back to article Apple puts bullet through 'Do Not Track', FaceTime snooping bug and iOS vulnerabilities

Apple on Wednesday removed the vestigial "Do Not Track" (DNT) privacy technology from Preview Release 75 of its macOS Safari browser, and buried the corpse without ceremony. DNT is also missing from mobile Safari 12.1 in the soon-to-be released iOS 12.2. The shiny device biz did so, it says, to protect privacy – the presence …

  1. Adrian 4

    It's a pity the browser authors didn't name and shame the sites known not to respect DNT. They could easily have made more fuss about those that ignore the users' request.

    But then, Youtube is one of those sites. It gets a warning from (e.g.) https://learn.adafruit.com/time-tracking-cube

    1. JohnFen

      There's far too many to name and shame them. For any given site, if you simply assume that it ignores DNT, you'll be right far, far more often than you'll be wrong.

    2. Anonymous Coward
      Anonymous Coward

      Safe to say

      If a site is able to monetize personal information in any way, or depends on advertising, it likely does not honor DNT.

    3. doublelayer Silver badge

      The only site I've seen that does respect it is, in fact, adafruit. Nowhere else has ever warned me about this tracking, and of course many sites are known to completely ignore it. So you can pretty much assume the answer to what sites don't respect DNT is (*.* - *.adafruit.com). You will unfortunately have to be more active than that to stop tracking, and I'm glad that someone is killing the thing because checking that box probably provided some with a false sense of security about the whole business.

      1. JohnFen

        "I'm glad that someone is killing the thing because checking that box probably provided some with a false sense of security about the whole business."

        Yes, getting rid of that setting is absolutely the right thing to do from a security standpoint. I don't often wish that the rest of the industry copies Apple, but this is a case where I do.

  2. Tomato42

    quid pro quo

    they don't honour my DNT cookie I don't render their ads, seems only fitting

  3. adnim

    Do not track

    is partly enforced by blocking third party cookies, deleting cookies on browser closure, denying Javascript, especially third party scripts. And having a fskn huge hosts file.

  4. Sampler

    End of Chrome?

    If they're going to make changes to prevent adblock extensions then this could make a sizeable dent in their userbase as the switch back to Firefox?

    1. Colin Ritman

      Re: End of Chrome?

      Adblock plus will stick work, as it uses normal browser APIs. What's bring closed down is an API that some other blockers use, that can also be used to invade privacy.

      The press yet again making a mountain out of a molehill to get advertisement clicks.

      1. JohnFen

        Re: End of Chrome?

        "Adblock plus will stick work"

        Sortof. Under the new scheme, even Adblock Plus will be more limited, as the new API seriously restrict the number of rules that can be used.

  5. ratfox
    Meh

    Oh the irony

    Do Not Track removed because it might be used... to track users. The fight for privacy truly seems hopeless. What's next, users identified by their adblockers?

    1. Anonymous Coward
      Anonymous Coward

      Re: users identified by their adblockers?

      Probably already happening.

      My 'deny' list in my firewall gets longer almost every day. Some sites are using deliberately misspelt domain names to get around blocks on their proper names.

      This is a war that will go on for years and years.

      Any advert that makes its way onto my screen is not only added to my 'deny' list but I will never ever buy anything from that company in the future.

      While my actions are nothing more than a spec of dust to the ad slingers, if none of us makes a stand then it will only get worse.

      F*** O** all advertisers. You are leeches on society and contribute less than zero to it.

      1. John Robson Silver badge

        Re: users identified by their adblockers?

        “F*** O** all advertisers. You are leeches on society and contribute less than zero to it.”

        Whilst I roughly agree with your sentiment... my life has been transformed in the last year by a product advertised to me. That I wouldn’t have thought about going looking for.

        Adverts that are a plain small image and some text with a link to an actual product (or product family) page are fine. It’s the user tracking that’s both useless (if I have just bought item A, why do you think I need to buy another) and deeply disturbing.

        If I’m on a site with specific interests then advertise around that interest.

        If I’m in a general site then advertise like a poster on a wall.

