Please create an account to participate in the Slashdot moderation system


Forgot your password?
Internet Explorer Microsoft Privacy The Internet Apache

Apache Patch To Override IE 10's Do Not Track Setting 375

Posted by timothy
from the routing-around-it dept.
hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"
This discussion has been archived. No new comments can be posted.

Apache Patch To Override IE 10's Do Not Track Setting

Comments Filter:
  • by Stormthirst (66538) on Saturday September 08, 2012 @07:33AM (#41272519)

    Ad-block FTW

  • by mister_playboy (1474163) on Saturday September 08, 2012 @07:39AM (#41272547)

    There was content on the web before there were ads, dipshit.

    Anyone who thinks we can't have one without the other is wrong, because that state has already happened.

  • by John Hasler (414242) on Saturday September 08, 2012 @07:40AM (#41272555) Homepage

    ...useless and silly.

  • by Anonymous Coward on Saturday September 08, 2012 @07:42AM (#41272569)
    Privoxy is more convenient
  • Re:How it seems... (Score:4, Insightful)

    by Stormthirst (66538) on Saturday September 08, 2012 @07:46AM (#41272599)

    At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?

    So all adverts then.

    I have ad-blocking on by default. There are only a couple of sites where I specifically allow them to be shown, because as you point out some sites can't exist without them. I don't like adverts, and I go out of my way to avoid buying anything that is "advertised". If I want something, I'll go looking for it, research it, and the buy it.

    I don't take calls from cold callers either - I think they are as distracting, irritating and privacy invading as adverts on websites.

  • by Anonymous Coward on Saturday September 08, 2012 @07:49AM (#41272611)

    Yes, they fund most of the content on the internet, dipshit.

    This is a strawman. You can have ads and ad revenue without excessive user tracking.

  • Re:How it seems... (Score:5, Insightful)

    by Motard (1553251) on Saturday September 08, 2012 @07:50AM (#41272621)

    Tracking is not required to serve ads. I don't mind seeing billboards on the side of the road, but if the billboard is photographing my license plate and sending that to a central server, I have a problem with that.

  • by another random user (2645241) on Saturday September 08, 2012 @07:50AM (#41272627) Homepage
    Ignoring the issue around if IE10 should set the DNT flag by default or not, this patch only makes the situation worse.

    With this patch, even if the user has explicitly chosen to set the DNT flag, the server will ignore it. They claim this patch has to be done because IE 10 ignores part of the spec:

    "Key to that notion of expression is that it must reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control."

    This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.

    I do agree that the DNT setting should be a user choice, perhaps given when the user first installs the browser as well as having the option to change it at any time, but to me this is not the right response to having a default set - although I'm sure if the default setting was that tracking was allowed, the add people would for some reason not be complaining about having a default...

  • by silas_moeckel (234313) <> on Saturday September 08, 2012 @08:02AM (#41272693) Homepage

    Why yes it was there was content, not people telling each other what they had for dinner and when they had a BM. When you searched for information about a piece of hardware you got the manual and other useful information not the marking drivel. The noise ratio of the internet has gone up dramatically as it's become more and more commercial.

  • by Celarent Darii (1561999) on Saturday September 08, 2012 @08:03AM (#41272703)
    You think ad networks will be the one who honor DNT? The very same people who profit by tracking?

    Frankly I think the whole thing would be better if adblock was just installed by default in every browser.

    Ads are nothing less than visual pollution. Tracking is also one of the reasons that we have cookies and all the other security problems with the web. HTTP was meant to be a stateless protocol and should remain so.
  • by Anonymous Coward on Saturday September 08, 2012 @08:09AM (#41272757)

    In case it has faded from people's memory, PRIVACY IS A FUNDAMENTAL HUMAN RIGHT [] - enshrined in laws across the planet.

    That wasn't some arbitrary, weird, one-man-and-his-hobby-horse decision, this was the result of a serious amount of very costly and capable people sitting together and hammering out basic principles. A bit like the US Constitution that US politicians appear so keen to ignore.

    So, from that principle, not wanting to be tracked IS the legally correct default, DNT should have never been needed, only a "DT" ("Do track, because I don't care about my rights"). If Mr Roy Fielding is writing a patch to override what should have been a default to start with (the jammering and global breaking of this principle by marketing people across the globe does not define breaking the law as rule), then Mr Roy Fielding is effectively on his way to break the law in practically any part of Europe.

    DNT is an excuse to casually ignore the fact that fundamental principles were already broken by companies raking it in on the back of breaking fundamental principles (yes, Google and Facebook, I'm looking at you).

    Let me put it this way - if this patch goes live anywhere in Europe, a complaint to the relevant government department in charge of Data Protection WILL be made. No ifs, no buts, no maybes.

    It's time we start working on people's rights - because with such idiocy and cow-towing to money nobody is going to do it for you.

  • by oldlurker (2502506) on Saturday September 08, 2012 @08:11AM (#41272787)

    We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default. It's that simple.

