Apache Patch To Override IE 10's Do Not Track Setting 375
hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"
Gee, How Much Google Paid For This (Score:2, Interesting)
It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. Aft
Re:Gee, How Much Google Paid For This (Score:5, Insightful)
Ad-block FTW
Re: (Score:2, Insightful)
What has Apache got to do with this? (Score:4, Insightful)
Why is Apache doing this? Shouldn't it be up to the webmaster and developers whether to ignore IE10's DNT or not?
Why is Apache doing user agent sniffing(a no no usually for even web apps) and overriding web applications by default? The patch doesn't even give a choice to the webmaster to configure Apache to disable this action. So it's being forced on Apache users because of the ego of the DNT spec writer? Lets say IIS turns on DNT for all browsers, how will Mr. Fielding feel then? Apache is being used as a pawn in this power game and this move will help no one. Let the advertisers ignore DNT from IE10 if they want to, why block DNT flag on at the web server level?
Re:What has Apache got to do with this? (Score:4, Insightful)
This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.
And who the hell cares about the digital advertising alliance. They don't dictate anything having to do with advertising on my computers.
What the hell is going on here? These people seem to be violating every tenant of privacy. This makes Apache an outlaw. It's ridiculous to say the least. They say they don't tolerate...., well we should never tolerate their interference.
If you guys are supporting Apache because they are Apache you need to stop and reexamine your position. I don't use IE but all browser makers should be pampering the users not the advertising industry, and the web server manufacturer should never pamper advertisers.
Re:What has Apache got to do with this? (Score:5, Informative)
This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.
Apache isn't doing this. One person has posted a patch. It has not, as I understand it, yet been accepted by the Apache Foundation. Even if it were, Apache HTTPD is by design a highly configurable web server which has modules to do all sorts of things, but on any typical web server only a few of those modules will be enabled. This particular patch - even if it were accepted as part of the distribution - only works if both the 'setenvif' and 'headers' modules are enabled, which, on my servers, is not the case. Furthermore, the 'patch' is five lines in a configuration file; if you don't like 'em, comment them out.
Slow news day, storm in a teacup, nothing to see here, move along.
Re:Gee, How Much Google Paid For This (Score:5, Insightful)
Ad-block FTW
Pretty much, along with cookie blockers. Anyone who doesn't use one on the internet these days is either mad or insane. Perhaps both. I don't care that site users are whining and crying that they're losing revenue, it's stuff like what was mentioned in the article itself(too long to repeat) that ensure that I'm going to keep using them. Plus the long list of abusive ads themselves that like to run with their volume at 11, or inject malware.
I'd be happy with ads, no really. If companies weren't being so stinking abusive over it. I'd call the entire thing an abusive relationship, you even get companies promising "we don't do this, don't worry we've changed." And next time, they're right back to doing it. Sounds familiar doesn't it?
Re: (Score:3)
Not just that. Many people don't know that you can get easily infected by a rogue advertisement even being displayed. That alone keeps me using Adblock, even if all of the other factors people name didn't exist.
Re:Gee, How Much Google Paid For This (Score:4, Informative)
Re: (Score:3, Funny)
Just wait till they start hiding under your bed with chainsaws.
Re: (Score:3)
Just wait till they start hiding under your bed with chainsaws.
Nah, they come in through the skylight [xkcd.com] or on stage at Yale [xkcd.com]. It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks. Rumor has it RMS also hid a special macro in Emacs which turns your pinky finger into a deadly weapon.
Re: (Score:3)
It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks.
The same bed? :O
Re: (Score:2)
It's in the interest of all its user-base to minimize the number of DNT browsers. Ads fund websites and targeted advertising brings in more revenue for the sites (i would think).
Choosing to ignore a standard is not what they should be doing either.
Re:Gee, How Much Google Paid For This (Score:5, Insightful)
To be honest this is kind of a ridiculous standard anyway. The way I read it, it seems to me the sites I would least want to track me are the exact sites that are most likely to ignore DNT completely. This standard reminds me of the Evil Bit RFC. [ietf.org]
Re:Gee, How Much Google Paid For This (Score:5, Informative)
It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. After I've searched for something on Google, the related advertisements start to come up EVERYWHERE on the internet. Seriously, they come after you. If you search for specific flights you start to see ads for that everyone. It'll haunt you and there's nothing you can do.
