Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Internet Explorer Microsoft Privacy The Internet Apache

Apache Patch To Override IE 10's Do Not Track Setting 375

hypnosec writes "A new patch for Apache by Roy Fielding, one of the authors of the Do Not Track (DNT) standard, is set to override the DNT option if the browser reaching the server is Internet Explorer 10. Microsoft has by default enabled DNT in Internet Explorer 10 stating that it is to 'better protect user privacy.' This hasn't gone down well with ad networks, users and other browser makers. According to Mozilla, the DNT feature shouldn't be either in an active state or an inactive state until and unless a user specifically sets it. Along the same lines is the stance adopted by Digital Advertising Alliance. The alliance has revealed that it will only honor DNT if and only if it is not switched on by default. This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up. The DNT project has another member – Apache. It turns out that Microsoft's stance is like a thorn to Apache as well. Fielding has written a patch for the web server titled 'Apache does not tolerate deliberate abuse of open standards.' The patch immediately sparked a debate, which instigated Fielding to elaborate on his work: 'The only reason DNT exists is to express a non-default option. That's all it does. [...] It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.'"
This discussion has been archived. No new comments can be posted.

Apache Patch To Override IE 10's Do Not Track Setting

Comments Filter:
  • It's obvious that its scumbag advertisers and Google (maybe I'm repeating myself here) behind this. They want a way to track every user and all their behaviors. They want things like these to either not exist or be disabled by default. They live for all the user data they can gather. This also means they are available for law enforcement and any other party with interest to gather that data, now and in the future.

    It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. Aft
    • by Stormthirst ( 66538 ) on Saturday September 08, 2012 @07:33AM (#41272519)

      Ad-block FTW

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Privoxy is more convenient
        • by recoiledsnake ( 879048 ) on Saturday September 08, 2012 @03:23PM (#41275581)

          Why is Apache doing this? Shouldn't it be up to the webmaster and developers whether to ignore IE10's DNT or not?

          Why is Apache doing user agent sniffing(a no no usually for even web apps) and overriding web applications by default? The patch doesn't even give a choice to the webmaster to configure Apache to disable this action. So it's being forced on Apache users because of the ego of the DNT spec writer? Lets say IIS turns on DNT for all browsers, how will Mr. Fielding feel then? Apache is being used as a pawn in this power game and this move will help no one. Let the advertisers ignore DNT from IE10 if they want to, why block DNT flag on at the web server level?

          • by HermMunster ( 972336 ) on Saturday September 08, 2012 @05:19PM (#41276343)

            This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.

            And who the hell cares about the digital advertising alliance. They don't dictate anything having to do with advertising on my computers.

            What the hell is going on here? These people seem to be violating every tenant of privacy. This makes Apache an outlaw. It's ridiculous to say the least. They say they don't tolerate...., well we should never tolerate their interference.

            If you guys are supporting Apache because they are Apache you need to stop and reexamine your position. I don't use IE but all browser makers should be pampering the users not the advertising industry, and the web server manufacturer should never pamper advertisers.

            • by Simon Brooke ( 45012 ) <stillyet@googlemail.com> on Sunday September 09, 2012 @04:16AM (#41278701) Homepage Journal

              This is not Apache's territory. they should not be doing anything to affect my browsing session. Nothing at all. Period.

              Apache isn't doing this. One person has posted a patch. It has not, as I understand it, yet been accepted by the Apache Foundation. Even if it were, Apache HTTPD is by design a highly configurable web server which has modules to do all sorts of things, but on any typical web server only a few of those modules will be enabled. This particular patch - even if it were accepted as part of the distribution - only works if both the 'setenvif' and 'headers' modules are enabled, which, on my servers, is not the case. Furthermore, the 'patch' is five lines in a configuration file; if you don't like 'em, comment them out.

              Slow news day, storm in a teacup, nothing to see here, move along.

      • by Mashiki ( 184564 ) <mashiki@gmail.cBALDWINom minus author> on Saturday September 08, 2012 @10:38AM (#41273643) Homepage

        Ad-block FTW

        Pretty much, along with cookie blockers. Anyone who doesn't use one on the internet these days is either mad or insane. Perhaps both. I don't care that site users are whining and crying that they're losing revenue, it's stuff like what was mentioned in the article itself(too long to repeat) that ensure that I'm going to keep using them. Plus the long list of abusive ads themselves that like to run with their volume at 11, or inject malware.

