A universal do-not-track feature has been advocated by privacy groups after being introduced by the Federal Trade Commission in 2010. But the World-Wide Web Consortium (W3C) – composed of software companies, academics, privacy groups, and others who determine international Web-browsing standards – has long struggled to develop a unified approach for the feature.The somewhat-arcane debate over Internet tracking has mostly simmered quietly, but now some lawmakers are arguing that a working group the consortium set up to develop the standard has become overly influenced by tech industry concerns, putting those interests ahead of protecting consumers from the possibility of privacy invasion. The group is currently chaired by representatives from Adobe and Intel."Unfortunately, the group's composition no longer reflects the broad range of interests and perspectives needed to develop a strong privacy standard," Sen. Edward Markey (D) of Massachusetts, Sen. Al Franken (D) of Minnesota, and Rep. Joe Barton (R) of Texas wrote in a letter on Wednesday to the consortium. "The 'Do Not Track' standard should empower consumers to stop unwanted collection and use of their personal data. At the same time, the standard should not permit certain companies to evade important consumer protections and engage in anticompetitive practices."
A universal do-not-track feature has been advocated by privacy groups after being introduced by the Federal Trade Commission in 2010. But the World-Wide Web Consortium (W3C) – composed of software companies, academics, privacy groups, and others who determine international Web-browsing standards – has long struggled to develop a unified approach for the feature.
The somewhat-arcane debate over Internet tracking has mostly simmered quietly, but now some lawmakers are arguing that a working group the consortium set up to develop the standard has become overly influenced by tech industry concerns, putting those interests ahead of protecting consumers from the possibility of privacy invasion. The group is currently chaired by representatives from Adobe and Intel.
"Unfortunately, the group's composition no longer reflects the broad range of interests and perspectives needed to develop a strong privacy standard," Sen. Edward Markey (D) of Massachusetts, Sen. Al Franken (D) of Minnesota, and Rep. Joe Barton (R) of Texas wrote in a letter on Wednesday to the consortium. "The 'Do Not Track' standard should empower consumers to stop unwanted collection and use of their personal data. At the same time, the standard should not permit certain companies to evade important consumer protections and engage in anticompetitive practices."
Should People Be Able to Demand That Websites 'Do Not Track' Them?
Will websites ever care and respect it?No!
One of the problems is ad-delivery networks (and the way the web is used these days). While the website themselves may not track you, you are pulling in content from 30 different locations, at least some of which are ad-networks, which do track people.
Which is why everything cross-site should be blocked by default.
Regular Joe: But but... that breaks the internet. Sites don't work anymore. I want convenience.
Yeah, I mean, obviously society as a whole would be better off if we just burned Madison Avenue to the ground and junked everything they ever created. But some idiots made killing advertisers illegal, like, as if they were people.
Silence, Number 3164, before they shut us all down!
Very easy to not be tracked by a website -- don't go to that website.
Doesn't quite work with the likes of Facebook and co.
Pop it into your hosts file
# Block Facebook IPv6#fe80::1%lo0 localhost::1 facebook.com::1 www.facebook.com::1 login.facebook.com::1 www.login.facebook.com::1 fbcdn.net::1 www.fbcdn.net::1 fbcdn.com::1 www.fbcdn.com::1 static.ak.fbcdn.net::1 static.ak.connect.facebook.com::1 connect.facebook.net::1 www.connect.facebook.net::1 apps.facebook.com::1 edge-star6-shv-02-ams2.facebook.com
too bad there isn't a "domain file" for host OSes.
Vendors/trackers/advertisers/marketers only need to spin up new host names that aren't in our host files and their message will get through to us (or we'll be redirected to connect to them).
