'Do Not Track' Is Back, and This Time It Might Work:
What do you call a privacy law that only works if users individually opt out of every site or app they want to stop sharing their data? A piece of paper.
Or you could call it the California Consumer Privacy Act. In theory, the law gives California residents the right to opt out of any business selling their data. In practice, it hasn't seen much use. Most people don't go to the trouble of opting out of every website, one at a time. One analysis, by DataGrail, a privacy compliance company, found that there were only 82 "do not sell" requests for every million consumer records over the first six months of the year. A study published last week by Consumer Reports helps explain why: Opting out of everything is a complicated pain in the ass.
Change could be coming, however. The CCPA includes a mechanism for solving the one-by-one problem. The regulations interpreting the law specify that businesses must respect a "global privacy control" sent by a browser or device. The idea is that instead of having to change privacy settings every time you visit a new site or use a new app, you could set your preference once, on your phone or in a browser extension, and be done with it.
Today, we're announcing that the upcoming release of Privacy Badger will support the Global Privacy Control, or GPC, by default.
GPC is a new specification that allows users to tell companies they'd like to opt out of having their data shared or sold. By default, Privacy Badger will send the GPC signal to every company you interact with alongside the Do Not Track (DNT) signal. Like DNT, GPC is transmitted through an HTTP header and a new Javascript property, so every server your browser talks to and every script it runs will know that you intend to opt out of having your data shared or sold. Compared with ad industry-supported opt-out mechanisms, GPC is simple, easy to deploy, and works well with existing privacy tools.
[...] The CCPA and other laws are not perfect, and many of our users continue to live in places without strong legal protections. That's why Privacy Badger continues to use both approaches to privacy. It asks websites to respect your privacy, using GPC as an official request under applicable laws and DNT to express what our users actually want (to opt out of all tracking). It then blocks known trackers, who refuse to comply with DNT, from loading at all.
Starting this release, Privacy Badger will begin setting the GPC signal by default. Users can opt out of sending this signal, along with DNT, in their Privacy Badger settings. In addition, users can disable Privacy Badger on individual first-party sites in order to stop sending the GPC signal to those sites.
(Score: 4, Interesting) by rigrig on Thursday October 08 2020, @10:39AM (12 children)
Apparently Privacy Badger [eff.org] is already breaking the spec [github.io].
IIRC, one of the arguments for not respecting DNT was that browsers started to enable it by default, so trackers "couldn't distinguish between people who dislike tracking, and people who just never touched the setting".
No one remembers the singer.
(Score: 5, Interesting) by c0lo on Thursday October 08 2020, @10:52AM
That's bullshit.
I met zillions (as a matter of speaking) of news sites refusing to serve me the pages if I don't disable DNT. I appreciate their honesty and go elsewhere, keeping my DNT setting checked.
I also donated to a few sites that asked me to financially support them.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Insightful) by Anonymous Coward on Thursday October 08 2020, @11:01AM
The user bothered enough to install Privacy Badger, though.
(Score: 5, Insightful) by RamiK on Thursday October 08 2020, @01:25PM (3 children)
Neither one's browser nor Privacy Badger are outside the users' control so the default doesn't enter into it.
Besides, since people have a basic right to privacy, you should be required to have a person's explicit consent to collect their private information.
compiling...
(Score: 2) by JoeMerchant on Thursday October 08 2020, @03:14PM (2 children)
Since when have basic rights ever stood in the way of commerce? Telemarketing, junk mail, none of this required "the internet" to violate such basic rights.
Apparently, asking someone to give their name, address, or other information to participate in whatever is interpreted as explicit consent to record, collate and sell said information to as many buyers as the asker wishes.
Any law that requires explicit consent on every individual website only invites gaming with shell corporations, multiple faces on the same entities, etc. leaving the consumer in an unwinnable game of whack-a-mole, and since consumers that actively engage in playing whack-a-mole over this are a rare breed, that too is valuable information about them to be recorded, collated and sold - win win for business again.
Euro-style "right to be forgotten" should be codified into constitutional rights, something on the order of: any information collected about anyone must be timestamped at the point and time of collection and, absent explicit consent from the individual, automatically destroyed a maximum of X years after collection.