        I'd be happy with ads, no really. If companies weren't being so stinking abusive over it. I'd call the entire thing an abusive relationship, you even get companies promising "we don't do this, don't worry we've changed." And next time, they're right back to doing it. Sounds familiar doesn't it?

        • Not just that. Many people don't know that you can get easily infected by a rogue advertisement even being displayed. That alone keeps me using Adblock, even if all of the other factors people name didn't exist.

    • Re: (Score:3, Funny)

      by rotorbudd ( 1242864 )

      Just wait till they start hiding under your bed with chainsaws.

      • Just wait till they start hiding under your bed with chainsaws.

        Nah, they come in through the skylight [xkcd.com] or on stage at Yale [xkcd.com]. It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks. Rumor has it RMS also hid a special macro in Emacs which turns your pinky finger into a deadly weapon.

        • It's common knowledge that under the bed is where Stallman keeps his katana and Linus keeps his nunchucks.

          The same bed? :O

    • by nzac ( 1822298 )

      It's in the interest of all its user-base to minimize the number of DNT browsers. Ads fund websites and targeted advertising brings in more revenue for the sites (i would think).

      Choosing to ignore a standard is not what they should be doing either.

    • by heypete ( 60671 ) <pete@heypete.com> on Saturday September 08, 2012 @07:58AM (#41272677) Homepage

      It's already starting to bother me. I'm seeing these advertisements here on Slashdot too. After I've searched for something on Google, the related advertisements start to come up EVERYWHERE on the internet. Seriously, they come after you. If you search for specific flights you start to see ads for that everyone. It'll haunt you and there's nothing you can do.

      Not true: you can change your Google Ad Preferences [google.com] or opt-out.

      Similarly, you can use the NAI's opt-out page [networkadvertising.org] to opt-out of Google and other ad network tracking.

      There's plenty of browser plugins that work to block ads entirely (such as AdBlock) and ones that ensure that the "opt-out" cookies stay in existence even if you clear your other cookies.

      All the other browsers than Safari and IE are in bed with advertisers because both Firefox and Opera get revenue directly from Google.

      The default search box in those browsers comes configured to use Google, yes. They do get income from ad revenue stemming from searches from the box. You're not forced to use that search box, nor are you forced to use the default settings -- you can add other search providers (like DuckDuckGo, ixquick, etc.) -- Firefox, for one, doesn't have ad agreements with anyone other than Google.

      So for the love of god Apache Project, stop taking bribes from Google and doing evil things like this!

      Is there evidence that the Apache project is "taking bribes from Google"?

      My understanding from the article is that an individual contributed a patch to the the Apache httpd.conf source code and does not reflect the official viewpoint of the Apache Foundation, nor that the patch has been approved for inclusion. Naturally, I welcome any corrections.

      • by bmo ( 77928 ) on Saturday September 08, 2012 @08:23AM (#41272849)

        Just a FYI.

        I went to NAI's opt out page and tried it. I have Adblock-plus. To get all of them, you have to turn off Adblock-Plus, hit the "all of them" button, and then re-enable. Otherwise, you only get 50-some-odd out of 95.

        --
        BMO

      • by heypete ( 60671 )

        Also FYI, I typoed the URL for Google's ad preferences. Here is the correct URL: http://www.google.com/ads/preferences/ [google.com] -- I left off the "s" at the end of "preferences". Mea culpa.

      • by Karzz1 ( 306015 ) on Saturday September 08, 2012 @08:48AM (#41272997) Homepage
        While I agree with your sentiment I have seen where this patch is referred to as a patch against "source code";in your post and even (from the article page comments) "core source code" and I disagree with that. This is a *configuration file* patch. I don't know of anyone other than a home user trying Apache for the first time who uses the default configuration file; not to mention this patch is not even approved by or included with Apache (yet).

        This may be an argument in semantics but it seems to me a true source code patch (ie. one in which once the server is compiled no configuration option will allow a setting one way or the other) is much more worrisome than a simple configuration change.