I often block entire domains in DNS, but sometimes that does not work as well as one could hope since you end up breaking the entire domain connectivity instead of just hosts you don't like. But... for many domains... if you do not intend to log into facebook, then block the whole thing and don't worry about individual hosts. They can add more in the same domain, and it'd still get blocked (if they aren't directing to a specific IP, which sometimes gets done in CDN clouds--or random gibberish host names)
It also is helpful in the regard that with a DNS service doing the domain blocking, you can limit traffic in areas of your control and prevent new machines from connecting -- giving you time to customize each of your hosts as needed, or not at all, in the event you don't mind if some things connect once outside of your network.
It's a mixed bag with cell networks, anyway, since a local DNS server won't help if the device does its name resolution over carrier anyway, so I still encourage altering the host file, regardless of the limits it may have.
One of the good things about the local host file editing: Simply following MDC's advice for the google-analytics is likely to speed up your online experience noticeably, depending on the places you frequent.
That's ridiculous, there is no informed consent here and few sites even bother to disclose where your information is going. These are commercial websites, not websites put up by fans for your benefit. They reserve so many rights that there might as well not be an agreement at all.
The problem is that they've grown accustomed to all sorts of over reach that now they're going to have to be regulated. They get information from god only knows where and combine it with information from other places unknown and then package that up for sale by 3rd parties. There's no way that any sane person could understand what's being done of the data or what data is being collected.
Now, if it were a case of a company tracking what people do on their site and using it in ways that relate to the site, people wouldn't be freaking out about it. But, the fact that they're going so invasive is the problem.
Ideally, this shouldn't even be a question. Instead, our browsers are loaded with all sorts of functionality that is all too easy to use for tracking. If our browsers didn't have such capabilities, then it wouldn't be technically possible to track users, and tracking would not be an issue.
But I know it's not that easy. There's plenty of legit functionality that needs capabilities which can be turned against us. I don't see any way to have the functionality without tracking.
I use adblock of course. Also use clean links. I don't use a cookie blocker, but I do periodically remove all cookies. Sometimes I wipe out the hidden directories Flash sets up. I've tried Noscript, but find it a hassle to have to allow scripts all the time. I've also tried blocking at the hosts file level. That works fairly well.
Which would be fine, except that they're always looking for new and innovative ways of spying. Flash cookies started being used when people started to block the other methods or clear their cache.
We can block attacks as they are discovered, but the only real solution is to hold website operators accountable for cyber-stalking. This isn't any different than following people around without their consent and recording all their activities. There's no expectation of privacy, but we do have laws against wiretapping and stalking anyways. At this point we've reached the point where something needs to be done before we hit the point where we can't turn back at all.
If a taxi driver took me to all of these other destinations I didn't ask about, and then took various personally identifiable details from me and shoved ads in my face, I would probably find a way to sue for kidnapping and other complaints...
Why it is OK on the internet to redirect me to numerous unrelated places (optimizely? ads.anything.fu?)? I never approved that.
And the fact they can serve viruses and malware and be exploited--and that I never opted to go to these places--why is it that I cannot sue the content provider for connecting me to such places?
The best we get is a year of free credit monitoring? No, I want you to be liable for your decisions, even if it wasn't your server that was infected. I'll go after the infected advertiser after you -- you, the company I tried to do business with in some way, violated my trust and abused the relationship in an effort to monetize me further, and you didn't even care how it happened as long as you got paid for the ad imprint.
When I flip through a catalog, I don't expect to get infected by viewing the contents. ALthough I understand that many catalogs (like Ikea) can take you to a web site if you take a photo of certain pages in the catalog. I wonder when things like that, and/or QR codes, simply process in the background via the act of accidentally getting one in a picture you were taking of something else.
Imagine getting infected at a tourist location because you took a picture or selfie with your family, and some disposable soda cup from a tourist shop there had a QR code or image that your phone processed as a link and visited a site and downloaded malware.
It doesn't even have to be their cup, someone could just apply stickers or place things in the area to get picked up in photos.
I recall that at the college near me, someone put leaflets under student's windshield wipers; an advertisement for a rave. Except the QR code was actually a link to malware, and the page itself was just a error page message that distracted from what was happening on the phone. That was years ago, but technology has progressed since then... I wonder how many automatic things happen.
