I can understand that point of view...
... but I can also see why it should be an option on the first run welcome screen.
New technology that stops websites gathering information about users should not be switched on by default, but should require an explicit instruction to begin working, an internet standards body has said. The World Wide Web Consortium (W3C), which is responsible for ensuring that web technology is based on an agreed set of …
The 'compromise' is that companies will walk away from the W3C standards if this were opt-in. The problem is that its way to easy for 'glitches' where some how mysteriously, you get opt-ed back in after you opt-out.
(Your preferences somehow got reset without your knowledge or approval.)
Were this opt-in by default, this type of bad behavior would be harder to allow.
On one hand several organisations have a strong opinion on freedom and privacy, but on the other hand they also fear (or seem to) the "wrath" of the commercial industry when they think that they're options to advertise are being threatened.
I think in cases like these it might be better not to try to control things too much and let the market sort it out themselves. I mean; people who really care about this are most likely using AdBlock and NoScript already anyway.
Do you really believe everyday users apply AdBlock, NoScript or equivalents to browsers on their computers and phones, or even know about these options never mind how to use them effectively?
Apparently not so in the world I inhabit, although if you have any figures to back up your assertion I'm happy to be proved wrong.
anyone lacking the facilities to click the "install adblock" button is maybe not capable of forming a valid stance on targeted ads. At home I deny by default but on my work PC I accept and to be honest, the ads aren't all that bad. The main reason I run abp at home is that flash ads are f*kin annoying.
I'd also like to point out that my gmail ads are currently for doors which is just silly, I do not plan on buying doors any time soon.
No, I think a majority probably wouldn't know how to set it all up. But usually those people have friends or relatives who are more familiar with this stuff and can set it up for them. I've done the same for a few friends in my direct surroundings.
...which worked like a charm until FF started accelerating their releases, but alas. Different story.
The main reason why I think things shouldn't be over regulated like this is because I think it will also create a false sense of safety with those same computer illiterate people. And IMO a false sense of security is much worse than limited security but still knowing about it.
Users of el reg aren't a representative sample of Internet users. I suspect the vast majority have no idea of the extent they are tracked on the web, and do not care. They would never opt to not be tracked, because they don't even know the option is there. Conversely, if the default was to set do not track to on, the majority of users would also neither know or care.
Advertisers etc want this OFF by default, because no-one would turn it back on voluntarily if they knew what it really meant. However I predict that if "do not track" is turned on by default, a lot of sites such as Facebook, Google etc who depend on ad revenue will pop up a friendly reminder every so often to turn "do not track" off (or otherwise the site will not "work properly" or "give the full experience")
There's a problem with that position. Let's say you value your privacy for ANY reason and some other people don't care. I'm assuming you have sound reasons for valuing you privacy. In my own case, I just like freedom in the form of meaningful and unconstrained choice.
However, you still get penalized and even harmed in various ways as a result of their indifference towards their privacy. Some of the penalties and harms are minor. One trivial example would be the loss of products and services that you might want. In the 'harmful' case, it is not because you are the only person who wants those products and services. It's just that the companies will go after the softer targets, and if they know what they can sell and to whom they are going to sell it, then why give you ANY consideration? In other words, they will choose to maximize their profits by minimizing your freedom.
More to say, but hit the Reg limit, so...
2.1 Parties
2.1.1 Definitions
A functional entity is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person.
2.1.2 Transparency
2.1.2.1 Requirement
A functional entity must make its affiliated functional entities easily discoverable by a user.
Should be applied to the authors -
Peter Eckersley, Electronic Frontier Foundation
Tom Lowenthal, Mozilla
Jonathan Mayer, Stanford University
Why is it that everyone thinks that FarceBook, Google and other vested interests are telling the W3C what to do?
Oh! Hang on.......
I noticed MS are also on the membership list.
But they don't sell adverts and web-stalking, they sell software.
It's hard to tell which interest is more vested but it's easy to tell which one has the highest motivation to provide desirable software feature (like DNT by default).
It's the same sort of crap as the do no call lists. It would make more sense that by default every phone number is on the list and you should have to explicitly request your number removed, or better yet have a do call list that you have to ask to be added to.
Of course if they did then you could fit the entire do-call list on an floppy disk, and you wouldn't even need to take it out of it's packaging as there would be nothing to put on it :)
How will this be functionally different from the cookie laws which recently came into effect. Websites will just say "please click the button to accept our cookies. If you continue to use the site, we'll assume you're happy to accept the cookies anyway." just as they currently are.
If opt in tracking is required for accessing a website people will just grant permission.
Once turned on the technology would stop the "if you continue we assume Yes"
"OH BTW we couldn't be asked to code in a NO button, please click this long winded Read about how we track you button to turn this feature off"
And ofc the sentence would be a hell of a lot shorter if sites like El Reg had already coded in a NO button. I'm NOT fine with this. DUH.
But tech savy readers wouldn't be bothered by that lameness.
Keep up biting, err chewing, i guess tickling maybe.
How will they track that you've asked them not to track?
If I push the "I'm OK with this" button, but have configured my browser to delete cookies on session exit, do I get bugged every day? The whole thing sounds like a usability disaster that most people will avoid by just dropping their pants and bending over whilst they surf.
