back to article Global Privacy Control emerges as latest attempt to let netizens choose whether they want to be tracked online

A coalition of technology companies, publishers, academics and advocacy groups this week proposed a web specification to allow internet users to declare whether they agree to have their personal data shared or sold. It's not called Do Not Track (DNT), a web specification that took shape in 2011 after percolating for several …

  1. Anonymous Coward
    Anonymous Coward

    They just don't get it........but maybe that's the point!!!

    Quotes: "web specification" "expressed as a binary digit in an HTTP header" "legal support"

    *

    This whole proposition is about preventing the tracking of CONTENT in HTML transactions.

    *

    What it fails to recognise is that the NSA and GCHQ and all the other spooks are still able to collect metadata about the account holder, the IP address, the location of the originator of a transaction and a time stamp. If needed, an internet service provider can be persuaded to provide details of the content of transactions which match this metadata. (And that's before we consider matches with widespread camera data.)

    *

    The ONLY way to avoid being tracked is to ensure that the transactions which a person initiates are either:

    a) anonymous (no link between an account and a person e.g. with a burner phone)

    b) deliberately linked to some other person (e.g. hijacked WiFi, internet cafe, etc.)

    *

    And even if one of these two precautions are in place, the person needs to ensure that they do not "give the game away" by say using a personally identifiable account (say checking email or FB).

    *

    Note that none of this, NONE OF THIS, has anything at all to do with HTML or web transactions. This is pure misdirection of the reader. Privacy and freedom from tracking requires MUCH more than tinkerig with HTML!!!!

    1. Robert D Bank

      Re: They just don't get it........but maybe that's the point!!!

      I know nothing about the technicalities, but apart from the spooks which we can never realistically avoid, one would hope this might stem the slurping from the commercial side.

      1. elaar

        Re: They just don't get it........but maybe that's the point!!!

        Exactly. This is aimed at companies and not government agencies, specifically the sharing and selling of personal information.

        Even if there was a legal framework preventing secretive government agencies from spying on people, past evidence has shown us that it would simply be ignored/abused.

        1. martynhare

          Re: They just don't get it........but maybe that's the point!!!

          This idea falls over the moment key services reject users with the header enabled or set to a value they don't like. Mozilla Firefox and Apple Safari have both got decent controls in place to help bugger advertisers on a technical level, without giving the option for websites to beg users to disable them.

          Firefox has the advantage (over Safari) via an option to namespace/containerise access to cookies and cached data based upon the site in use (based upon what's in your address bar). For example, this means if you visit facebook.com, then visiting non-Facebook sites does not allow their Facebook Like buttons to link you to the Facebook account you normally use. Likewise, this throws a massive spanner in the works for Google Analytics and similar services.

          On Chrome/Edge, these protections aren't available, so you have to blacklist using browser extensions instead - which often results in e-begging from website owners. Blacklisting doesn't cover future tracking services, while the Firefox (optional) namespacing method does, without even needing to block adverts.

      2. Yes Me Silver badge
        Thumb Down

        Re: They just don't get it........but maybe that's the point!!!

        "one would hope"

        Downvote because "hope" is remarkably ineffective against profit-driven capitalism. So is regulation, since it's trivial to off-shore the surveillance system into a less regulated jurisdiction.

        The only way to make things better is to use unbreakable cryptography end-to-end, which is exactly what the spooks and the cops hate most. And even that doesn't work if the remote site you are accessing collaborates with the surveillance system (which is often called by a name such as Google). So that needs unbreakable anonymity too. Which among other things requires you to hide your IP address. Which means using TOR all the time for everything. Which the spooks and the cops also hate, apart from it being a PITA.

        So GPC will be exactly as successful as DNT.

        (I recently got a new "smart" TV. It's so smart that its manufacturer is now slinging ads and spam at me on every system where my Google ID shows up. So far they haven't found me on the Register site, which is slightly reassuring.)

        1. katrinab Silver badge
          Unhappy

          Re: They just don't get it........but maybe that's the point!!!

          We mostly do have end-to-end encryption on the web now. I don't know if it is unbreakable, probably it isn't. What I do know is that current tracking practices don't involve breaking it.