Not true: you can change your Google Ad Preferences [google.com] or opt-out.
Similarly, you can use the NAI's opt-out page [networkadvertising.org] to opt-out of Google and other ad network tracking.
There's plenty of browser plugins that work to block ads entirely (such as AdBlock) and ones that ensure that the "opt-out" cookies stay in existence even if you clear your other cookies.
All the other browsers than Safari and IE are in bed with advertisers because both Firefox and Opera get revenue directly from Google.
The default search box in those browsers comes configured to use Google, yes. They do get income from ad revenue stemming from searches from the box. You're not forced to use that search box, nor are you forced to use the default settings -- you can add other search providers (like DuckDuckGo, ixquick, etc.) -- Firefox, for one, doesn't have ad agreements with anyone other than Google.
So for the love of god Apache Project, stop taking bribes from Google and doing evil things like this!
Is there evidence that the Apache project is "taking bribes from Google"?
My understanding from the article is that an individual contributed a patch to the the Apache httpd.conf source code and does not reflect the official viewpoint of the Apache Foundation, nor that the patch has been approved for inclusion. Naturally, I welcome any corrections.
Re:Gee, How Much Google Paid For This (Score:5, Informative)
Just a FYI.
I went to NAI's opt out page and tried it. I have Adblock-plus. To get all of them, you have to turn off Adblock-Plus, hit the "all of them" button, and then re-enable. Otherwise, you only get 50-some-odd out of 95.
--
BMO
Re: (Score:3)
Also FYI, I typoed the URL for Google's ad preferences. Here is the correct URL: http://www.google.com/ads/preferences/ [google.com] -- I left off the "s" at the end of "preferences". Mea culpa.
Re:Gee, How Much Google Paid For This (Score:4, Informative)
This may be an argument in semantics but it seems to me a true source code patch (ie. one in which once the server is compiled no configuration option will allow a setting one way or the other) is much more worrisome than a simple configuration change.
From what I am reading, unless/until this patch is included with Apache by default, this is really a non-issue. Someone who wants to ignore DNT can do it. Someone who wants to honor it can do so as well. This choice is left up to the company that is using the software (and believe me, even if DNT was hard-coded into the source code, sites that don't want to honor it would simply patch Apache internally). As I mentioned elsewhere in this thread, DNT reminds me of the "Evil Bit" RFC.
Re:Gee, How Much Google Paid For This (Score:4, Interesting)
Google and every other advertiser know that, when given the choice to opt in on something, you likely won't. I could type a wall of text, but if you have a few minutes you could watch this TED talk about opt-in vs opt-out.
To sum up: you are not really in control of your decisions
http://www.ted.com/talks/dan_ariely_asks_are_we_in_control_of_our_own_decisions.html [ted.com]
Re: (Score:3)
Similarly, you can use the NAI's opt-out page [networkadvertising.org] to opt-out of Google and other ad network tracking.
I went to that page - it told me I had to turn on third-party cookies to use its functionality. Nice try!
I'm pretty sure not allowing third-party cookies largely solves the problem already. I've also got Firefox set to "ask me every time" whenever someone wants to set a cookie - yeah, it was a pain for the first few weeks, but I think it's worth it.
So what happens if a company proxies the third-party cookies through their own site and turns them into first-party cookies?
Advertisers can develop just as many hacks to deliver as as people can create hacks to stop advertisers.
What, you thought HTML5 was just for kicks?
Re: (Score:3)
Including:
Better Business Bureau
Association of the United States Army
AllState Insurance
Forbes
Microsoft (ironic)
Re:Gee, How Much Google Paid For This (Score:4, Interesting)
Wow, +5 for a shill account with one paranoid delusional comment.
1) It's not obvious that Google is behind this. Roy Fielding, the man responsible for it, works for Adobe.
2) If Roy Fielding were a sock puppet for Google, and Google would prefer DNT not to exist at all, then he probably wouldn't have made DNT in the first place.
Re: (Score:3)
DVR makers may not do auto-ad-skip, because it's the same as stealing copyrighted TV broadcast
Er, what? The broadcast is available to everyone, no matter if you asked for it or not.