        But in neither case should the advert flash, make noise, jump about, overlay itself in any actual content...

        1. Spazturtle Silver badge

          Re: users identified by their adblockers?

          "That I wouldn’t have thought about going looking for."

          I think there is a distinction between advertising some niche product and advertising a Big Mac.

          "But in neither case should the advert flash, make noise, jump about, overlay itself in any actual content..."

          An advert should only be text and/or an image loaded from the website itself, not though a 3rd party.

  6. Anonymous Coward
    Anonymous Coward

    Educational

    "(CVE-2019-6223) found by 14-year-old Grant Thompson of Catalina Foothills High School and Daven Morris of Arlington, Texas. We understand the teen and his family will get some compensation from Apple, which will also pay toward his education."

    I believe the 14 year old already received a little education from Apple...

    *The lad reported an exploitable privacy bug to a large corporation and was completely ignored until they were called out by the main stream media.

  7. Neoc

    Luckily for me, I have a firewall installed at home which also has an ad-blocking option. Seems to work fairly well. Now if only I could extend that to my mobile, I'd be laughing.

    1. DropBear

      You easily can. But you probably do need a rooted phone. AdAway works nicely for me.

    2. Wade Burchette
  8. Anonymous Coward
    Anonymous Coward

    Google DNT

    Can't find any reliable source that days Google ignore DNT. I did find reliable sources from Facebook and Microsoft casting they ignore them, but this was several years ago. Things might have changed. Can we have verified cites. If you are going to spew accusations?

    1. JohnFen

      Re: Google DNT

      Here's a reliable source -- Google itself: https://support.google.com/chrome/answer/2790761

      "Most websites and web services, including Google's, don't change their behavior when they receive a Do Not Track request."

  9. Tim99 Silver badge
    Trollface

    Google Project Zero

    "Three out of the four vulnerabilities in the latest iOS advisory were exploited in the wild, yikes."

    We looked at exploiting at least two of them, until other people found them too. >>===>

  10. Anonymous Coward
    Unhappy

    Missing the point

    Whether Facebook, Google, Apple et al ignore Do No Track in request headers is utterly irrelavent.

    When I select that option in any browser (as I always do) I am stating to the advertising world that I EXPRESSLY do not give my permission to have my behavior tracked - err, GDPR people!

    I suspect the recent spate of stories about this is more of an indication how the advertisers are trying to remove my option of telling them to 'do one' that it is about any concern for my wellbeing!

    1. Anonymous Coward
      Anonymous Coward

      Re: Missing the point

      Under GDPR it doesn’t matter if you are expressing that, because opt-out is already illegal, any tracking must be based upon one of 6 principles, of which consent is only 1. If one of the others is met you saying no is irrelevant.

      1. katrinab Silver badge

        Re: Missing the point

        In Windows 8, DNT was set by default, and it asked you if you wanted to unset it, which did make it GDPR compliant. I’m not sure about Windows 10.

  11. Fred Flintstone Gold badge

    The utter lunacy of Google

    Google even have the nerve to suggest you should trust a plugin of theirs if you do not want to be tracked by their analytics.

    Let me see, because I don't want my neighbours to hear what's going on in my house I will allow them to install a black box in my living room. Yup, sounds totally legit..

    I will consider sharing data with Google, Facebook and all the other grubby e-stalkers (not allow, mind, just think about it) if their executives make all their own personal data available publicly - every last bit of it. "Publicly" because, as far as I'm concerned, that is what your data will be when it gets into the hands of organisations that either buy the laws they want, or see fines merely as the cost of business, not as a hint that what they do ought to change.

    1. JohnFen

      Re: The utter lunacy of Google

      "I will consider sharing data with Google, Facebook and all the other grubby e-stalkers (not allow, mind, just think about it) if their executives make all their own personal data available publicly"

      Not me. They can all fuck right off. I have no interest in seeing their personal data. I just want them to stop spying on me.

  12. MrWibble

    If only Do Not Track worked - then we can do away with all other "we track you" cookie pop-ups, and everyone's happy. But no, that's too simple...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like