If facial recognition tech can open a bio on someone, then I imagine the phone doesnt have to display what its downloading to you when you take a picture of anything else.
It may be that we need to resort to white lists for our phones, not that we are able to really control much of that. Google didn't give away the OS for free because of altruism. The phones we have are not much different than the rings of the Dark Lord, Sauron, but at least we can choose what ring tones we have!
If a taxi driver took me to all of these other destinations I didn't ask about
Ah, I see you've been to China as well.
The answer is yes.The term for the broader theory under which it is true is "Informational self-determination"
The term informational self-determination was first used in the context of a German constitutional ruling relating to personal information collected during the 1983 census. The German term is informationelle Selbstbestimmung.
On that occasion, the German Federal Constitutional Court ruled that: “[...] in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the German constitution. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data. Limitations to this informational self-determination are allowed only in case of overriding public interest.”
Informational self-determination is often considered similar to the right to privacy but has unique characteristics that distinguish it from the "right to privacy" in the United States tradition. Informational self-determination reflects Westin's description of privacy: “The right of the individual to decide what information about himself should be communicated to others and under what circumstances” (Westin, 1970). In contrast, the "right to privacy" in the United States legal tradition is commonly considered to originate in Warren and Brandeis' article, which focuses on the right to "solitude" (i.e., being "left alone") and in the Constitution's Fourth Amendment, which protects persons and their belongings from warrantless search.
is to politely ask your attackers to please stop?
Yup, taken just as seriously as the **AA demanding we not copy media.
Just about as accountable too.
Technology is a game-changer. A lot of the rules are no longer relevant. The **AA may as well concede that there is no such thing as trying to keep people from sharing, just as we may as well concede there is no such thing as keeping our internet activity under wraps.
There are some end-around-carries that will get the job done... you can come up with a song - and never sing it to anyone...
Or you can visit websites through an anonymous proxy, secure browser emitting randomized configuration settings, spoofed MAC, etc.
Share all you want, but the instant you get the banking system involved - in any way - there is no anonymity.
This internet is a strange animal.
We have many people here working quite a lot with no reward other than the feeling that they are the change they want to see in the world.
Others here see it as another distribution media for publicizing availability of one's wares or services to secure themselves sustenance in the world economy. ( note: I see nothing wrong with it until some vendor does the street equivalent of chasing me all over town with a bullhorn reminding me he's selling something - then I will do whatever is within my power to lose him ).
While others seem to see the internet as another medium to use to manipulate public opinion, deceive people, or commit fraud.
As with residences, a lock on your door ( blockers ) is advised, lest you attract more scam artists than you can handle.
??Should People Be Able to Demand That Websites 'Do Not Track' Them???
Demands fall under free speech, which in the United States is Constitutionally protected under most circumstances. I think the author meant, Should People Be Able to Demand That Websites 'Do Not Track' where failure to comply would face penalties under Llaw.
127.0.0.1 www.google-analytics.com127.0.0.1 ssl.google-analytics.com
It's not like the skany pr0n sites will respect any manner of standard.
What we need is a standard API that will enable any user to opt-out of all tracking. Mind you I am not opposed to advertising, I think advertising is just fine provided I am not being tracked.
Consider that most city buses display ads on the outside. If you view such an ad as the bus drives by you are not being tracked.
If I pay cash for a newspaper from a vending machine I am not being tracked. Yes the effectiveness of the ad is tracked, but I personally would be tracked only if I actively respond to the ad. With web and mobile advertising, if I choose not to click, that fact is recorded.
A while back I came across a web analytics firm that serves the credit reporting business. I guess they would rat me out if I read up on asset protection. I don't remember their website's domain but expect I could dig it up again.
While /etc/hosts does the job for power users, it fails to yield joy for my aged grandmother. Consider that a careless typo could render your computer useless: some would reinstall the OS, others would buy a new box.
There is also the problem that one is not particularly required to refer to /etc/hosts when performing DNS lookups. It's commonly used but really you could roll your own resolver that doesn't. People who flog the analytics SDKs would be motivated to do that if their blackholing became common practice.
In the case of Apple what I'd like to see would be that apps that use mobile analytics would not be permitted in the app store, or would be removed if discovered after approval, but then if wishes were horses I would not have sung for my Peet's Coffee this afternoon.
A somewhat happy solution would be a way to add and remove entries to /etc/hosts that enforces some constraints so you cannot break your box; while that would not solve the problem of resolvers that don't follow not the standard but the convention, at least it would work for the next few years.
I have a modest list of analytics server hostnames; these are distinct from web advertising servers unfortunately web ads can be used for analytics too. If there were a way to count impressions that didn't require the ad to be served from some other server than the actual content, maybe there is but I don't know what it would be.
uMatrix does a pretty decent job of selective-blocking.
I have been trying out the EFF's Privacy Badger and like it so far.
Unfortunately it seems to have disappeared. I Tried restarting the Browser and re-installing it.
Have others had similar problems?
https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/ [mozilla.org]https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp [google.com]https://www.eff.org/privacybadger [eff.org]https://en.wikipedia.org/wiki/Privacy_Badger [wikipedia.org]
It still exists. I'm not sure what problem you're having.
The icon dis-appeared from the toolbar and it no longer appears to replace facebook "like" icons.
If you are in privacy/incognito mode, you may have to check a box to ensure that the extension runs in that mode.
I don't see why it would disappear from the toolbar, unless there are too many things on the toolbar and it got hidden. There is a tab in the options for the extension that allows you to disable "Social Widget Replacement".
I've noticed the same thing here.
Using PaleMoon (always updated to latest v.), it shows as enabled (all 4 'option' checkboxes selected, including 'social widget replacement') when looking at extensions, but the icon that usually sits in the status-bar/navigation-toolbar has gone awol, not even appearing in the 'customize' window for said bars. Also social widgets are not being replaced anymore.
I'm only hoping it's actually still working, not sure how to check that it is - though obviously it is not as regards social widgets.
Well, I added to The bug report on the issue [github.com].
1) Do Not Track
2) Cannot Track.
VPN + Ghostery + NoScript + hostfile + canvasblocker does it for me
Assuming, you aren't that person. Assuming another person's identity on the internet or otherwise is Fraud.
If the tech makes it easy to track people across sites then they will be tracked. Policies won't stop it since the pond scum lost likely to abuse it will ignore it. Laws won't work either, how much luck have laws had vs spam? They cross legal jurisdictions, use 'bulletproof hosts' and hijacked Windows PC.
No, the solution has to be tech. Browsers need to discourage cross site content in exactly the same way they discourage other unsafe behavior like cross site scripting. Break the webbugs that allow the tracking in the first place and solve the problem once and for all. This means sites would have to serve up the ads from their own domain if not their own actual servers but that isn't an unsolvable problem once you think about it. But it means doubleclick.newyorktimes.com can't inject a cookie that allows them to track you when doubleclick.politico.com needs to pick an ad based on your earlier viewing because no existing browser will allow it. That ends it, it kills it dead.
You cannot have your cake and eat it too (unless it's Shroedinger's cake).
Likewise, users can demand that websites do not track them, but they cannot and should not be able to force websites to do so.
It is up to the website to decide what (non)content they want to serve and how to serve it, and it is up to the user to decide what content he wants to consume and how to consume it.
Now, the government can require that registered official business websites must respect DNT to adhere to consumer protection laws, but that should by no means apply to all websites in general.
"Should People Be Able to Demand That Websites 'Do Not Track' Them? "
People -should- be able to demand it.
However we know for a fact, whether the law compels them or not, they will find ways to track visitors.
So whether or not people try to demand it, they should feel free to install whatever plugin they can to help ENFORCE their demand on their side as much as possible.
Of course they should. They can also demand free cookies every Friday or a new season of Firefly. Doesn't mean they're gonna get either.