We care about ad networks? (Score:5, Funny)
This hasn't gone down well with ad networks
To quote Firefly: "Do we care? Is this something we are caring about?"
Re: (Score:3)
We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default.
It's that simple.
Re:We care about ad networks? (Score:5, Insightful)
Frankly I think the whole thing would be better if adblock was just installed by default in every browser.
Ads are nothing less than visual pollution. Tracking is also one of the reasons that we have cookies and all the other security problems with the web. HTTP was meant to be a stateless protocol and should remain so.
Re: (Score:2)
If it's something you opt into, then yes. It would be in their interest to avoid harsher requirements from governments, when questioned they would be able to just point at the optional flag and say there's no need for legislation. However when it's on by default it will hurt too much ...
Re:We care about ad networks? (Score:5, Insightful)
Tracking should be something users should have to opt in to, not out of.
Re:We care about ad networks? (Score:5, Insightful)
Do you remember the debate about blocking pop-up windows? Very similar complaints from advertisers who said they were 'financing the development of the web' (what a bunch of bullshit, they are just profiting from it). Yet every browser blocks them by default now. I await the day when (tracking) ads will be blocked by default by most major browsers. It's time to take the web back. HTTP is meant to be a stateless protocol.
Re: (Score:2)
You think ad networks will be the one who honor DNT?
Uh, yes, that is the entire point of DNT. It has no other use than as a flag for ad network to honor.
Re:We care about ad networks? (Score:5, Insightful)
We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default. It's that simple.
The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').
Re:We care about ad networks? (Score:4, Insightful)
The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').
Yes, and we saw the same reaction with the AdBlock Plus detection/counter-measures hoopla. Advertisers can tolerate a small percentage of blocking, but it can't become to popular.
http://en.wikipedia.org/wiki/Adblock_Plus#Advert_filtering_controversy_and_.22acceptable.22_ads [wikipedia.org]
DNT is just an Evil-Bit with better marketing, so I'm not sure what concessions the advertisers can make to continue the pretense that DNT is an effective option.
Re: (Score:3)
Re:We care about ad networks? (Score:5, Insightful)
I guess hell is freezing over now because I am forced to side with Microsoft on this one. I can't think of anyone who actually wants to be tracked like a bear with a radio collar. The express install has DNT as a default setting because most people really don't want to be tracked. For the few that do, they can choose custom settings and not choose DNT.
I will be ripping that patch OUT of any Apache I install. If it were a physical thing, I would then piss on it and burn it. It is deeply disrespectful to the end user. All it does is lend credence to the idea that the whole DNT thing was a big fat LIE by the ad networks (liars for hire).
Re: (Score:2)
I don't quite know if we care about them, but just speaking about customized ads: I've been finding them quite useful of late.
For a long time I was using a dual Chromium/Chrome setup: No Javascript in the former and the majority of browsing in that, and only using Javascript on the latter when necessary for a specific site.
I got a new, faster computer and installed Ubuntu anew on it using Chromium with Javascript on. So I got to experience the web with custom ads.
I find it somewhat useful. For example I see
Re: (Score:2)
If do-not-track is just a factory default, and not a user choice, then the ad networks have no reason to honor it.
If it hasn't gone down well with ad networks, it means they are being earnest about implementing this: those are the "okay" networks. They want not to track users who explicitly express "do not track", (but would like to track other users, the don't-cares). Microsoft is screwing that up by making the don't-care users look like don't-track-me users.
"Bad" ad networks don't care about this issue, s
Re:We care about ad networks? (Score:5, Insightful)
There was content on the web before there were ads, dipshit.
Anyone who thinks we can't have one without the other is wrong, because that state has already happened.
Re:We care about ad networks? (Score:4, Funny)
oh, yes. And what a wonderful web it was.
Re:We care about ad networks? (Score:4, Informative)
Yes, all improvements to the web are thanks to the ad companies, it has nothing to do with technological progress.
Re:We care about ad networks? (Score:4, Insightful)
Yes, all improvements to the web are thanks to the ad companies, it has nothing to do with technological progress.
Technological progress costs money.
You have to give people a reason to buy the hardware and services it requires.
Broadcast radio began as little more than a high tech hobby. With programming like Amos and Andy and The Grand Old Opry, broadcast radio became a national obsession.
