The decision of the Internet advertising industry to ignore the original Do Not Track setting is a landmark in the cynicism of the industry. I mean users made an explicit request to not be tracked and companies like Google and Facebook were all "lol, no, we'll track you anyway". It's one of the reasons I feel no remorse running an ad blocker.
In fairness, a leading cause of DNT's failure is that Microsoft, for marketing purposes, chose to set DNT by default for a while. While I applaud the goal of assuming people don't want tracking, it gave ad companies an excuse to dismiss DNT: Because many users showing DNT settings had not explicitly meant to do so.
Even though it might in theory have been the best default for end-users, in practice they made DNT fail as a result because advertisers wanted users to make an explicit choice instead of getting opted out by default. It's easy to blame the advertisers here, and sure.. you can argue that in this scenario they were the 'more evil' ones, but had Microsoft not made this choice, we ultimately could have ended up with a respected DNT header, which later on could have become a default anyway.
So I don't disagree that the decision might have come from a good place, but the end-result was not hard to predict and was ultimately not in the interest of users. It was incredibly dumb.
The advertisers chosen to ignore DNT. It don't matter if they decided to do so because they disliked the concept of DNT or if they did so because the OS manufactorers decided to change the opt-in to opt-out. The decision was made solely by the advertisers, and there the blame resides.
If Microsoft had not made this choice then the advertisers could still have made the same decision. We will never know, and it doesn't really matter. Its a "what if" situation, and like many such "what if"s we are simply speculating about motives while not looking at the billions of dollar worth of obvious reasons why the advertisers wanted to ignore DNT.
This is a completely an excuse - advertisers would have looked to anything to disable and ignore DNT - "oh, not enough users use it for us to justify enabling it" etc.
The end result of DNT was never going to be "advertisers were going to less ruthlessly track you" - that's a fantasy.
I put my money on that being an excuse and ultimately a fallacy by the advertisers. There are a lot of things in life which you don't get to choose, and only get informed about when you look into them. There's much worse examples which are far more nefarious for end users. EULAs come to mind!! Contracts in general as well because they're so complex, you need a lawyer(bot) to understand.
The entire point of DNT is to relay an explicit user decision to a website. It has no other meaning.
While there is a candidate recommendation, in reality, the decision about what to do with it is entirely up to the website.
Faking it like Microsoft does makes DNT loses its meaning entirely.
Note that there are 3 values to DNT: null (no explicit decision), 1 (do not track), 0 (track).
If you continue to use a product then you are giving explicit consent according to multiple lawyers, including I think the very companies that ignores the DNT header. If it is considered by them as good enough to legally bind someone to a contract, surely they don't claim that the consent was given without a explicit decision by the user.
When it came to the cookie law those companies had one view in regard to defaults. With the DNT header, the opposite view.
Apache countered Microsoft's DNT=1 default by ignoring the DNT header for IE10 users. Advertisers could have similarly ignored Microsoft and honored non-IE users' DNT headers.
It was clear to everyone at the time that Dnt had to be an explicit opt in and advertisers would ignore it if it was set by default. Microsoft persisted and therefore undermined the spec.
Who wants to get asked a bunch of annoying questions every time they fire up an OS or piece of software? Nobody. Software should pick sane default settings which are in the interest of its users.
Not everyone is informed well enough to make an informed choice, and tracking is not in the interest of the user anyway, so the default being blocking (DNT) is sane. Obviously it isn't in the interest of Google, and Chrome serves Google first, and its users secondary. Education is the long term solution to just about anything and I'm all for that (I can recommend a visit to Berlin-Hohenschoenhausen Memorial [1]) but the truth is that some people are just not going to be interested in certain topics.
Case in point: back in the days, everyone received snail mail spam. At some point, civilians were able to put a standardized sticker on their postbox saying yes/no or no/no (one being more strict than the other). They'd need to pick such sticker up at the city council.
Just now in start of 2018, if you live in Amsterdam, you need a yes/yes sticker to receive spam. Is that wrong as well? Even though the spam is bad for the environment (goes to bin right away), we're living in a digital age, and postboxes in flats and such pile up gigantically? Should we've educated people better instead of making this the default?
No, more realistically it results in the device being thrown out for one that doesn't ask the user a million questions at startup.
Sane defaults should be used because they enhance the user experience tremendously. Nobody buys a gadget for its setup, they buy it to use it, and delaying the user from that end goal is not going to do anything but annoy the end user and ultimately harm the manufacturer's bottom lines.