    The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

  • by Karzz1 (306015) on Saturday September 08, 2012 @08:37AM (#41272931) Homepage
    Choosing to ignore a standard is not what they should be doing either.

    To be honest this is kind of a ridiculous standard anyway. The way I read it, it seems to me the sites I would least want to track me are the exact sites that are most likely to ignore DNT completely. This standard reminds me of the Evil Bit RFC. []
  • by johanw (1001493) on Saturday September 08, 2012 @08:50AM (#41273009)
    What makes you think they don't ignore it anyway? That is why I don't care that much about DNT and use AdBlock Plus and Ghostery. The later also blocking those ugly Javascripts.
  • Re:How it seems... (Score:5, Insightful)

    by martin-boundary (547041) on Saturday September 08, 2012 @08:53AM (#41273039)

    Tracking can be beneficial for both the advertiser and the user - we all like to be offered relevant content, and the advertiser likes to offer it to people who he thinks will be interested.

    No, we do NOT. We do NOT all like to be offered RELEVANT content. That is one of the insidious fallacies that ad peddlers (and Google is a prime offender) like to claim so they can justify their practices.

    Ads are noise, whether they are relevant or not. Take your favourite kind of music, say your favourite songs from your favourite band. Do you want to hear those songs ALL THE TIME? While you're driving to work, while working, after work when watching TV, etc? Clearly NOT.

    NEARLY ALL THE TIME, PEOPLE DON'T WANT ADVERTISING, RELEVANT OR NOT (caps to make it easy on the stupid Googlebot ;-)

    The whole idea that we need to be aware of available choices and having choices is good is bullshit. What we need is to be able to control our environment, and if we want choices we'll ask our friends first, thanks very much.

  • by moronoxyd (1000371) on Saturday September 08, 2012 @09:00AM (#41273101)

    Tracking should be something users should have to opt in to, not out of.

  • by Jahava (946858) on Saturday September 08, 2012 @09:18AM (#41273193)

    This is not an attack on privacy. This is the only valid option.

    If you look at the details of the Do Not Track Header [], you'll see that there's not much to it. It's an optional HTTP header that represents the user's request not to be tracked. There is no mechanism to actually enforce this choice; any party can easily just ignore the header and track you regardless. The entire purpose of the header is to express a user's intent, and, therefore, the entire value of the header is derived from that intent.

    It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies, and I may be able to drive in the carpool lane. Imagine, now, that everyone always puts that sign in their car by default because they want the additional driving space and courtesies. The value of my sign is significantly diluted; not only does standard driving operation make it impossible to honor those requests, but my own actual situation gets lost in the noise. Drivers will surely ignore the little yellow sign altogether, and it becomes worthless.

    Unless "Do Not Track" is actually an explicit expression of a user's conscious intent, it will face the same hypothetical fate and become yet another ignored standard. Its only value is derived from its explicit intent, and Apache and Fielding are taking steps to ensure that the value is not compromised.

  • by Mabhatter (126906) on Saturday September 08, 2012 @09:19AM (#41273199)

    No, it's very useful. Microsoft Windows is basically a monopoly on the PC desktop now. Microsoft is ALSO an ad company. They have Bing set as default and built into the OS, they dont need that specific kind of tracking to make their money. By setting the flag they kneecap the other agencies for oppressing the users... And get to play "white knight" about it in the press.

    This is about Microsoft using the standard to kick other ads out, I'm sure they have exceptions when the ad servers are contacted by the OS itself. Not to mention Microsoft is moving to their "fully owned " platforms. Who can turn off XBox ads, Windows Mobile Ads, Windows Surface Ads?

  • by Opportunist (166417) on Saturday September 08, 2012 @09:24AM (#41273231)

    Indeed it was. I searched for information and I got information. Today it's more of a hassle to get information than it was in the 90s.

    Let's say you're looking for some kind of code. You want to know how to do something elegantly, sensibly, or just at all. In the 90s, this meant typing in your search string and unless you were looking for something completely outlandish, altavista usually offered you some university page where that problem was discussed by some students.

    Today, you type your search string and then the game starts. First, you scroll down the "sponsored links" that usually have little to do with your problem. Then you weed out the pages that want you to cough up some dough to actually show you the solution. The advanced searcher already has a "default" search template consisting of a lot of "-$page -$page -$page..." entries to tack onto the search string so those pages don't show up in the result. Usually that template takes up way more room in your search than what you're looking for.

    Then you eventually find a page that looks like it might solve your problem. You click it, endure a lengthy flash ad you cannot skip, only to find out you fell for yet another page that either wants your money or doesn't offer any solution but just lures you to generate clicks, and you have another entry for your default search string.

    Rinse, repeat until you eventually find a university board where your problem is being discussed...

  • by pla (258480) on Saturday September 08, 2012 @09:42AM (#41273339) Journal
    The alliance has revealed that it will only honor DNT if and only if it is not switched on by default.