Re:We care about ad networks? (Score:5, Insightful)
Why yes it was there was content, not people telling each other what they had for dinner and when they had a BM. When you searched for information about a piece of hardware you got the manual and other useful information not the marking drivel. The noise ratio of the internet has gone up dramatically as it's become more and more commercial.
Re: (Score:3, Insightful)
Indeed it was. I searched for information and I got information. Today it's more of a hassle to get information than it was in the 90s.
Let's say you're looking for some kind of code. You want to know how to do something elegantly, sensibly, or just at all. In the 90s, this meant typing in your search string and unless you were looking for something completely outlandish, altavista usually offered you some university page where that problem was discussed by some students.
Today, you type your search string an
Re:We care about ad networks? (Score:4, Interesting)
You want to know how to do something elegantly, sensibly, or just at all. In the 90s, this meant typing in your search string and unless you were looking for something completely outlandish, altavista usually offered you some university page where that problem was discussed by some students.
Or you used Dejavu usenet search and found the technical group that either already had the answer, or was the right place to ask it.
Then Google bought Dejavu, and mixed its own "Googlegroups" forums in with it inextricably, and allowed any Google user to send unlimited amounts of spam to usenet. So every single fucking newsgroup was full of ads for knockoff Chinese sports shoes, Rolex, pyramid scams, porn, etc, etc. The signal to noise ratio became so bad that almost everyone abandoned usenet. Seemed to be Google's idea, after all they can very effectively filter spam from GMail, but did absolutely nothing to prevent spam -- mostly from their own users -- going into usenet. A wonderful resource was destroyed so Google could try to promote their own forums, which never took off, so we don't even have that as a alternative. Now you have to search and find the right web forum. And when that forum goes offline, all its accumulated knowledge just disappears.
Re:We care about ad networks? (Score:5, Interesting)
There was no "rule" at all.
Almost all ISPs had usenet servers and filtered spam. The ones that didn't were blacklisted by the others. Until Google came along. Then many ISPs stopped providing usenet feeds and told their users to use Google. And Google didn't filter spam. It enabled spammers to use throwaway accounts. Didn't matter that the account was deleted later, they could get a new one immediately and keep going. Some premium hosts blocked Google posts, but that also blocked many legitimate posters who didn't want to pay form a usenet feed.
Anyway, where before you could filter out all the crap from Russia, China, India, etc, now the biggest usenet host of all in the world was generating the most spam. Those cunts killed usenet. .
Re:We care about ad networks? (Score:4, Insightful)
Re:We care about ad networks? (Score:5, Interesting)
We had worthless crap spewed by some amateur individuals instead of worthless crap being spewed by some professional agencies.
I fail to see the big improvement.
Re: (Score:2, Insightful)
Yes, they fund most of the content on the internet, dipshit.
This is a strawman. You can have ads and ad revenue without excessive user tracking.
Re:We care about ad networks? (Score:5, Interesting)
If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?
They can choose. Use tracking ads, have them blocked, and get nothing. Or use regular ads, and get something.
It's hardly our fault that they choose to abuse their customers and then bitch about getting no money because of it.
Re: (Score:3)
If the site is so concerned about money and income, why don't they just use regular ads instead of tracking ads then?
Relevance. Companies aren't interested in paying money to show ads to people who aren't going to buy their product anyway, so if websites use regular ads they're going to make a lot less money.
Re:We care about ad networks? (Score:5, Interesting)
The best content on the internet is produced out of a passion for creating the content, rather than a desire to make a buck. The commoditization of the internet will ruin it, yet. We can't even escape marketing and obnoxious advertising *here*. The majority of people just want to make a buck, right down to the last mommy-blogger that plasters her five-views-a-month blogger page with adsense just so she can eek a nickel out of every last word.
Remember when people did shit because they cared? They didn't have to monetize every square inch of every page of their website? The created services and content because they loved doing it or cared about the community they were doing it for? Remember when sysops built communities for free? They bought the hardware, they maintained everything, they paid for the phone lines, they spent hundreds of hours adding content, connecting their services to multi-node door games, setting up FIDOnet, accounting, etc. And they did it because they enjoyed it. And if people appreciated it enough, they chipped in some cash. Not because they were asked to, but because they wanted to. And you didn't have to be confronted with ads.