I suspect there is more people in the world that have built their own cpu and hardware from scratch than there is people that operate computers where they have made informed decision about every parameter for every default variable on all software that they use.
Even if we limit our self to just security defaults, what linux system don't have default ulimits? There is tradeoffs naturally in every number, but I would assume even linux from scratch users don't need to explicitly set each and every number. If a user prefer making different tradeoffs they can opt-in to make changes, but even a operative system that is designed to be built by hand by the user carries with it some defaults.
Well, to be clear, this was done during the height of Microsoft's "Scroogled" campaign. This was an intended to be very visible way to claim to be better at respecting privacy than Google.
I would agree that Microsoft is much better at respecting privacy than Google, though this change was poorly considered and led to a bad result (i.e. DNT failing as a marker of explicit user intent).
I probably have a much more favorable view of Microsoft than the average here, and my comment history contains a storied history of me pointing out how Google has cast anticompetitive and profit-motivated decisions as "good for users". ;)
> If Microsoft does something in the interest of their users it is suddenly "for marketing purposes"?
If Microsoft gave a shit about its users it wouldn't put key loggers in its products, explicitly state that spell check in your word documents is being done in the "cloud" and we are reading it, let you disable stupid cortona who is slurping up hell knows what, etc.
They are so obsessed with tracking you that if you surf their sites long enough you end up with a HTTP 400 - Bad Request (Request header too long) error message. I just pulled up MSDN look at the scroll bar on the right https://i.imgur.com/wlYqVIo.png.
While I like that you're mentioning examples and welcome such, it is never this black-and-white.
All these big corps do things which aren't in the best interest of the general public, or in the best interest of their users. Microsoft is no exception to that (I am well aware of the Halloween documents and hated that company to no ends), but 1) neither are Google and Facebook 2) they've broadened from a proprietary software company.
The open source community seemed to be pretty happy with pro-FOSS companies such as Google and Facebook getting more popular and powerful. Free as in beer seems like a great deal, but you're always paying somehow. In this case you pay with your privacy.
Companies like Google and Facebook do a lot of Good Things (tm) for the FOSS community, but in this specific case they're on the bad side of the moral compass because it hurts a major source of their income.
> If Microsoft does something in the interest of their users it is suddenly "for marketing purposes"?
Yes, it's for marketing purposes, because if there were any sincerity about it then they would not also be tacking their users at the same time they enabled DNT. They don't like competition.
However, users did not give any indication they had explicitly meant to be tracked either.
I think this just highlights the cynism of the ad industry and the whole compromise that was DNT.
If they were genuinely concerned about user preferences, opt-in vs opt-out shouldn't make a difference. But opt-out being so important is a hint to me that the ad industry was mostly agreeing because they assumed that most users wouldn't activate DNT because they didn't even know about it. (Which was probably correct)
In this situation you should either go with opt in or perhaps try to proxy for user desire. Every single person I talked with who wasn’t in the add industry prefers do not track.
It seems strange to argue that a standard that protects users should require informed consent to turn on do not track. But use the same logic to say it’s ok to track users without their explicit consent.
I think so, though they might not always verbalize it that way.
Consider that without any sort of tracking, ads are almost necessarily ones that appeal to the lowest common denominator of the audience, because there's nothing else to go on.
Users hate irrelevant ads slightly more than they hate relevant ads --
much like how I hate being punched more than I hate being slapped.
I'd much rather avoid being in an abusive relationship to begin with: Hence, installing browsers like Brave and using search engines like DuckDuckGo -- where you can opt into breaches of privacy and advertising, rather than hoping for the slim chance of an opt-out at the benevolence of the site/ad company.
It's funny because most of my comments are negative on Google (to the extent that it's been suggested before I am only here to take shots at Google), and largely pro-Microsoft (I carry a Windows phone for heaven's sake), but a shocking amount of people were upset at this comment. :/
Well, the comment is really bad. PR or no PR Microsoft did what users would have really wanted if it worked. You can blame Microsoft for it, but they were not the ones, who ignored users best interests here.
For example, do users explicitly consent to myriad shady practices by advertisers and others when using the www simply because they use the www?
Do they "explicitly consent" to all these practices by not objecting?
Can a user "consent" to some practice without knowing it exists? How can she object to it without knowing what "it" is?
Terms of Use only covers the actions of one party. It does not provide assurances that those terms will be upheld by all the third parties that the website is profiting from when it gives those third parties access to the websites visitors.