    2. Adelio

      Re: They just don't get it........but maybe that's the point!!!

      What i want is NO adverts or tracking AT ALL by default.

      Google et all already have enough money. they do not need any more.

      1. pc-fluesterer.info

        Re: They just don't get it........but maybe that's the point!!!

        "Google et all already have enough money. they do not need any more."

        ... but the shareholders do! Greed is infinite.

  2. Dan 55 Silver badge
    Meh

    Another flag to be ignored

    Perhaps the name of the flag isn't the problem?

    1. DCFusor

      Re: Another flag to be ignored

      How would you ever prove that party B got your info by buying it from party A (or any other you'd told not to sell your stuff)?

      No enforcement, no effect.

      There used to be at least slight decency, morality, doing the right thing for the sake of it.

      But all of society has become just "don't get caught" instead of "don't do wrong" and "do right".

      Those things we call schools....and parents...kinda stopped teaching those ideas quite awhile back, and

      here we are.

      1. pc-fluesterer.info

        Re: Another flag to be ignored

        schools can't fight capitalism.

  3. Cederic Silver badge

    confused

    If there's regulatory support for this then why wouldn't they apply those regulations to DNT, which already exists and is already built into most web browsers.

    I'm confused by the need for a whole new header here.

    1. Anonymous Coward
      Anonymous Coward

      Re: confused

      The article says DNT refers to tracking, not data selling.

      1. Yes Me Silver badge
        Happy

        Re: confused

        If you don't track, you've got nothing to sell, so in the real world there is no difference whatever between ignoring DNT and ignoring GPC.

        1. PerlyKing

          Re: in the real world there is no difference

          But in the legal world there is.

  4. Claverhouse Silver badge
    Mushroom

    They Will Never Stop

    Ho hum...

    Just read Reddit's new Privacy Policy which includes this:

    Most modern web browsers give you the option to send a Do Not Track signal to the sites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a site should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.

    .

    To which the only reasonable response is like that of an American Blockbuster film, but with more explosions and plenty of guns. Smug shits.

    .

    And the 'choices' are as wearisome and convoluted as most such. God, the scum of the internet really, really hate GDPR...

    1. Version 1.0 Silver badge
      Facepalm

      Re: They Will Never Stop

      So you click on "no don't track me but let me use the web site" and what does the web site do? It adds you to the secret tracking list with a note that you accepted their terms and then sells everything to the next site.

      You would have to be a sucker to believe that websites actually follow guidelines, all everyone does these days is work around them.

    2. Anonymous Coward
      Anonymous Coward

      Re: They Will Never Stop

      I was (very) pleasantly surprised to see that Triodos Bank's websites do actually heed your DNT settiing and therefore pre-select non-abusive cookie acceptance/rejection settings in their cookie setting tool, but sadly I think those are the only sites I have yet found which do.

      (Fair play to The Reg for also setting non-evil initial values when you choose "manage cookies", unlike so many sites which then present you with a massive list of "all enabled", which you often then have to disable one by one, taking the piss or what?)

      1. Martin an gof Silver badge

        Re: They Will Never Stop

        Yeah, but why does the blasted thing keep popping up? Do they think that I'll have changed my mind after a fortnight? Do they think that next time - just maybe - I'll accidentally click on the "accept all" button in error?

        M.

        1. martynhare
          Trollface

          Re: They Will Never Stop

          Oh you revoked consent did you? Wonderful! Have you objected to each of our “legitimate interests” yet? No? I guess that means we keep your data after all! Sucker!

        2. Anonymous Coward
          Anonymous Coward

          Re: They Will Never Stop

          Probably because (like most sensible people) you have set your browser to delete cookies on exit?

          They need to save a cookie so that the cookie preference doobrie knows that you have already seen it, otherwise it doesn't know that and so will reappear. Yes, there's ever such a slight Catch-22 there.

          Life would be so much easier if sites where you are regularly logged in would save your cookie preferences as part of your account, so that being logged in could do the necessary behind the scenes magic to tell the doobrie to shut up and go away.

          That still leaves sites that you don't trust or use enough to have an account on, but at least it would be a start.

          1. Martin an gof Silver badge

            Re: They Will Never Stop

            Probably because (like most sensible people) you have set your browser to delete cookies on exit?

            Nope, quite a lot of cookies originating from El Reg are permanently resident in my browsers, they just seem to think I need to re-affirm my choices every few weeks. Similar story with Google's ridiculous opt-outs...

            M.

        3. dajames

          Re: They Will Never Stop

          Yeah, but why does the blasted thing keep popping up? Do they think that I'll have changed my mind ...?

          Methinks they store your consent to tracking in a cookie, but if you don't want to be tracked they don't set a cookie because it could be used to track you ...

          This is why consent for cookies and tracking should be a browser option, and not something managed by individual sites.

  5. ThatOne Silver badge
    Devil

    More hot air

    > Becerra has said "Do Not Track" doesn't clearly signal the intent to opt out of data sharing and selling

    Obviously, that name was ambiguous and open to interpretation...

    Seriously, having a "right to opt-out" might sound reassuring but means nothing: Nobody has to respect it. You can claim to have "rights", nobody is going to respect them unless forced by coercive law (and even then it's often a hit and miss affair).

    How efficient you think would be a shield on your door stating "Please respect my right to not be burglarized - Pretty pretty please?".

    1. Khaptain Silver badge

      Re: More hot air

      The difference here lies in the fact that we know who the burglars are....

  6. Glen 1

    Browsers

    Surely its down to BROWSERS to enforce this type of thing? or at least mitigate against the snoopers?

    Don't allow 3rd party cookies (and possibly code), or at the very least, don't allow them to persist across different first party domains.

    Firefox has already started doing this for its "Facebook Container". This should be the default. A container for each 1st party domain visited, not "let everyone have everything" unless specified.

    It boils down to the point others have already made. Asking someone not to collect/sell your data, when that is their entire business model, is like asking the wolves not to raid the chicken coop. Its in their little wolfy natures.

    As exemplified by the hoops you have to go through to do anything other than "allow all cookies" on many sites.

    1. Yes Me Silver badge

      Re: Browsers

      Cookies just make tracking easier. If there were no cookies, tracking would still be done, but it would use a third party service of some kind, and would by now be a very big machine learning application. Abolition of tracking via cookies would just be a nice business opportunity for somebody. I'm guessing that the major CDNs would be able to offer a tracking service as a lucrative add-on, for example.

      1. Glen 1

        Re: Browsers

        "third party service of some kind"

        Which would make it trivially easy for browser clients to isolate.

        The point of the container is not to block everything (ala noscript of ghostery), as many sites deliberately break themselves if they detect ad blocker type behaviour. The point is to have every domain see its own browser, forcing third party services to infer/guess connections between sites rather than the tentacles we currently have.

        Third party cookie isolation is just the start. No eTags outside of first origin. Each container getting its own cache etc

        The main countermeasures to such moves include things like OAuth, where its the first parties sharing information directly with each other, cutting out the third party middleman.

        Also, isolating separate accounts with the same service is still a pain. Log in to a family-facing Facebook account, then switch to an account showing a less culturally accepted side of you? That account is probably going to show up on your family's "people you may know" feed. Or worse - it will be given as a "helpful" option to login as on a shared machine - a potentially life threatening situation in certain parts of the world.

        That said, if you are spending enough time on any single service, they probably have enough information (search habits, browsing preferences) on their own to build a useful ad profile on you, without having to link to any other site/service.

  7. Blackjack Silver badge

    Funny enough it has been proved personalized advertising works worse than showing ads of what people are actually looking for.

    1. Dan 55 Silver badge

      Of course, once you've bought a lawnmower you don't want to buy any more, but those are all the adverts you'll see.

      1. Yes Me Silver badge
        Facepalm

        Your lawnmower is obsolete

        You just wait until you start to see ads telling you that your lawnmower is 5 years old and must need replacing soon. (I need to patent that idea, it's a clear money-spinner.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Your lawnmower is obsolete

          I read "lawnmower" as "lawmaker".

  8. alain williams Silver badge

    Will this just not make Google richer ?

    This stops "sharing or selling of personal data", it does not stop use of data that has been collated by looking at & collating who does what on many, many web sites.

    They will just say "we track everybody so we understand everything about everybody. GPC means that we cannot tell you anything, but we have new services that we can sell you that: do anything on your behalf & so let you do almost anything to anybody. So you will reap benefits of all our tracking of everybody (and we get lots more $$)" ?

    If I visit a web site I kind of understand that they will learn something about me from that visit. What I do not want is:

    * data from the many web sites that I visit collated to draw up a profile about me.

    * the use of spooky/subversive techniques (more that just cookies) to identify me, eg abuse of ETags.

    Maybe I do not understand but I think that this is naive and will not be much more effective than DNT ...

    1. DS999 Silver badge

      Re: Will this just not make Google richer ?

      It stops OTHER sites from collecting personal info, but Google doesn't need to get it from the web server for the site you are visiting anymore. They can get it from the browser, from Android, from the ad servers etc. etc.

      If it is harder for typical web sites to collect information, then Google is the only one (other than other titans like Facebook and Amazon) who has access to volumes of personal information about you - making it even more valuable.

  9. Anonymous Coward
    Anonymous Coward

    You know you’re doing privacy better when...

    ...any ads you might see are for wildly obscure products.

    One minute, kids dresses, then dentures, then agricultural storage tanks.

    The internet thinks I am between 16 and 90.

    Which is true.

    1. NetBlackOps

      Re: You know you’re doing privacy better when...

      I've made a mission, and have succeeded beyond my wildest dreams, to thoroughly confuse the frag out of the Amazon recommendation engine. Haven't had as much success against Google.

    2. Alumoi Silver badge

      Re: You know you’re doing privacy better when...

      ... you don't see ads.

      pihole, ublock, cookie autodelete, clean browser history on close, no offline cache and the list goes on.

      1. pc-fluesterer.info

        Re: You know you’re doing privacy better when...

        plus NoScript, uMatrix and the like.

    3. EnviableOne

      Re: You know you’re doing privacy better when...

      Apparently i am simultaniously 10 years oolder than myself and 20 years younger and also both male and female and from seven or eight town around where my IP geolocates to.

      1. Falmari Silver badge
        Joke

        Re: You know you’re doing privacy better when...

        "and also both male and female"

        Not necessarily, maybe you are male and into cross-dressing ;)

  10. Greybearded old scrote Silver badge
    Big Brother

    Call it what you like

    Nothing new here. These items of genitalia are hoping to get as rich as Zuck by peeping wherever they can. Therefore they won't stop just because you ask them not to.

    I see two possible solutions:

    It's time the appointed regulators of GDPR started fining firms into bankruptcy for their persistent non-compliance. There's been a couple of years for them all to change their behaviour, after all. There doesn't appear to be any appetite for that among the authorities though.

    Set our clients to deny them the opportunity. I have Firefox with the privacy settings turned up to 11 and also Privacy Badger and NoScript. If I have to whitelist more than two or so hosts' JS you'd better be offering something I really want to see. (Yes, including those.) Chrome? Don't be silly, it's written by the blasted poachers. That's only for when I actually have to sign in to a Goggle account, or a site that the lazy bastards involved made it work only on Chrome. This option is something of a Red Queen's Race of course.

    Evidence is a bit hard to get, but I believe that I'm doing reasonably well.

    EDIT: Not being one of the herd, there's not much I can to about passive tracking I'm afraid. Panopticlick amusingly claims that I have strong protection, even though my fingerprint is unique. Huh?

  11. IGotOut Silver badge

    Google...

    ...will bribe, sorry lobby, the right people and will wail and stamp their feet, saying it will break the internet.

    When (more like if) it gets through, it will be so watered down it will be as good as useless.

  12. Doctor Syntax Silver badge

    "its backers believe this time will be different."

    Really?

    1. EnviableOne

      Question of Sanity

      Insanity is doing the same thing over and over again, but expecting different results.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like