I'm not saying the whole internet has to be like that, but does *EVERYONE* have to eek a penny out of every last spot they can? Not just big websites with huge advertising contracts, but right down to every jackhole with a dinky little website or blog?
When I started my site in 1997, I did it with the specific intention of never monetizing it. I didn't charge money. I didn't charge fees. I didn't sell ads. Nothing. I did it because it was enjoyable and it served a purpose for people that they found valuable. I'm sure they'd have paid if I asked, but I didn't. It felt dirty. It felt unnecessary. I thought it was a righteous and reasonable thing to do.
Almost a decade later, I met someone in a bar and it turned out she was a long-time member of my site. We got to talking about it for awhile and when I brought up advertising, she paused and said that she actually had never even noticed that there was no advertising on the site. I couldn't believe it. I feel so accosted by advertising every fucking where I turn that I sure as hell notice it on sites and appreciate the lack of it on others. And here, I discovered that regular people neither give a shit nor even notice whether there are or aren't any ads.
Noncommercial content (Score:2)
For one, yeah, the pre-commercialization web of NCSA Mosaic was awesome. (Not being sarcastic.) It was content-heavy. Down-homey. Come as you are.
It's really nice to be able to read content by people who are just writing down their thoughts and aren't constrained by have to dream up a certain number of words every day for the sake of pageviews.
Yet I have trouble finding that stuff anymore. Any normal web query you do will lead to the big sites (HuffPo, etc.) in the SERPs. And if you click on "blog" in Googl
Re:Noncommercial content (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
This doesn't get rid of ads, it just asks nicely that the user not be tranq darted, tagged, and cataloged like an animal. The patch gives those nicely asking users the finger.
I have adblock installed, but decided I would only block ad servers that serve up malware, scams, and/or annoying singing, dancing, and jumping around ads.
Re: (Score:3)
I think that Microsoft has turned that around. By setting the flag to not track, they then bully the OTHER ad agencies.
Remember, Microsoft is ALSO an ad agency. They get to embed Bing right ino the browser as the default. It doesn't matter if they follow DNT flag or not, they have a huge captured market just from people that don't do anything. Just like Apple, they are working to build ads into the "metro" platform as well... That's all "outside" the Do Not Track debate because the DNT flag only effects "br
It does not protect anyone's privacy... (Score:5, Informative)
It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization
By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.
If active choice is not an option, a default in favour of not tracking seems a better position to me but, then again, I am not an ad network executive.
Re:It does not protect anyone's privacy... (Score:5, Interesting)
The point is, DNT only works, at present, on a voluntary basis. As you say, your stance (privacy by default) is not what any ad company will voluntarily choose -- but as long as only a few users opt-in, it can make sense to roll with it for good PR, and to keep the people who care about privacy placated so they don't agitate for privacy regulations the ad men would have to comply with.
It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization
Yeah, that is bull. The recipients don't care that it's set by a real human being, they care that it's set on a small enough fraction of UAs that the PR is worth more than the value of the data they forgo. The former (for now) satisfies the latter, but if enough people started setting it, it'd still be too many, and they'd start ignoring it.
Now you may (as I do) consider the whole situation laughable, because it by design secures privacy for a few by throwing the masses to the wolves, but that's the system we have, and IE's default breaks the conditions under which that system can continue to exist. There's only three ways it can play out (so long as it's the same voluntary cooperation):
(A) ad networks see IE's market share as "too much", disregard DNT altogether.
(B) ad networks see IE's market share as acceptable losses and continue to respect DNT across the board; Firefox etc. eventually copy IE's default; ad networks then disregard DNT altogether.
(C) ad networks see IE's market share as "too much", disregard DNT only on IE, nobody copies IE -- at the very least the system continues to work for people who care enough to set DNT on non-IE UAs, and there's the possibility IE switches back to opt-in DNT, after which the ad networks will restore the status quo.
A and B are total losses (of the voluntary scheme; the aftermath may or may not result in new privacy regulations); C maintains the status quo for many users, and has the possibility to return to status quo across the board.
By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.