    Dear Digital Advertising Alliance - No one* wants you to track them. MSIE enabling DNT by default means nothing more radical than defaulting US releases of Windows to use English.

    Since you have decided you know better than we do, I will therefore block all ads and tracking technologies until you make them "opt-in" only.

    And then I will opt out.

    * Morons who consider Facebook as somehow "better" than the worst of you marketing parasites aside.
  • by Celarent Darii (1561999) on Saturday September 08, 2012 @09:49AM (#41273381)
    An optional flag that has no enforcement mechanism is just asking for government intervention. In any case I don't think DNT will survive, and something else will come in to make ad companies rethink their strategy.

    Do you remember the debate about blocking pop-up windows? Very similar complaints from advertisers who said they were 'financing the development of the web' (what a bunch of bullshit, they are just profiting from it). Yet every browser blocks them by default now. I await the day when (tracking) ads will be blocked by default by most major browsers. It's time to take the web back. HTTP is meant to be a stateless protocol.
  • by mounthood (993037) on Saturday September 08, 2012 @10:02AM (#41273451)

    The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

    Yes, and we saw the same reaction with the AdBlock Plus detection/counter-measures hoopla. Advertisers can tolerate a small percentage of blocking, but it can't become to popular. []

    DNT is just an Evil-Bit with better marketing, so I'm not sure what concessions the advertisers can make to continue the pretense that DNT is an effective option.

  • by sjames (1099) on Saturday September 08, 2012 @10:20AM (#41273553) Homepage

    I guess hell is freezing over now because I am forced to side with Microsoft on this one. I can't think of anyone who actually wants to be tracked like a bear with a radio collar. The express install has DNT as a default setting because most people really don't want to be tracked. For the few that do, they can choose custom settings and not choose DNT.

    I will be ripping that patch OUT of any Apache I install. If it were a physical thing, I would then piss on it and burn it. It is deeply disrespectful to the end user. All it does is lend credence to the idea that the whole DNT thing was a big fat LIE by the ad networks (liars for hire).

  • by Mashiki (184564) <mashiki@[ ] ['gma' in gap]> on Saturday September 08, 2012 @10:38AM (#41273643) Homepage

    Ad-block FTW

    Pretty much, along with cookie blockers. Anyone who doesn't use one on the internet these days is either mad or insane. Perhaps both. I don't care that site users are whining and crying that they're losing revenue, it's stuff like what was mentioned in the article itself(too long to repeat) that ensure that I'm going to keep using them. Plus the long list of abusive ads themselves that like to run with their volume at 11, or inject malware.

    I'd be happy with ads, no really. If companies weren't being so stinking abusive over it. I'd call the entire thing an abusive relationship, you even get companies promising "we don't do this, don't worry we've changed." And next time, they're right back to doing it. Sounds familiar doesn't it?

  • by Anonymous Coward on Saturday September 08, 2012 @10:54AM (#41273741)

    Don't allow newly created user accounts to be modded higher than +2 for the first 7 days or say after 20 posts. Maybe put a reminder next to the username that the user is a new user so others will know in casual browsing. There are some downsides to these concepts but it would weed out a lot of deception and shilling as well and people constantly creating new accounts to hide an agenda.

  • by westlake (615356) on Saturday September 08, 2012 @12:42PM (#41274561)

    Yes, all improvements to the web are thanks to the ad companies, it has nothing to do with technological progress.

    Technological progress costs money.

    You have to give people a reason to buy the hardware and services it requires.

    Broadcast radio began as little more than a high tech hobby. With programming like Amos and Andy and The Grand Old Opry, broadcast radio became a national obsession.

  • by recoiledsnake (879048) on Saturday September 08, 2012 @03:23PM (#41275581)

    Why is Apache doing this? Shouldn't it be up to the webmaster and developers whether to ignore IE10's DNT or not?

    Why is Apache doing user agent sniffing(a no no usually for even web apps) and overriding web applications by default? The patch doesn't even give a choice to the webmaster to configure Apache to disable this action. So it's being forced on Apache users because of the ego of the DNT spec writer? Lets say IIS turns on DNT for all browsers, how will Mr. Fielding feel then? Apache is being used as a pawn in this power game and this move will help no one. Let the advertisers ignore DNT from IE10 if they want to, why block DNT flag on at the web server level?

  • by HermMunster (972336) on Saturday September 08, 2012 @05:19PM (#41276343)

    This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.

    And who the hell cares about the digital advertising alliance. They don't dictate anything having to do with advertising on my computers.

    What the hell is going on here? These people seem to be violating every tenant of privacy. This makes Apache an outlaw. It's ridiculous to say the least. They say they don't tolerate...., well we should never tolerate their interference.

    If you guys are supporting Apache because they are Apache you need to stop and reexamine your position. I don't use IE but all browser makers should be pampering the users not the advertising industry, and the web server manufacturer should never pamper advertisers.

Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins