Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday October 12 2015, @08:35PM   Printer-friendly
from the leave-me-alone dept.

A universal do-not-track feature has been advocated by privacy groups after being introduced by the Federal Trade Commission in 2010. But the World-Wide Web Consortium (W3C) – composed of software companies, academics, privacy groups, and others who determine international Web-browsing standards – has long struggled to develop a unified approach for the feature.

The somewhat-arcane debate over Internet tracking has mostly simmered quietly, but now some lawmakers are arguing that a working group the consortium set up to develop the standard has become overly influenced by tech industry concerns, putting those interests ahead of protecting consumers from the possibility of privacy invasion. The group is currently chaired by representatives from Adobe and Intel.

"Unfortunately, the group's composition no longer reflects the broad range of interests and perspectives needed to develop a strong privacy standard," Sen. Edward Markey (D) of Massachusetts, Sen. Al Franken (D) of Minnesota, and Rep. Joe Barton (R) of Texas wrote in a letter on Wednesday to the consortium. "The 'Do Not Track' standard should empower consumers to stop unwanted collection and use of their personal data. At the same time, the standard should not permit certain companies to evade important consumer protections and engage in anticompetitive practices."


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Touché) by Anonymous Coward on Monday October 12 2015, @08:43PM

    by Anonymous Coward on Monday October 12 2015, @08:43PM (#248611)

    WHOOSH!

  • (Score: 4, Insightful) by Anonymous Coward on Monday October 12 2015, @08:44PM

    by Anonymous Coward on Monday October 12 2015, @08:44PM (#248612)

    Should People Be Able to Demand That Websites 'Do Not Track' Them?

    Yes

    Will websites ever care and respect it?
    No!

    One of the problems is ad-delivery networks (and the way the web is used these days). While the website themselves may not track you, you are pulling in content from 30 different locations, at least some of which are ad-networks, which do track people.

    • (Score: 5, Informative) by ikanreed on Monday October 12 2015, @08:50PM

      by ikanreed (3164) Subscriber Badge on Monday October 12 2015, @08:50PM (#248615) Journal

      Which is why everything cross-site should be blocked by default.

      • (Score: 1, Touché) by Anonymous Coward on Monday October 12 2015, @08:54PM

        by Anonymous Coward on Monday October 12 2015, @08:54PM (#248619)

        Regular Joe: But but... that breaks the internet. Sites don't work anymore. I want convenience.

    • (Score: 2) by isostatic on Monday October 12 2015, @09:35PM

      by isostatic (365) on Monday October 12 2015, @09:35PM (#248639) Journal

      Very easy to not be tracked by a website -- don't go to that website.

      • (Score: 3, Insightful) by Refugee from beyond on Monday October 12 2015, @10:05PM

        by Refugee from beyond (2699) on Monday October 12 2015, @10:05PM (#248650)

        Doesn't quite work with the likes of Facebook and co.

        --
        Instantly better soylentnews: replace background on article and comment titles with #973131.
        • (Score: 2) by isostatic on Monday October 12 2015, @10:22PM

          by isostatic (365) on Monday October 12 2015, @10:22PM (#248657) Journal

          Pop it into your hosts file

          • (Score: 5, Informative) by el_oscuro on Tuesday October 13 2015, @01:27AM

            by el_oscuro (1711) on Tuesday October 13 2015, @01:27AM (#248706)

            # Block Facebook IPv6
            #fe80::1%lo0 localhost
            ::1 facebook.com
            ::1 www.facebook.com
            ::1 login.facebook.com
            ::1 www.login.facebook.com
            ::1 fbcdn.net
            ::1 www.fbcdn.net
            ::1 fbcdn.com
            ::1 www.fbcdn.com
            ::1 static.ak.fbcdn.net
            ::1 static.ak.connect.facebook.com
            ::1 connect.facebook.net
            ::1 www.connect.facebook.net
            ::1 apps.facebook.com
            ::1 edge-star6-shv-02-ams2.facebook.com

            --
            SoylentNews is Bacon! [nueskes.com]
            • (Score: 2) by Hyperturtle on Tuesday October 13 2015, @04:31PM

              by Hyperturtle (2824) on Tuesday October 13 2015, @04:31PM (#248968)

              too bad there isn't a "domain file" for host OSes.

              Vendors/trackers/advertisers/marketers only need to spin up new host names that aren't in our host files and their message will get through to us (or we'll be redirected to connect to them).

              I often block entire domains in DNS, but sometimes that does not work as well as one could hope since you end up breaking the entire domain connectivity instead of just hosts you don't like. But... for many domains... if you do not intend to log into facebook, then block the whole thing and don't worry about individual hosts. They can add more in the same domain, and it'd still get blocked (if they aren't directing to a specific IP, which sometimes gets done in CDN clouds--or random gibberish host names)

              It also is helpful in the regard that with a DNS service doing the domain blocking, you can limit traffic in areas of your control and prevent new machines from connecting -- giving you time to customize each of your hosts as needed, or not at all, in the event you don't mind if some things connect once outside of your network.

              It's a mixed bag with cell networks, anyway, since a local DNS server won't help if the device does its name resolution over carrier anyway, so I still encourage altering the host file, regardless of the limits it may have.

              One of the good things about the local host file editing: Simply following MDC's advice for the google-analytics is likely to speed up your online experience noticeably, depending on the places you frequent.

    • (Score: 4, Insightful) by FatPhil on Monday October 12 2015, @10:10PM

      by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Monday October 12 2015, @10:10PM (#248653) Homepage
      No!

      You make a request, they offer you some data which hopefully contains the info you're after. Accompanying that may be other suggested requests.
      It is *entirely of your chosing* whether you act upon those suggestions. If you do so, on your head be it. This may require chosing your browser, and its configuration, with some care.

      However, whilst I'm willing to deconstruct how the internet works in the favour of the websites, and subsequently break the internet in the process, I demand that the websites follow how the internet was designed to work at its lowest level too.

      Namely, I should be permitted to type in, or construct, an arbitrary URL, and if you send me any content when I request it, then that is explicit and unrevocable permission for me to receive that content - because you decided to send it to me. I have not "hacked" you by removing the filename from the end and receiving a directory listing, for example. This requires torching some US legal case history shat out by judges who were clueless under pressure from corporations who had well-paid squads of lethal attack lawyers.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
      • (Score: 2, Interesting) by Francis on Monday October 12 2015, @10:14PM

        by Francis (5544) on Monday October 12 2015, @10:14PM (#248654)

        That's ridiculous, there is no informed consent here and few sites even bother to disclose where your information is going. These are commercial websites, not websites put up by fans for your benefit. They reserve so many rights that there might as well not be an agreement at all.

        The problem is that they've grown accustomed to all sorts of over reach that now they're going to have to be regulated. They get information from god only knows where and combine it with information from other places unknown and then package that up for sale by 3rd parties. There's no way that any sane person could understand what's being done of the data or what data is being collected.

        Now, if it were a case of a company tracking what people do on their site and using it in ways that relate to the site, people wouldn't be freaking out about it. But, the fact that they're going so invasive is the problem.

        • (Score: 2) by bzipitidoo on Tuesday October 13 2015, @03:44AM

          by bzipitidoo (4388) on Tuesday October 13 2015, @03:44AM (#248730) Journal

          Ideally, this shouldn't even be a question. Instead, our browsers are loaded with all sorts of functionality that is all too easy to use for tracking. If our browsers didn't have such capabilities, then it wouldn't be technically possible to track users, and tracking would not be an issue.

          But I know it's not that easy. There's plenty of legit functionality that needs capabilities which can be turned against us. I don't see any way to have the functionality without tracking.

          I use adblock of course. Also use clean links. I don't use a cookie blocker, but I do periodically remove all cookies. Sometimes I wipe out the hidden directories Flash sets up. I've tried Noscript, but find it a hassle to have to allow scripts all the time. I've also tried blocking at the hosts file level. That works fairly well.

          • (Score: 2, Interesting) by Francis on Tuesday October 13 2015, @04:06AM

            by Francis (5544) on Tuesday October 13 2015, @04:06AM (#248738)

            Which would be fine, except that they're always looking for new and innovative ways of spying. Flash cookies started being used when people started to block the other methods or clear their cache.

            We can block attacks as they are discovered, but the only real solution is to hold website operators accountable for cyber-stalking. This isn't any different than following people around without their consent and recording all their activities. There's no expectation of privacy, but we do have laws against wiretapping and stalking anyways. At this point we've reached the point where something needs to be done before we hit the point where we can't turn back at all.

      • (Score: 2) by Hyperturtle on Tuesday October 13 2015, @01:49PM

        by Hyperturtle (2824) on Tuesday October 13 2015, @01:49PM (#248857)

        If a taxi driver took me to all of these other destinations I didn't ask about, and then took various personally identifiable details from me and shoved ads in my face, I would probably find a way to sue for kidnapping and other complaints...

        Why it is OK on the internet to redirect me to numerous unrelated places (optimizely? ads.anything.fu?)? I never approved that.

        And the fact they can serve viruses and malware and be exploited--and that I never opted to go to these places--why is it that I cannot sue the content provider for connecting me to such places?

        The best we get is a year of free credit monitoring? No, I want you to be liable for your decisions, even if it wasn't your server that was infected. I'll go after the infected advertiser after you -- you, the company I tried to do business with in some way, violated my trust and abused the relationship in an effort to monetize me further, and you didn't even care how it happened as long as you got paid for the ad imprint.

        When I flip through a catalog, I don't expect to get infected by viewing the contents. ALthough I understand that many catalogs (like Ikea) can take you to a web site if you take a photo of certain pages in the catalog. I wonder when things like that, and/or QR codes, simply process in the background via the act of accidentally getting one in a picture you were taking of something else.

        Imagine getting infected at a tourist location because you took a picture or selfie with your family, and some disposable soda cup from a tourist shop there had a QR code or image that your phone processed as a link and visited a site and downloaded malware.

        It doesn't even have to be their cup, someone could just apply stickers or place things in the area to get picked up in photos.

        I recall that at the college near me, someone put leaflets under student's windshield wipers; an advertisement for a rave. Except the QR code was actually a link to malware, and the page itself was just a error page message that distracted from what was happening on the phone. That was years ago, but technology has progressed since then... I wonder how many automatic things happen.

        If facial recognition tech can open a bio on someone, then I imagine the phone doesnt have to display what its downloading to you when you take a picture of anything else.

        It may be that we need to resort to white lists for our phones, not that we are able to really control much of that. Google didn't give away the OS for free because of altruism. The phones we have are not much different than the rings of the Dark Lord, Sauron, but at least we can choose what ring tones we have!

        • (Score: 2) by Phoenix666 on Tuesday October 13 2015, @02:30PM

          by Phoenix666 (552) on Tuesday October 13 2015, @02:30PM (#248892) Journal

          If a taxi driver took me to all of these other destinations I didn't ask about

          Ah, I see you've been to China as well.

          --
          Washington DC delenda est.
  • (Score: 1, Informative) by Anonymous Coward on Monday October 12 2015, @09:08PM

    by Anonymous Coward on Monday October 12 2015, @09:08PM (#248630)

    The answer is yes.
    The term for the broader theory under which it is true is "Informational self-determination"

    The term informational self-determination was first used in the context of a German constitutional ruling relating to personal information collected during the 1983 census. The German term is informationelle Selbstbestimmung.

    On that occasion, the German Federal Constitutional Court ruled that: “[...] in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the German constitution. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data. Limitations to this informational self-determination are allowed only in case of overriding public interest.”

    Informational self-determination is often considered similar to the right to privacy but has unique characteristics that distinguish it from the "right to privacy" in the United States tradition. Informational self-determination reflects Westin's description of privacy: “The right of the individual to decide what information about himself should be communicated to others and under what circumstances” (Westin, 1970). In contrast, the "right to privacy" in the United States legal tradition is commonly considered to originate in Warren and Brandeis' article, which focuses on the right to "solitude" (i.e., being "left alone") and in the Constitution's Fourth Amendment, which protects persons and their belongings from warrantless search.

    https://en.wikipedia.org/wiki/Informational_self-determination

  • (Score: 3, Insightful) by RamiK on Monday October 12 2015, @09:22PM

    by RamiK (1813) on Monday October 12 2015, @09:22PM (#248632)

    is to politely ask your attackers to please stop?

    --
    compiling...
    • (Score: 1) by anubi on Tuesday October 13 2015, @12:41AM

      by anubi (2828) on Tuesday October 13 2015, @12:41AM (#248698) Journal

      Yup, taken just as seriously as the **AA demanding we not copy media.

      Just about as accountable too.

      Technology is a game-changer. A lot of the rules are no longer relevant. The **AA may as well concede that there is no such thing as trying to keep people from sharing, just as we may as well concede there is no such thing as keeping our internet activity under wraps.

      There are some end-around-carries that will get the job done... you can come up with a song - and never sing it to anyone...

      Or you can visit websites through an anonymous proxy, secure browser emitting randomized configuration settings, spoofed MAC, etc.

      Share all you want, but the instant you get the banking system involved - in any way - there is no anonymity.

      This internet is a strange animal.

      We have many people here working quite a lot with no reward other than the feeling that they are the change they want to see in the world.

      Others here see it as another distribution media for publicizing availability of one's wares or services to secure themselves sustenance in the world economy. ( note: I see nothing wrong with it until some vendor does the street equivalent of chasing me all over town with a bullhorn reminding me he's selling something - then I will do whatever is within my power to lose him ).

      While others seem to see the internet as another medium to use to manipulate public opinion, deceive people, or commit fraud.

      As with residences, a lock on your door ( blockers ) is advised, lest you attract more scam artists than you can handle.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 0) by Anonymous Coward on Monday October 12 2015, @09:23PM

    by Anonymous Coward on Monday October 12 2015, @09:23PM (#248633)

    ??Should People Be Able to Demand That Websites 'Do Not Track' Them???

    Demands fall under free speech, which in the United States is Constitutionally protected under most circumstances. I think the author meant, Should People Be Able to Demand That Websites 'Do Not Track' where failure to comply would face penalties under Llaw.

  • (Score: 2) by MichaelDavidCrawford on Monday October 12 2015, @09:25PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday October 12 2015, @09:25PM (#248634) Homepage Journal

    127.0.0.1 www.google-analytics.com
    127.0.0.1 ssl.google-analytics.com

    It's not like the skany pr0n sites will respect any manner of standard.

    What we need is a standard API that will enable any user to opt-out of all tracking. Mind you I am not opposed to advertising, I think advertising is just fine provided I am not being tracked.

    Consider that most city buses display ads on the outside. If you view such an ad as the bus drives by you are not being tracked.

    If I pay cash for a newspaper from a vending machine I am not being tracked. Yes the effectiveness of the ad is tracked, but I personally would be tracked only if I actively respond to the ad. With web and mobile advertising, if I choose not to click, that fact is recorded.

    A while back I came across a web analytics firm that serves the credit reporting business. I guess they would rat me out if I read up on asset protection. I don't remember their website's domain but expect I could dig it up again.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 2) by MichaelDavidCrawford on Monday October 12 2015, @09:52PM

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday October 12 2015, @09:52PM (#248646) Homepage Journal

      While /etc/hosts does the job for power users, it fails to yield joy for my aged grandmother. Consider that a careless typo could render your computer useless: some would reinstall the OS, others would buy a new box.

      There is also the problem that one is not particularly required to refer to /etc/hosts when performing DNS lookups. It's commonly used but really you could roll your own resolver that doesn't. People who flog the analytics SDKs would be motivated to do that if their blackholing became common practice.

      In the case of Apple what I'd like to see would be that apps that use mobile analytics would not be permitted in the app store, or would be removed if discovered after approval, but then if wishes were horses I would not have sung for my Peet's Coffee this afternoon.

      A somewhat happy solution would be a way to add and remove entries to /etc/hosts that enforces some constraints so you cannot break your box; while that would not solve the problem of resolvers that don't follow not the standard but the convention, at least it would work for the next few years.

      I have a modest list of analytics server hostnames; these are distinct from web advertising servers unfortunately web ads can be used for analytics too. If there were a way to count impressions that didn't require the ad to be served from some other server than the actual content, maybe there is but I don't know what it would be.

      You'd think PPC ads from the same host would work unfortunately javascript is used to track fraudulent clicks. Real live human don't just issue GET requests, we move the mouse around at finite speed, maybe pause and think, somewhat but not really random in our motions.

      --
      Yes I Have No Bananas. [gofundme.com]
    • (Score: 1) by nitehawk214 on Tuesday October 13 2015, @02:04PM

      by nitehawk214 (1304) on Tuesday October 13 2015, @02:04PM (#248868)

      uMatrix does a pretty decent job of selective-blocking.

      --
      "Don't you ever miss the days when you used to be nostalgic?" -Loiosh
  • (Score: 0) by Anonymous Coward on Monday October 12 2015, @09:37PM

    by Anonymous Coward on Monday October 12 2015, @09:37PM (#248641)

    I have been trying out the EFF's Privacy Badger and like it so far.

    Unfortunately it seems to have disappeared. I Tried restarting the Browser and re-installing it.

    With the easy stuff eliminated, I am thinking PB killing JavaScript. Have not had time to rule that out yet.

    Have others had similar problems?

    • (Score: 3, Insightful) by takyon on Monday October 12 2015, @10:08PM

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Monday October 12 2015, @10:08PM (#248652) Journal
      • (Score: 0) by Anonymous Coward on Monday October 12 2015, @10:26PM

        by Anonymous Coward on Monday October 12 2015, @10:26PM (#248658)

        The icon dis-appeared from the toolbar and it no longer appears to replace facebook "like" icons.

        • (Score: 2) by takyon on Monday October 12 2015, @10:32PM

          by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Monday October 12 2015, @10:32PM (#248661) Journal

          If you are in privacy/incognito mode, you may have to check a box to ensure that the extension runs in that mode.

          I don't see why it would disappear from the toolbar, unless there are too many things on the toolbar and it got hidden. There is a tab in the options for the extension that allows you to disable "Social Widget Replacement".

          --
          [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
        • (Score: 0) by Anonymous Coward on Tuesday October 13 2015, @09:14AM

          by Anonymous Coward on Tuesday October 13 2015, @09:14AM (#248784)

          I've noticed the same thing here.

          Using PaleMoon (always updated to latest v.), it shows as enabled (all 4 'option' checkboxes selected, including 'social widget replacement') when looking at extensions, but the icon that usually sits in the status-bar/navigation-toolbar has gone awol, not even appearing in the 'customize' window for said bars. Also social widgets are not being replaced anymore.

          I'm only hoping it's actually still working, not sure how to check that it is - though obviously it is not as regards social widgets.

          • (Score: 0) by Anonymous Coward on Wednesday October 14 2015, @06:07AM

            by Anonymous Coward on Wednesday October 14 2015, @06:07AM (#249298)

            Well, I added to The bug report on the issue [github.com].

  • (Score: 0) by Anonymous Coward on Monday October 12 2015, @10:16PM

    by Anonymous Coward on Monday October 12 2015, @10:16PM (#248655)

    Either;

    1) Do Not Track

    or

    2) Cannot Track.

    Your choice.

    • (Score: 0) by Anonymous Coward on Tuesday October 13 2015, @02:46AM

      by Anonymous Coward on Tuesday October 13 2015, @02:46AM (#248718)

      VPN + Ghostery + NoScript + hostfile + canvasblocker does it for me

  • (Score: 0) by Anonymous Coward on Monday October 12 2015, @10:35PM

    by Anonymous Coward on Monday October 12 2015, @10:35PM (#248662)

    They LIE!

    • (Score: 2) by Freeman on Monday October 12 2015, @10:47PM

      by Freeman (732) on Monday October 12 2015, @10:47PM (#248663) Journal

      Assuming, you aren't that person. Assuming another person's identity on the internet or otherwise is Fraud.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 2) by jmorris on Monday October 12 2015, @11:00PM

    by jmorris (4844) on Monday October 12 2015, @11:00PM (#248665)

    If the tech makes it easy to track people across sites then they will be tracked. Policies won't stop it since the pond scum lost likely to abuse it will ignore it. Laws won't work either, how much luck have laws had vs spam? They cross legal jurisdictions, use 'bulletproof hosts' and hijacked Windows PC.

    No, the solution has to be tech. Browsers need to discourage cross site content in exactly the same way they discourage other unsafe behavior like cross site scripting. Break the webbugs that allow the tracking in the first place and solve the problem once and for all. This means sites would have to serve up the ads from their own domain if not their own actual servers but that isn't an unsolvable problem once you think about it. But it means doubleclick.newyorktimes.com can't inject a cookie that allows them to track you when doubleclick.politico.com needs to pick an ad based on your earlier viewing because no existing browser will allow it. That ends it, it kills it dead.

    But it would be a fair bit of rebuilding, I'm not kidding myself and you shouldn't get behind the idea either without considering the downsides. YouTube is an obvious problem and there is the wasted bandwidth and extra caching implied when all of those bloathog javascript frameworks get locally semi-hosted (DNS record only) on every site that makes use of them. Probably makes hosting them for free impractical to the point each site would have to actually host them on their own which would introduce security issues when they didn't get updated like they should from the central site. And you even have to ban centralized image hosting, remember that ANY url can be converted into a tracking cookie, especially with Javascript enabled. But none of those objections are insurmountable.

  • (Score: 2) by darkfeline on Monday October 12 2015, @11:27PM

    by darkfeline (1030) on Monday October 12 2015, @11:27PM (#248677) Homepage

    You cannot have your cake and eat it too (unless it's Shroedinger's cake).

    Website can demand that users stop blocking ads and Javascript, but they cannot and should not be able to force users to do so.

    Likewise, users can demand that websites do not track them, but they cannot and should not be able to force websites to do so.

    It is up to the website to decide what (non)content they want to serve and how to serve it, and it is up to the user to decide what content he wants to consume and how to consume it.

    Now, the government can require that registered official business websites must respect DNT to adhere to consumer protection laws, but that should by no means apply to all websites in general.

    --
    Join the SDF Public Access UNIX System today!
  • (Score: 0) by Anonymous Coward on Tuesday October 13 2015, @02:37AM

    by Anonymous Coward on Tuesday October 13 2015, @02:37AM (#248717)

    "Should People Be Able to Demand That Websites 'Do Not Track' Them? "

    People -should- be able to demand it.

    However we know for a fact, whether the law compels them or not, they will find ways to track visitors.

    So whether or not people try to demand it, they should feel free to install whatever plugin they can to help ENFORCE their demand on their side as much as possible.

  • (Score: 2) by wonkey_monkey on Tuesday October 13 2015, @07:35AM

    by wonkey_monkey (279) on Tuesday October 13 2015, @07:35AM (#248768) Homepage

    Should People Be Able to Demand That Websites 'Do Not Track' Them?

    Of course they should. They can also demand free cookies every Friday or a new season of Firefly. Doesn't mean they're gonna get either.

    --
    systemd is Roko's Basilisk