        From what I am reading, unless/until this patch is included with Apache by default, this is really a non-issue. Someone who wants to ignore DNT can do it. Someone who wants to honor it can do so as well. This choice is left up to the company that is using the software (and believe me, even if DNT was hard-coded into the source code, sites that don't want to honor it would simply patch Apache internally). As I mentioned elsewhere in this thread, DNT reminds me of the "Evil Bit" RFC.
      • by __aaqvdr516 ( 975138 ) on Saturday September 08, 2012 @09:33AM (#41273285)

        Google and every other advertiser know that, when given the choice to opt in on something, you likely won't. I could type a wall of text, but if you have a few minutes you could watch this TED talk about opt-in vs opt-out.

        To sum up: you are not really in control of your decisions

        http://www.ted.com/talks/dan_ariely_asks_are_we_in_control_of_our_own_decisions.html [ted.com]

    • by Bengie ( 1121981 )
      The DAA is MUCH larger than just Google. http://www.aboutads.info/participating [aboutads.info]

      Including:
      Better Business Bureau
      Association of the United States Army
      AllState Insurance
      Forbes
      Microsoft (ironic)
    • by MrHanky ( 141717 ) on Saturday September 08, 2012 @10:12AM (#41273515) Homepage Journal

      Wow, +5 for a shill account with one paranoid delusional comment.

      1) It's not obvious that Google is behind this. Roy Fielding, the man responsible for it, works for Adobe.

      2) If Roy Fielding were a sock puppet for Google, and Google would prefer DNT not to exist at all, then he probably wouldn't have made DNT in the first place.

  • by betterunixthanunix ( 980855 ) on Saturday September 08, 2012 @07:30AM (#41272499)

    This hasn't gone down well with ad networks

    To quote Firefly: "Do we care? Is this something we are caring about?"

    • by Kidbro ( 80868 )

      We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default.
      It's that simple.

      • by Celarent Darii ( 1561999 ) on Saturday September 08, 2012 @08:03AM (#41272703)
        You think ad networks will be the one who honor DNT? The very same people who profit by tracking?

        Frankly I think the whole thing would be better if adblock was just installed by default in every browser.

        Ads are nothing less than visual pollution. Tracking is also one of the reasons that we have cookies and all the other security problems with the web. HTTP was meant to be a stateless protocol and should remain so.
        • by Splab ( 574204 )

          If it's something you opt into, then yes. It would be in their interest to avoid harsher requirements from governments, when questioned they would be able to just point at the optional flag and say there's no need for legislation. However when it's on by default it will hurt too much ...

          • by moronoxyd ( 1000371 ) on Saturday September 08, 2012 @09:00AM (#41273101)

            Tracking should be something users should have to opt in to, not out of.

          • by Celarent Darii ( 1561999 ) on Saturday September 08, 2012 @09:49AM (#41273381)
            An optional flag that has no enforcement mechanism is just asking for government intervention. In any case I don't think DNT will survive, and something else will come in to make ad companies rethink their strategy.

            Do you remember the debate about blocking pop-up windows? Very similar complaints from advertisers who said they were 'financing the development of the web' (what a bunch of bullshit, they are just profiting from it). Yet every browser blocks them by default now. I await the day when (tracking) ads will be blocked by default by most major browsers. It's time to take the web back. HTTP is meant to be a stateless protocol.
        • by Goaway ( 82658 )

          You think ad networks will be the one who honor DNT?

          Uh, yes, that is the entire point of DNT. It has no other use than as a flag for ad network to honor.

      • by oldlurker ( 2502506 ) on Saturday September 08, 2012 @08:11AM (#41272787)

        We care that they care. If they choose to ignore DNT due to Microsoft's actions (or rather, probably deliberate attempt to make the feature ignored) we do care. We prefer that the ad networks honor DNT, and they might, if it's not turned on by default. It's that simple.

        The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

        • by mounthood ( 993037 ) on Saturday September 08, 2012 @10:02AM (#41273451)

          The moment a number of users started to turn on DNT ad networks would find a reason to not honor it anyway. It seems DNT was a privacy standard built on the peculiar premise that it only works as long as it stays unknown to most users ('if few enough know about enabling DNT then maybe the ad networks will leave us that do alone').

          Yes, and we saw the same reaction with the AdBlock Plus detection/counter-measures hoopla. Advertisers can tolerate a small percentage of blocking, but it can't become to popular.

          http://en.wikipedia.org/wiki/Adblock_Plus#Advert_filtering_controversy_and_.22acceptable.22_ads [wikipedia.org]

          DNT is just an Evil-Bit with better marketing, so I'm not sure what concessions the advertisers can make to continue the pretense that DNT is an effective option.

      • This is just fucked up. It should always be assumed someone wants privacy unless explicitly stated. If ad networks believe otherwise then it is time for government to step in with laws that require them to respect a users privacy by default.
      • by sjames ( 1099 ) on Saturday September 08, 2012 @10:20AM (#41273553) Homepage Journal

        I guess hell is freezing over now because I am forced to side with Microsoft on this one. I can't think of anyone who actually wants to be tracked like a bear with a radio collar. The express install has DNT as a default setting because most people really don't want to be tracked. For the few that do, they can choose custom settings and not choose DNT.

        I will be ripping that patch OUT of any Apache I install. If it were a physical thing, I would then piss on it and burn it. It is deeply disrespectful to the end user. All it does is lend credence to the idea that the whole DNT thing was a big fat LIE by the ad networks (liars for hire).

    • I don't quite know if we care about them, but just speaking about customized ads: I've been finding them quite useful of late.

      For a long time I was using a dual Chromium/Chrome setup: No Javascript in the former and the majority of browsing in that, and only using Javascript on the latter when necessary for a specific site.

      I got a new, faster computer and installed Ubuntu anew on it using Chromium with Javascript on. So I got to experience the web with custom ads.

      I find it somewhat useful. For example I see

    • If do-not-track is just a factory default, and not a user choice, then the ad networks have no reason to honor it.

      If it hasn't gone down well with ad networks, it means they are being earnest about implementing this: those are the "okay" networks. They want not to track users who explicitly express "do not track", (but would like to track other users, the don't-cares). Microsoft is screwing that up by making the don't-care users look like don't-track-me users.

      "Bad" ad networks don't care about this issue, s

  • by Neil_Brown ( 1568845 ) on Saturday September 08, 2012 @07:32AM (#41272507) Homepage

    It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization

    By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.

    If active choice is not an option, a default in favour of not tracking seems a better position to me but, then again, I am not an ad network executive.

    • by Anonymous Coward on Saturday September 08, 2012 @08:10AM (#41272773)

      The point is, DNT only works, at present, on a voluntary basis. As you say, your stance (privacy by default) is not what any ad company will voluntarily choose -- but as long as only a few users opt-in, it can make sense to roll with it for good PR, and to keep the people who care about privacy placated so they don't agitate for privacy regulations the ad men would have to comply with.

      It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization

      Yeah, that is bull. The recipients don't care that it's set by a real human being, they care that it's set on a small enough fraction of UAs that the PR is worth more than the value of the data they forgo. The former (for now) satisfies the latter, but if enough people started setting it, it'd still be too many, and they'd start ignoring it.

      Now you may (as I do) consider the whole situation laughable, because it by design secures privacy for a few by throwing the masses to the wolves, but that's the system we have, and IE's default breaks the conditions under which that system can continue to exist. There's only three ways it can play out (so long as it's the same voluntary cooperation):

      (A) ad networks see IE's market share as "too much", disregard DNT altogether.
      (B) ad networks see IE's market share as acceptable losses and continue to respect DNT across the board; Firefox etc. eventually copy IE's default; ad networks then disregard DNT altogether.
      (C) ad networks see IE's market share as "too much", disregard DNT only on IE, nobody copies IE -- at the very least the system continues to work for people who care enough to set DNT on non-IE UAs, and there's the possibility IE switches back to opt-in DNT, after which the ad networks will restore the status quo.

      A and B are total losses (of the voluntary scheme; the aftermath may or may not result in new privacy regulations); C maintains the status quo for many users, and has the possibility to return to status quo across the board.

      By being set, it protects my privacy as long as "recipients" abide by it without question — it only becomes an issue when "recipients" qualify when they will abide by it.

      Oh, come off it. It protects your privacy when those qualifications don't affect you. So don't run IE, and it still protects your privacy. Now if you meant "it protects everyone's privacy as long as "recipients" abide by it without question" , then yes. But since we all know the DNT system is designed to operate by throwing ignorant or apathetic individuals to the wolves, protesting that it doesn't protect everyone's privacy is kinda disingenuous.

  • How it seems... (Score:5, Interesting)

    by p0p0 ( 1841106 ) on Saturday September 08, 2012 @07:32AM (#41272509)
    How it seems to me, in a simplified way, is that advertisers feel they have the right to serve you ads. Off the bat, I disagree with this notion, however I do see that without ads many websites would not be around or would be forced to hide behind a paywall.
    At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?

    Overall, I see where they are coming from but at the same time all I hear is a bunch of self-entitled whiners. Is there any good reason to instantly get tracked as soon as you visit your first website, or should you be allowed to later reveal yourself to the world if you so desire the features this advertises and data miners claim to provide? The most obvious being targeted ads and more relevant searches when using Google.
    • Re:How it seems... (Score:4, Insightful)

      by Stormthirst ( 66538 ) on Saturday September 08, 2012 @07:46AM (#41272599)

      At the same time, what guarantee do advertisers give users that their ads are not a potential attack vector, or what standard do they follow that their ads are not intrusive and degrade the performance of a users machine or overly distract and irritate the users? How invasive do their ads and data collection get to be?

      So all adverts then.

      I have ad-blocking on by default. There are only a couple of sites where I specifically allow them to be shown, because as you point out some sites can't exist without them. I don't like adverts, and I go out of my way to avoid buying anything that is "advertised". If I want something, I'll go looking for it, research it, and the buy it.

      I don't take calls from cold callers either - I think they are as distracting, irritating and privacy invading as adverts on websites.

    • Re:How it seems... (Score:5, Insightful)

      by Motard ( 1553251 ) on Saturday September 08, 2012 @07:50AM (#41272621)

      Tracking is not required to serve ads. I don't mind seeing billboards on the side of the road, but if the billboard is photographing my license plate and sending that to a central server, I have a problem with that.

    • I do see that without ads many websites would not be around or would be forced to hide behind a paywall...

      Good riddance to 'em. This crap is clogging the tubes.They can serve up static ads on their own damn servers, instead of bouncing us back and forth amongst a boatload of ad servers.

      Quit your shillin'. I have no obligation to let them infect my machine, or know anything about me if I don't want. Obviously this 'DNT' thing is worthless. I'll stop them the old fashion way by blocking their servers.

    • The attack vector argument is a very good one.

      I've seen multiple instances of malware-laden ads being served by "mainstream" ad networks on multiple sub-1000 Alexa sites.

      Some or another advertiser throws up some script (by design or not), and suddenly, you're getting pwned.

  • by John Hasler ( 414242 ) on Saturday September 08, 2012 @07:40AM (#41272555) Homepage

    ...useless and silly.

    • Re: (Score:3, Informative)

      by Moxon ( 139555 )

      Well, yes. Expecting ad agencies to honor DNT seems about as clever as firewalling based on the April fool's "evil bit". In both cases, the people doing something you don't want have to choose to honor your wish. Good luck with that.

  • by 19061969 ( 939279 ) on Saturday September 08, 2012 @07:41AM (#41272557)

    So let's see if I have this straight? The marketroids are saying that, by their default, I want to hear all the crap they are paid to push and unless I explictly say, "get lost', they'll continue to bug me until I collapse under the weight of junk product info?

    Did Bill Hicks have a great point?

    • The ad companies know that some people don't like being tracked, and that these people tend to block all their ads. They realized that by offering not to track these users they might not block the ads. Thus, they chose to honor (and created) Do Not Track. They hope the decreased tracking revenue is offset by the increased number of viewers. By setting DNT on by default IE ruins this plan, and they go back to the way things were before DNT: track everything, get blocked by those who care.
  • But if you say another word we will take it away...
  • This means advertisers will be ignoring the DNT altogether no matter how a particular browser is set up.

    No surprise there. The only unknown was how the advertisers were going to rationalize that.

  • by another random user ( 2645241 ) on Saturday September 08, 2012 @07:50AM (#41272627) Homepage
    Ignoring the issue around if IE10 should set the DNT flag by default or not, this patch only makes the situation worse.

    With this patch, even if the user has explicitly chosen to set the DNT flag, the server will ignore it. They claim this patch has to be done because IE 10 ignores part of the spec:

    "Key to that notion of expression is that it must reflect the user's preference, not the preference of some institutional or network-imposed mechanism outside the user's control."

    This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.

    I do agree that the DNT setting should be a user choice, perhaps given when the user first installs the browser as well as having the option to change it at any time, but to me this is not the right response to having a default set - although I'm sure if the default setting was that tracking was allowed, the add people would for some reason not be complaining about having a default...

    • This patch however also ignores this same element of the spec, in that no matter what the user may or may not of done, there will be a "mechanism outside the user's control" (the Apache server) which decides on what they want the preference to be.

      DNT is purely advisory. Advertisers who want to ignore it are going to configure their servers to do so. If it is too hard to do so with Apache they'll use somthing else.

    • by Likes Microsoft ( 662147 ) on Saturday September 08, 2012 @08:23AM (#41272851) Homepage
      Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice. They are also free to request the user to turn DNT off before they serve up key features. They apparently *really* don't like the idea of having to explicitly ask, "can I follow you wherever you go after this"?
      • by makomk ( 752139 )

        Advertisers and sites that depend on them don't want to admit that choosing to use a certain browser and allowing itts default settings *is* a choice.

        When that browser is bundled with the OS installed on 95% of all PCs, it's not a choice at all - it's indifference. Complete, total indifference.

  • by benjymouse ( 756774 ) on Saturday September 08, 2012 @08:05AM (#41272723)

    When using IE10 for the first time (per user) you get a screen where you can choose "express settings". The screen clearly spells out what that means, *including* what DNT will be set to. Arguably, the user *has* made a decision by selecting express settings. How does Roy Fieldings patch determine how much of that text the user read before continuing?

    And how does the patch determine when a user *explicitly* sets the DNT.

    Yes, Microsoft probably does this because it will annoy Google and hurt them more than it will hurt Bing. But at the same time it does help protect users' privacy. What a joke if Apache accepts this patch. What a sell-out. Disgusting.

  • How is this any different from Google circumventing the default privacy settings in Apple's Safari?
    Google was sued here. Since Apache isn't a company, is this the way for the likes of Google and others to get their bidding done?

  • Should be standard procedure, and we shouldn't need some new protocol to argue over.

    Its invasive, and wrong. Period.

  • I would laugh so much if MS include an ad block in IE and turn it on by default.

  • by Anonymous Coward

    In case it has faded from people's memory, PRIVACY IS A FUNDAMENTAL HUMAN RIGHT [youthforhumanrights.org] - enshrined in laws across the planet.

    That wasn't some arbitrary, weird, one-man-and-his-hobby-horse decision, this was the result of a serious amount of very costly and capable people sitting together and hammering out basic principles. A bit like the US Constitution that US politicians appear so keen to ignore.

    So, from that principle, not wanting to be tracked IS the legally correct default, DNT should have never been needed

    • Those principles went the way of the dodo the day that the EULA was invented.
      • Except that an EULA is not a legally binding agreement in a large part of the EU, and also many nations in the EU does not permit signing away some rights enshrined in law even with informed consent.
  • by Toreo asesino ( 951231 ) on Saturday September 08, 2012 @08:54AM (#41273053) Journal

    Article is misleading. DNT is enabled if you setup Windows 8 with express settings, at which point it actively states DNT will be set 'on'. Until that point there is no configured values. This is Apache caving into advertiser pressure, pure & simple IMO.

  • If you do not want to be tracked, DO NOT SEND REQUESTS.
    But sending requests with a "please handle this one but dont use it to track me or put it in logfiles" comment ... did anyone *really* expect that to work?

    How much tracking is done via log file analysis alone?
    Not Logging requests that the user specifies makes it a standard for script kiddies only.

    If it was intended for just not putting a cookie... well fail?
    Thats what browser settings are for and what could have been done with more aggressive browser se

  • by Jahava ( 946858 ) on Saturday September 08, 2012 @09:18AM (#41273193)

    This is not an attack on privacy. This is the only valid option.