Opinion: To be adequately informed in order to give "explicit consent", the user would need to see the terms of all the third party ad networks and others who are contracting with the website. Those companies are largely hidden from users. The easiest thing for the user is to just ask not to be subjected to the actions of these third parties.
Every website that opens its users up to an astounding number of third party servers1 can and likely will disclaim any liability from the actions of third parties.2
As others have stated, dealing with this problem on the client side is the viable alternative.3
1 Others have posted casual studies to HN of developers/users observing how many DNS requests or connections are made to third party servers for the "average" website by users with the popular browsers that automatically request resources. I leave it to the astute HN reader to find the web citations.
2 Random example of website terms: "FACEBOOK IS NOT RESPONSIBLE FOR THE ACTIONS, CONTENT, INFORMATION, OR DATA OF THIRD PARTIES, AND YOU RELEASE US, OUR DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS FROM ANY CLAIMS AND DAMAGES, KNOWN AND UNKNOWN, ARISING OUT OF OR IN ANY WAY CONNECTED WITH ANY CLAIM YOU HAVE AGAINST ANY SUCH THIRD PARTIES."
3 Block access of third parties via client software. The counteraction by the advertisers will be to try to control the client software. Choice of software is important. If the authors of the software earn their quid from advertisers, then what happens? Users may succeed in stopping websites from selling them out, but they also muct succeed in stopping the software they use from selling them out in less obvious ways.
Comments like this make me angry. Blaming Microsoft for the failure of DNT is ridiculous, because DNT was a sham from Day 1: it was nothing but an "evil bit" that advertisers pretty-promised they'd honor, with nothing whatsoever to hold them to that promise.
On a long enough time scale, promises from online advertisers are always lies. Remember when Google said they weren't going to tie anonymous browsing activity to your real identity, and then did? Remember when Facebook totally promised that they wouldn't tie WhatsApp data to Facebook data, and then did? "We'll totally obey DNT, honest" was an equally worthless promise.
And it was a promise made in bad faith too. The only reason DNT gained traction was as an attempt to "self-regulate" and avoid the (desperately needed) government regulation of the advertising industry - and there is quite a bit of history showing that self regulation is no regulation.
DNT was only ever going to last until turning it on became widespread. Don't blame Microsoft for being the kid who pointed out that the emperor had no clothes.
I don't believe this is fair - user consent is clearly marked by the standard as an alleviating requirement.
Without any user input, one must believe consent is imputed upon all users absent a statement to the contrary to justify a 'please track me' default.
It was the refusal of ad networks to justify why people should consent to their surveillance which torpedoed the initiative. They could have. They didn't. If they believed users wouldn't like their argument, all they had to do was sweeten the pot until people jumped on board.
It remains to be seen whether or not avoiding the discussion was ultimately in their best interest - the political power-play has already started to bear poisonous fruit for the industry.
Do you think any board member gives a flying fuck about what users want if it cuts into revenue? "Sorry, we couldn't hit our numbers this quarter because we honored DNT and ran out of money for 'respectable' lead gen," said no executive ever. LOL.
I don’t think you can blame Microsoft for the advertisers building their own grave. I think it’s just as valid (...if not obvious) to assume that users do not want to be tracked.
However, from what I understand Microsoft is also the absolute worst in terms of lowering ads to the window manager level, which is beyond disgusting for a company selling a tool.
If Microsoft had kept the DNT setting off by default, advertising industry
would ignore DNT for any other reason, like "very little users set it, so we
won't implement this feature for just a small fraction of audience".
As others have mentioned here, this is akin to a sheep carrying a sign saying "please don't eat me", hoping wolves would respect it.
Furthermore, this sheep just highlighted the fact that it's a troublesome sheep, that requires special attention (i.e. if the DNT flag is in the header of the first request to my site, I know I can bust out my adblock-bypassing scripts, and start serving ads differently).
When I worked for [name of major ad-supported company redacted], I specifically asked a senior PM one day why are we ignoring the DNT flag in our products. He said "because that's how we make our money", thought for another second and added "also, everyone else ignores it".
I don't really understand how this is supposed to help. If I'm an advertiser/tracker/etc, what keeps me from adding the policy file to my website - so adblock, duckduckgo etc. are happy - and then blatantly violating it?
The "policy" doesn't seem to be legally binding in any way, there is no way to even detect violations and the EFF itself writes that it can't enforce it:
> Posting the dnt-policy.txt file makes a promise to the users who interact with their domain. We believe it would be a false and misleading trade practice to post the policy without the intent to comply in good faith. However, EFF is not in a position to enforce this promise or monitor compliance. [1]
If you're a US company and you lie to your customers about what your policies are, the FTC may well sue you. They do it all of the time over privacy policies.
This is basically what happened to P3P, an earlier attempt to regulate privacy rules with a machine-readable policy. Microsoft set IE to reject cookies by default if a site didn't have 1) a P3P header that 2) met certain requirements. It wasn't very well thought out and, in practice, required a bunch of sites to create a bogus P3P header or core functionality like "logging in" was broken for many IE users.
This is trying to create a way for publisher to say, "I don't want to track users" and have it be understood by software. Right now no such system exists. You could see organizations doing testing to see if tracking happens but they need to know what the publisher say they will or won't do. It still might not get adoption but it isn't nothing.
Yeah, my first thought when I read the headline was "Again?".
DNT was actually pretty widely implemented in browsers for a while, but it ultimately failed because there wasn't anything actually enforcing the standard. It was essentially just a way to politely ask servers not to track you.
If Microsoft had't made it the default in IE, then DNT would have been an explicit action to show that you do not consent to tracking, which would have had legal bearing.
That needs to be added to the title. I would've stopped my Amazon Smile donations to EFF if they were still wasting money pursuing this obviously pointless idea.
I seriously doubt this will gain much traction. I would love it to, but I doubt the motives behind advertisers.
I mean, just look at the current state of advertising on mobile. One constantly gets ads hijacking the browser to show ads ostensibly from Amazon or Walmart (I doubt either Amazon or Walmart would actually prevent you from getting to the content you're looking at). The "well-done" ads prevent you from even hitting the back-button on your browser to return to the content. Being an Android user, I've effectively taken to using MS Edge on Android, because at least in Edge, I can disable javascript, which has gone a long way to crippling such ads. (Before anyone asks: I'm normally a Chrome user + UBlock, etc etc, but Chrome doesn't support extensions on Android, and I've never had good luck with FireFox for anything other than draining battery).
When Ad companies learn to play nice and not hijack my browser and occasionally serve up out right malware, maybe, just MAYBE, will I reconsider playing nice with them.
You're right. The ship has sailed...for advertisers. They'll wish this DNT variant had caught-on, because since then ublock origin and others like it have become significantly more popular, the native-adblock Brave browser is growing slow and steady, and now even Mozilla offers users the option to disable all tracking. Perhaps in another couple of years Mozilla will enable it by default for everyone.
Except of course tracking for Mozilla's monetary and advertising partners, like Google. They'll pass that off as part of their Shield Studies and insert hidden tracking plugins into the browser which will be invisible to the user.
Since I refused to downgrade to WebExtensions Firefox, and I'm currently using Pale Moon for most browsing (and I'm looking at Otter as a possible #2), I don't have access to it anymore. I simply do not trust Mozilla anymore, or Firefox.
Note that you can also do this in Chrome: Settings/Site settings/JavaScript.
If you're looking for another way to block ads on mobile, DNS66 works pretty well for me, and it's FOSS IIRC (obviously it doesn't get everything, there's only so much a DNS-based blocker can do, but it catches most ads except YouTube's in my experience).
My issue with DNT is that it is generally another bit of uniqueness that makes my browser slightly EASIER to track for anyone who doesn't care about obeying it, which are likely the greatest threats.
IMO, tracking should be strictly opt-in, making it opt-out is abusive and ubethical.
I recently learned of GDPR. Although I'm uncertain of the exact law's implementation details, I think it's a step in the right direction. It's strictly opt-in and requires providing a clear explanation of what data gets collected.
Cool, a new way our browsers can be fingerprinted! Thanks EFF for one more bit of entropy!
Yes I know this was in good faith, but when you are trying to get good faith agreement against the business model of an industry, it's no surprise it was a failure.
> Disconnect’s partners in this launch are the innovative publishing site Medium
I know this is off-topic, but what is so innovative about Medium? Does it break any significant ground beyond what LiveJournal was doing almost two decades ago?
Could someone clarify: What's the standard? Is it adopting EFF's DNT policy https://www.eff.org/dnt-policy? Is it hosting any privacy policy at /.well-known/dnt-policy.txt? Do any tools or browsers use that URL or display it to users? Has anyone else adopted this standard?