Oh, come off it. It protects your privacy when those qualifications don't affect you. So don't run IE, and it still protects your privacy. Now if you meant "it protects everyone's privacy as long as "recipients" abide by it without question" , then yes. But since we all know the DNT system is designed to operate by throwing ignorant or apathetic individuals to the wolves, protesting that it doesn't protect everyone's privacy is kinda disingenuous.
Re: (Score:2, Troll)
How it seems... (Score:5, Interesting)
At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?
Overall, I see where they are coming from but at the same time all I hear is a bunch of self-entitled whiners. Is there any good reason to instantly get tracked as soon as you visit your first website, or should you be allowed to later reveal yourself to the world if you so desire the features this advertises and data miners claim to provide? The most obvious being targeted ads and more relevant searches when using Google.
Re:How it seems... (Score:4, Insightful)
At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?
So all adverts then.
I have ad-blocking on by default. There are only a couple of sites where I specifically allow them to be shown, because as you point out some sites can't exist without them. I don't like adverts, and I go out of my way to avoid buying anything that is "advertised". If I want something, I'll go looking for it, research it, and the buy it.
I don't take calls from cold callers either - I think they are as distracting, irritating and privacy invading as adverts on websites.
Re:How it seems... (Score:5, Insightful)
Tracking is not required to serve ads. I don't mind seeing billboards on the side of the road, but if the billboard is photographing my license plate and sending that to a central server, I have a problem with that.
Re:How it seems... (Score:5, Insightful)
No, we do NOT. We do NOT all like to be offered RELEVANT content. That is one of the insidious fallacies that ad peddlers (and Google is a prime offender) like to claim so they can justify their practices.
Ads are noise, whether they are relevant or not. Take your favourite kind of music, say your favourite songs from your favourite band. Do you want to hear those songs ALL THE TIME? While you're driving to work, while working, after work when watching TV, etc? Clearly NOT.
NEARLY ALL THE TIME, PEOPLE DON'T WANT ADVERTISING, RELEVANT OR NOT (caps to make it easy on the stupid Googlebot ;-)
The whole idea that we need to be aware of available choices and having choices is good is bullshit. What we need is to be able to control our environment, and if we want choices we'll ask our friends first, thanks very much.
Re: (Score:3)
My opinion is that the default option should always be choice, and will I always oppose having someone make the decision for me. And everyone else should learn that having a choice matters.
With a yes/no toggle, there is always a choice made for you in the beginning.
Either DNT is 'on', or it is 'off'.
As enough people have pointed out already DNT is doomed to fail anyway: As soon as people are starting to use it in great numbers, the advertisers are going to not follow it anymore.
Re: (Score:2)
I do see that without ads many websites would not be around or would be forced to hide behind a paywall...
Good riddance to 'em. This crap is clogging the tubes.They can serve up static ads on their own damn servers, instead of bouncing us back and forth amongst a boatload of ad servers.
Quit your shillin'. I have no obligation to let them infect my machine, or know anything about me if I don't want. Obviously this 'DNT' thing is worthless. I'll stop them the old fashion way by blocking their servers.
Re: (Score:3)
The attack vector argument is a very good one.
I've seen multiple instances of malware-laden ads being served by "mainstream" ad networks on multiple sub-1000 Alexa sites.
Some or another advertiser throws up some script (by design or not), and suddenly, you're getting pwned.
A roundabout way of saying that DNT is... (Score:5, Insightful)
...useless and silly.
Re: (Score:3, Informative)
Well, yes. Expecting ad agencies to honor DNT seems about as clever as firewalling based on the April fool's "evil bit". In both cases, the people doing something you don't want have to choose to honor your wish. Good luck with that.
Marketroids? (Score:3)
So let's see if I have this straight? The marketroids are saying that, by their default, I want to hear all the crap they are paid to push and unless I explictly say, "get lost', they'll continue to bug me until I collapse under the weight of junk product info?
Did Bill Hicks have a great point?
Re: (Score:2)
You have free speech (Score:2)
DNT fails, film at 11 (Score:2)
No surprise there. The only unknown was how the advertisers were going to rationalize that.
Two wrongs do not make a right (Score:5, Insightful)
With this patch, even if the user has explicitly chosen to set the DNT flag, the server will ignore it. They claim this patch has to be done because IE 10 ignores part of the spec:
"Key to that notion of expression is that it must reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control."
This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.
I do agree that the DNT setting should be a user choice, perhaps given when the user first installs the browser as well as having the option to change it at any time, but to me this is not the right response to having a default set - although I'm sure if the default setting was that tracking was allowed, the add people would for some reason not be complaining about having a default...
Re: (Score:3)
DNT is purely advisory. Advertisers who want to ignore it are going to configure their servers to do so. If it is too hard to do so with Apache they'll use somthing else.
Re:Two wrongs do not make a right (Score:5, Interesting)
Re: (Score:3)
Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice.
When that browser is bundled with the OS installed on 95% of all PCs, it's not a choice at all - it's indifference. Complete, total indifference.
So when is it a default setting, mr. Fielding? (Score:5, Interesting)
When using IE10 for the first time (per user) you get a screen where you can choose "express settings". The screen clearly spells out what that means, *including* what DNT will be set to. Arguably, the user *has* made a decision by selecting express settings. How does Roy Fieldings patch determine how much of that text the user read before continuing?
And how does the patch determine when a user *explicitly* sets the DNT.
Yes, Microsoft probably does this because it will annoy Google and hurt them more than it will hurt Bing. But at the same time it does help protect users' privacy. What a joke if Apache accepts this patch. What a sell-out. Disgusting.
How is this any different... (Score:2)
How is this any different from Google circumventing the default privacy settings in Apple's Safari?
Google was sued here. Since Apache isn't a company, is this the way for the likes of Google and others to get their bidding done?
Do not track (Score:2)
Should be standard procedure, and we shouldn't need some new protocol to argue over.
Its invasive, and wrong. Period.
Re: (Score:2)
I see you *totally* missed my point.
Let me make it even simpler, so that perhaps you can understand: Even the act of asking for permission is wrong. Even the act of wanting to ask for permission is wrong.
What if MS... (Score:2)
I would laugh so much if MS include an ad block in IE and turn it on by default.
Legally, DNT *IS* the default (Score:2, Insightful)
In case it has faded from people's memory, PRIVACY IS A FUNDAMENTAL HUMAN RIGHT [youthforhumanrights.org] - enshrined in laws across the planet.
That wasn't some arbitrary, weird, one-man-and-his-hobby-horse decision, this was the result of a serious amount of very costly and capable people sitting together and hammering out basic principles. A bit like the US Constitution that US politicians appear so keen to ignore.
So, from that principle, not wanting to be tracked IS the legally correct default, DNT should have never been needed
Re: (Score:2)
Re: (Score:3)
DNT not ON by default (Score:5, Informative)
Article is misleading. DNT is enabled if you setup Windows 8 with express settings, at which point it actively states DNT will be set 'on'. Until that point there is no configured values. This is Apache caving into advertiser pressure, pure & simple IMO.
DNT is failing by design. (Score:2)
If you do not want to be tracked, DO NOT SEND REQUESTS. ... did anyone *really* expect that to work?
But sending requests with a "please handle this one but dont use it to track me or put it in logfiles" comment
How much tracking is done via log file analysis alone?
Not Logging requests that the user specifies makes it a standard for script kiddies only.
If it was intended for just not putting a cookie... well fail?
Thats what browser settings are for and what could have been done with more aggressive browser se
Nobody's attacking privacy... (Score:5, Insightful)
This is not an attack on privacy. This is the only valid option.
If you look at the details of the Do Not Track Header [wikipedia.org], you'll see that there's not much to it. It's an optional HTTP header that represents the user's request not to be tracked. There is no mechanism to actually enforce this choice; any party can easily just ignore the header and track you regardless. The entire purpose of the header is to express a user's intent, and, therefore, the entire value of the header is derived from that intent.
It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies, and I may be able to drive in the carpool lane. Imagine, now, that everyone always puts that sign in their car by default because they want the additional driving space and courtesies. The value of my sign is significantly diluted; not only does standard driving operation make it impossible to honor those requests, but my own actual situation gets lost in the noise. Drivers will surely ignore the little yellow sign altogether, and it becomes worthless.
Unless "Do Not Track" is actually an explicit expression of a user's conscious intent, it will face the same hypothetical fate and become yet another ignored standard. Its only value is derived from its explicit intent, and Apache and Fielding are taking steps to ensure that the value is not compromised.