    If you look at the details of the Do Not Track Header [wikipedia.org], you'll see that there's not much to it. It's an optional HTTP header that represents the user's request not to be tracked. There is no mechanism to actually enforce this choice; any party can easily just ignore the header and track you regardless. The entire purpose of the header is to express a user's intent, and, therefore, the entire value of the header is derived from that intent.

    It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies, and I may be able to drive in the carpool lane. Imagine, now, that everyone always puts that sign in their car by default because they want the additional driving space and courtesies. The value of my sign is significantly diluted; not only does standard driving operation make it impossible to honor those requests, but my own actual situation gets lost in the noise. Drivers will surely ignore the little yellow sign altogether, and it becomes worthless.

    Unless "Do Not Track" is actually an explicit expression of a user's conscious intent, it will face the same hypothetical fate and become yet another ignored standard. Its only value is derived from its explicit intent, and Apache and Fielding are taking steps to ensure that the value is not compromised.

    • by pla ( 258480 ) on Saturday September 08, 2012 @09:45AM (#41273357) Journal
      It's like the "Baby on Board" car signs: If I place one in my car's windowpane, polite drivers should see that sign and grant me additional driving space and courtesies

      Wait, people buy those because they actually believe it will make other drivers more courteous???

      Heh... Personally, I take it as a warning - "This car will go way too slow and has a frequently-distracted driver. Please pass me ASAP, and treat me as you would a potential drunk driver".
    • by Tom ( 822 )

      It's like the "Baby on Board" car signs

      No, it isn't. That sign communicates a statement with a measurable truth value - either there is or there isn't actually a baby in the car, so you are either saying the truth or you are lying.

      The DNT flag expresses a preference. The only person to judge its truth value is you. Basically, the car analogy equivalent would be a sticker saying "please don't drive too close".

      Now continue your thought experiment regarding what would happen if everyone put that sticker on their car.

  • by jbolden ( 176878 )

    Isn't this precisely the sort of argument W3C is for?

  • by Culture20 ( 968837 ) on Saturday September 08, 2012 @09:38AM (#41273317)
    Perhaps the use of ie10 is my active choice, knowing that it has this privacy set by default. It's not, but consider the possibility.
  • by pla ( 258480 ) on Saturday September 08, 2012 @09:42AM (#41273339) Journal
    The alliance has revealed that it will only honor DNT if and only if it is not switched on by default.

    Dear Digital Advertising Alliance - No one* wants you to track them. MSIE enabling DNT by default means nothing more radical than defaulting US releases of Windows to use English.

    Since you have decided you know better than we do, I will therefore block all ads and tracking technologies until you make them "opt-in" only.

    And then I will opt out.


    * Morons who consider Facebook as somehow "better" than the worst of you marketing parasites aside.
  • by __aaltlg1547 ( 2541114 ) on Saturday September 08, 2012 @10:30AM (#41273599)

    Fielding thinks his options should be "use another browser." Well fuck you Mr. Fielding. Thanks for coming up with a standard that you are going to cheerfully ignore while giving users the false impression that you are going to honor their wishes.

    Do we need and involuntary standard to get advertisers to behave? Because that's where this sort of shit may be leading.

    Or do you want a war with Microsoft? Maybe they'll patch IE to identify and disable Apache servers by default, or send them spoofed and anonymized information by default.

  • by asdf7890 ( 1518587 ) on Saturday September 08, 2012 @11:56AM (#41274189)
    I agree with DNT not being set by default. Make it an option on the default browser home page, then people can set it whenever they like, or just ignore it. Done.

    But to Apache: "we do not support breaking open standards" hold no water what so ever when your way to express your love for standards is to patch your product such that it can completely ignore a generally accepted standard by default. That to my mind is a text-book example of hypocrisy.

    And to the ad servers saying "if X then we'll just ignore DNT" I say fine: if you won't honour DNT I feel no guilt at all in completely blocking all your content. Thanks for playing. I only block ad networks that get on my nerves (auto playing sounds, overly irritating animations, malware riddled shite, and so forth), but this is on my list of things that get on my nerves.

    For what it is worth I don't think DNT will make any difference at all, as it relies on everyone to play ball server-side and I barely trust anyone with a commercial or other interest in tracking people to play ball in anything other than hollow words, but that is no reason to not be irritated when you hear people say "we know and understand your preferences, but fuck you".

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...