One way our current products deal with HIPAA is all PHI is auto-scrubbed from our device at power down, generally once a day. If a physician or hospital wants to retain the PHI it is transferred to their care before we erase it.
🌻🌻 [google.com]
(Score: 2) by Immerman on Friday October 09 2020, @01:17AM (1 child)
> Telemarketing, junk mail, none of this required "the internet" to violate such basic rights.
None of it violates any privacy either. Doesn't matter how much junk mail or spam calls you send my way - you still learn nothing about me.
>Any law that requires explicit consent on every individual website only invites gaming..,
I think you've got that backward - implicit consent is a problem - if you have to tell every site "don't track me" to revoke your impliocit consent, then gaming becomes profitable - change the shell and you get implicit consent again. Explicit consent requires me to tell you "yes, go ahead and track me". Any change of shell gets you back to the default "no, keep your spying to yourself", and why would you want that?
Right to be forgotten is bullshit, especially without an exception for public figures - and you only need to look to Europe to see how it has been immediately abused by every politician and executive wishing to hide their track record.
(Score: 2) by JoeMerchant on Friday October 09 2020, @02:05AM
Whether you answer the call, or not, they are learning something about you by your reaction to the call.
My point about explicit consent on every website was about requiring the citizen to explicitly express consent on each individual website. Implicit lack of consent would be the best, but there's no profit in that. What we have today is basically implicit consent in practice. You may put your name on a do not call list, enabling you to sue for $500 per call in local courts, all that does is move your spam callers out of your jurisdiction - we're a global economy baby, deal with it.
You are right, I would consider anyone running for public office to be surrendering their right to be forgotten, just as I surrendered the privacy of my fingerprints when I applied for a Real Estate Sales license. But, which foxes did Europe trust to design their henhouse privacy / security? Politicians, of course - just like the U.S. legislator/politicians who wrote themselves an exception in the Do Not Call database penalties.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday October 08 2020, @02:05PM (1 child)
The fact that Privacy Badger is installed means they want this enabled. Same goes for any other "automatically carry out the function it was intended for" software.
Installing an Antivirus software and then disabling the virus scanning by default is...well, it's anti-consumer actually.
Raise your hand if you installed privacy badger and, by default, you expected it to NOT enable privacy-respecting settings.
(Score: 0) by Anonymous Coward on Monday October 12 2020, @09:43AM
I did. But I mistook it for Piracy Badger, a really cool theme with Badgers who are pirates stealing mushrooms.
(Score: 4, Insightful) by sjames on Thursday October 08 2020, @06:42PM (3 children)
They were never actually going to honor DNT. There was never a period of time where they did honor DNT. Any claim that most people want to be tracked is either a psychotic delusion or an outright lie.
g
(Score: 2) by meustrus on Friday October 09 2020, @04:28PM (2 children)
If you listen, they don't say that everyone wants to be tracked. They say that tracking provides more relevant advertisements, which is technically true, and that most people don't have a problem with tracking, which is also technically true. They like to say first that tracking is good for everyone, which...well, as soon as you start saying what is "good", fact-based disagreement is impossible because "good" and "evil" is the realm of gods and demons, not logic and reason.
So technically, they're not lying, and they're not deluded. They know exactly what they are saying. Tracking makes more people click on the ads, and most people have no idea how much of their privacy they are losing in service to getting more ad clicks. Does that mean tracking is good for everyone? If you're an ad peddler, the answer is yes, because it pleases their gods. And you know, I was going to say that most users don't worship those same gods of consumerism, but then I remembered how dominant "pop culture" is in the news.
Those of us crazy people who like liberty and individual freedom more than getting newer and shinier consumer goods and services, we are in the minority I think. The Black Mirror episode Fifteen Million Merits [wikipedia.org] comes to mind - everyone is perfectly happy in their consumer dystopia, including the protagonist, until those pesky irrational human emotions cause him to no longer fit into the plan.
It's the natural tendency of selfish humans to think that "Democracy isn’t the objective; liberty, peace, and prospefity [sic] are." [globalnews.ca] We do not automatically believe that all humans have certain inalienable rights, because we tend to believe that we will always have the power to take those rights for ourselves if necessary. It is only the downtrodden, and those educated enough to have considered the perspective of the downtrodden, who understand the danger of it becoming common in society to give up certain liberties, in this case individual privacy, in exchange for certain benefits, in this case boosting the consumer economy.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 3, Insightful) by sjames on Friday October 09 2020, @05:36PM (1 child)
Are you in advertising? I note how you (they) re-framed "most people want to be tracked" into "most people don't have a problem with tracking". That's an important distinction. "most people don't have a problem with tracking" is like "most people don't have a problem with being shot". It's literally true. Most people never get shot so they don't have a problem with it. That should not be taken as a license to go about town shooting people. In the case of tracking, most people have no idea to what degree they are tracked or even that they are being tracked.
The ad logic there is the same as when they hide the pre-checked box that says send me advertisements in email and feel free to share my email with others. They claim all those boxes left checked mean people want it, even while knowing they hid that needle in a haystack.
A useful rule of thumb. When the claim is made that something is technically not a lie, it's a lie and they know it.
(Score: 2) by meustrus on Saturday October 10 2020, @04:06PM
No, I do not work in advertising. You get a gold star though for correctly understanding my subtext :)
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 5, Insightful) by Rosco P. Coltrane on Thursday October 08 2020, @11:30AM (3 children)
The problem is that DNT isn't respected. Anybody with two working brain cells knows that. That's why nobody bothers to opt out or set DNT: everybody knows Google / Amazon / Microsoft / CloudFlare / Akamai will spew out some bromide like "we value your privacy", disregard your choice behind your back and track you anyway, and nobody will drag them to court over it.
(Score: 2) by DannyB on Thursday October 08 2020, @02:11PM
There needs to be a statutory penalty that is high enough to make the Google / Amazon / Microsoft / Apple / CloudFlare / Facebook / Twitters of the world take note.
It should be a simple procedure to file a complaint and have the penalty enforced.
How would one discover that these companies are violating the law? Some periodic audit requirement? Some requirement to periodically file a sworn declaration?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Thursday October 08 2020, @02:16PM
The point here is that the law will be on the side of those being tracked.
Its a paper shield, but a shield nonetheless.
(Score: 2) by JoeMerchant on Thursday October 08 2020, @03:18PM
The only way to get respect is with credible penalties. If the value of collected information exceeds the potential cost of violations, violations will happen almost as frequently as if the toothless regulations didn't exist. PR and goodwill have value too (witness Apple's attempts to appear to protect customer privacy), but... PR tends to be a short lived single point value source, whereas broadly collected consumer information across large populations has much larger and longer lasting value.
🌻🌻 [google.com]
(Score: 1, Insightful) by Anonymous Coward on Thursday October 08 2020, @06:24PM (1 child)
As long as you have no control over what a website will do with your petty "DNT" flag, then your "DNT" flag means nothing.
Would a law to prevent spam email prevent spam email?
Would a law to prevent telemarketers prevent telemarketers?
There is no one globally enforceable rule for the internet, and there's no shortage of bad actors ready, willing and able to break any tracking laws.
The only way to not be tracked is to give no track-able information. A "good" tracking law would force browser makers to include an option to scramble and fake all track-able information so it's random and unusable to those who might take it.
(Score: 2) by fakefuck39 on Thursday October 08 2020, @06:44PM
it's not designed to prevent shit - nice strawman. just like having a speed limit does not prevent you from going faster. what this does is give you the power to sue and shut down anyone breaking the law.
(Score: 0) by Anonymous Coward on Friday October 09 2020, @12:47AM
Yeah, yeah, make the papers protect you. And when it will be proper time, and people will be scared enough, the papers are no protection at all.
The only way to opt out from tracking is to carefully review connections. EVERY connection is a threat. For a typical user it is a check for update. For ISP, it is information what program, what company, sometimes even which version and how often is it used... without decrypting single HTTPS-encoded byte.
The Internet is just a damn insecure infrastructure in this field. It was secure when companies were rivals and distribution of them in the world was high. If there are 5 companies and all of them rip to thugs, this is just a network of informers.
To make it usable, it is needed to do some things in societal level, and this would be impossible. Like making the artificial scarcity of some resources finally go away. Then, distributed systems may be built.