This post has been deleted by its author
This post has been deleted by its author
Most users have very little technical knowledge and wouldn't know how to begin to opt-out of something that most of them aren't aware of in the first place. To them the internet just works and they have no idea how much information they give away or what that data can be used for.
I don't mind accepting cookies -- I'd like to be asked if I want SEND cookies. I haven't seen that option on a browser. It seems an odd ommision.
Every time you visit a web site, you send the relevant cookies you have stored to it. Why is this half of the process is always ignored?
That depends what you mean by "work".
Since it has always been possible to avoid tracking by configuring your browser to reject cookies, it is obvious that the *purpose* of these new schemes is to persuade people to stop doing that in favour of a "voluntary" scheme.
For fans of dubious internet analogies: it's a bit like a mugger asking you to give him your gun if he promises not to use it.
Tracking, marketing etc should always require an explicit opt-in from the user/recipient. And I don't me a pre-selected check box that the user/recipient has to untick, or a list of check boxes (some ticked, some not) which ask for consent to market/share data in contradictory manners. I mean simple, clear and concise questions:
Can we track you on our site? [ ]
Can we track you across the Internet? [ ]
Can we sell the data we collect about you to third parties? [ ]
Can we allow others to track you on our site? [ ]
Only a dribbling moron would tick more than the first one (and even the first one is optional). Note: I am not talking about session cookies etc that are required to make stuff work, I am talking about the nefarious, not technologically required bullshit.
Of course people should still run ad-blockers, cookie killers and consider splatting the privacy intrusion services in their DNS cache.
Just watch. Fail to click on all four and the site will reject you, saying "Sorry, but we need to be able to do ALL of that for the site to function properly. Goodbye." And if it happens to be a hotspot like Facebook or a source of otherwise-unavailable data, then you're left with the stark choices of either bending over or not getting in.
The tech-savvy would probably turn back and find some other way, but what about the average person? Wouldn't they just give the explicit consent and then we're back where we started only with little recourse left to people because they've given explicit (and thus contractually-binding) consent?
If a site does that, the answer is simple; stop using them.
Or only use them via a puppet server/VM.
That fact the people are willing to give away so much to the likes of Facebook and Google saddens me quite frankly. I detest people who host their code on Google and will only allow its download if I absolutely have to (which is very rarely).
hopes for a well paid job at google and makes a statement: "you see unless you find an option buried deep in some awkward settings and which also means nothing to you, any company is free to track and sell each of your activities, treat you as 'leads' and so no"
Baring that do not track is cool and and that said student can carry on w/ speeches...
"...However, "affiliate information sharing" about users can continue even once DNT controls have been activated, Mayer said."
Says it all really - This whole DNT standard isn't worth squat. It relies completely on the advertiser(s) abiding by the rules. And as they have spent many many years trying to get round various attempts by users who don't want this crap, and are now trying to convince everyone that DNT should NOT be enabled by default (who the hell thinks THAT's a good idea?!) clearly they can not be trusted at all.
It will be interesting to see what happens when browser makers start enabling DNT by default because that's actually what their user's want - how will the W3C and the advertisers embarrass themselves then?
Personally, I think I'll stick with the "trust no one" policy and use Ad Blocker, and Ghostery, and NoScript etc.
"... that you appear to have switched off an important feature of your browser which will enable us to enhance your customer experience and provide you with a better service.
"You can proceed, however you will not get the full benefit of our website, so please click here to switch it back on..."
(Website announcement that fell through a wormhole from a couple of years in the future)
The issue here is really the failure condition.
People SHOULD set their tracking preferences according to their--well--tracking preferences. As in, they should make a conscious yes/no decision about tracking.
But what should the FAILURE condition be? The W3C says that the failure condition should be allowing tracking.
This is not a fail-safe condition.
The fail-safe condition (from the standpoint of the end user) is to DISallow tracking. Companies serving the user (and I choke a bit as I say this), like Microsoft, should properly set the failure condition to disallowing tracking.
If one downloaded a web browser from an advertising company (like, well, Google), one would expect that the advertising company's priorities would probably be in effect--like not even HAVING an opt-out option.
What you have to remember is that this is not so much technology to block tracking, as it is a way of communicating unequivocally to whoever is listening that you do not want to be tracked. As such, it *has* to be a decision on the part of the user to turn it on, otherwise squiffy companies can just claim that nobody takes the trouble to turn it off, make a case that it is really another bit of noise in the communication put there by browser makers, having nothing to do with the users' preferences, and continue tracking regardless.
So yes, the DNT flag does have to be turned off by default, simply to destroy that argument. And we need a bit of a publicity campaign to point out to people that they DO want to turn it on and where the checkbox is.
Even if DNT is on by default, there is no way to ensure that trackers will comply with it, that's why the W3C don't want to make them angry, check out this interesting post on the topic - why privacy always loses:
http://breadcrumbssolutions.com/why-online-privacy-always-loses
"New technology that stops websites gathering information about users"
Like the Do Not Call list stops people from calling me to say I won a free trip, need to clean my carpet... ?
It can't stop anything, it just asks them not to. The same marketing companies that think calling spam an email blast (totally different thing!) makes it OK, are not going to give a crap.