Re:Nobody's attacking privacy... (Score:5, Funny)
Wait, people buy those because they actually believe it will make other drivers more courteous???
Heh... Personally, I take it as a warning - "This car will go way too slow and has a frequently-distracted driver. Please pass me ASAP, and treat me as you would a potential drunk driver".
Re: (Score:3)
It's like the "Baby on Board" car signs
No, it isn't. That sign communicates a statement with a measurable truth value - either there is or there isn't actually a baby in the car, so you are either saying the truth or you are lying.
The DNT flag expresses a preference. The only person to judge its truth value is you. Basically, the car analogy equivalent would be a sticker saying "please don't drive too close".
Now continue your thought experiment regarding what would happen if everyone put that sticker on their car.
W3C (Score:2)
Isn't this precisely the sort of argument W3C is for?
Re: (Score:3)
W3C is against DNT being on by default.
Maybe using ie10 was my choice? (Score:3)
No thank you, now FOAD please? (Score:5, Insightful)
Dear Digital Advertising Alliance - No one* wants you to track them. MSIE enabling DNT by default means nothing more radical than defaulting US releases of Windows to use English.
Since you have decided you know better than we do, I will therefore block all ads and tracking technologies until you make them "opt-in" only.
And then I will opt out.
* Morons who consider Facebook as somehow "better" than the worst of you marketing parasites aside.
And if the user really doesn't want to be tracked? (Score:3)
Fielding thinks his options should be "use another browser." Well fuck you Mr. Fielding. Thanks for coming up with a standard that you are going to cheerfully ignore while giving users the false impression that you are going to honor their wishes.
Do we need and involuntary standard to get advertisers to behave? Because that's where this sort of shit may be leading.
Or do you want a war with Microsoft? Maybe they'll patch IE to identify and disable Apache servers by default, or send them spoofed and anonymized information by default.
If you want to play like that... (Score:3)
But to Apache: "we do not support breaking open standards" hold no water what so ever when your way to express your love for standards is to patch your product such that it can completely ignore a generally accepted standard by default. That to my mind is a text-book example of hypocrisy.
And to the ad servers saying "if X then we'll just ignore DNT" I say fine: if you won't honour DNT I feel no guilt at all in completely blocking all your content. Thanks for playing. I only block ad networks that get on my nerves (auto playing sounds, overly irritating animations, malware riddled shite, and so forth), but this is on my list of things that get on my nerves.
For what it is worth I don't think DNT will make any difference at all, as it relies on everyone to play ball server-side and I barely trust anyone with a commercial or other interest in tracking people to play ball in anything other than hollow words, but that is no reason to not be irritated when you hear people say "we know and understand your preferences, but fuck you".
Re: (Score:2)
DNT in some ways was the last resort for ad companies. In the near future all browsersmnow come with adblock. It would be interesting, in the current Apple-Google war, if Apple made Safari block all adds by default. I for one would welcome the web without all the visual pollution.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2, Interesting)
Microsoft are setting DNT on Windows 8 (and by extension their phones and tablets) so that competing advertising services like Google et al are shut out of their ecosystem. I bet whatever terms and conditions pop up when a Windows 8 starts for the first time, or via those Bing apps means that the DNT setting don't apply to Microsoft itself.
Actually, it seems IE10-team has a pretty independent focus on user experience. On my Windows 8 test machine it has proactively several times recommended to remove addins from Microsoft to speed up performance (from Bing, from Windows Live, from Office!). I'm guessing those other MS divisions must be livid. I know we've loved to make fun of IE for quite some time, but it is a good thing that IE10 is shaping up quite nicely (we don't want to replace "made for IE6" with "made for webkit", and you can see what
Re: (Score:3, Insightful)
No, it's very useful. Microsoft Windows is basically a monopoly on the PC desktop now. Microsoft is ALSO an ad company. They have Bing set as default and built into the OS, they dont need that specific kind of tracking to make their money. By setting the flag they kneecap the other agencies for oppressing the users... And get to play "white knight" about it in the press.
This is about Microsoft using the standard to kick other ads out, I'm sure they have exceptions when the ad servers are contacted by the OS
Re: (Score:3)
There are a few reason why some people object though, including but not limited to: