing is absolutely toothless. It's like advertising a flag "do not infect me" as an anti-virus technology.
Good point. But painted lines on the ground still have social power, for example in parking lots, where most people obey them. Hopefully the same is true for DNT as well.
The fact that I still get snail mail spam catalogs in my mailbox each day, with no mandated option to opt-out, I see no way that marketers will respect DNT. The gov't seems to believe that the economy relies on its ability to market to consumers, even if they don't want to be targeted.
A smart reaction to the given reason companies were ignoring DNT. But as long as more than X% of people enable it, websites that want to track will keep coming up with lame excuses to ignore it.
reply