×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Privacy Groups Mull 'Do Not Track' List for Internet

Zonk posted more than 7 years ago | from the i'd-sign dept.

Privacy 136

Technical Writing Geek writes with a Reuters story about a collection of privacy groups looking to set up a 'Do Not Track' list online, similar to the 'Do Not Call' list meant to dissuade telemarketing. "Computer users should be notified when their Web surfing is tracked by online advertisers and Web publishers, argue the Consumer Federation of America, the World Privacy Forum and the Center for Democracy and Technology, among other groups in a coalition promoting the idea. Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said. The organizations submitted the proposals to the Federal Trade Commission, ahead of the consumer watchdog agency's workshop on Nov. 1-2 to study the increasing use of tracking technology to target online ads.

Sorry! There are no comments related to the filter you selected.

Do not spam? (5, Funny)

ACS Solver (1068112) | more than 7 years ago | (#21187017)

So when will I be able to add my email to a "do not spam" list?

Re:Do not spam? (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#21187189)

So when will I be able to add my email to a "do not spam" list?

Whenever you feel like exposing your e-mail address in an easily collectible format.

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21187337)

click [here] to accept 'sextracker' cookie

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21187371)

So when will I be able to add my email to a "do not spam" list?


Whenever you feel like exposing your e-mail address in an easily collectible format.

Whooosh!

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21189447)

Is it just me or is this "whoosh" thing a particularly irritating Slashdot meme? It seems to be shorthand for "the original post was a joke, but you didn't get it, and I'm now pointing that out." This not an unusual occurrence, since I would think that Slashdot posters have a pretty high Aspberger quotient, and the associated trouble recognizing humor. This makes the "whoosh" posts come off as arrogant in an "I-have-a-better-developed-sense-of-humor-than-you" kind of way.



In fact, many of the places I see the "whoosh" reply or the joke-flying-over-head diagram seem to be inappropriate, because it's not at all clear that the original posts actually were intended humorously (as I think the case was here). Sometimes irony or sarcasm can be like this, especially in written form. In these cases I kind of want to issue a "meta-whoosh". (But maybe I just don't get the joke.)

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21189491)

Whoosh!

Re:Do not spam? (2, Insightful)

sm62704 (957197) | more than 7 years ago | (#21187567)

Mods, the GP was indeed humorous but its writer deserved mod points (you don't get points for "funny"; mod me however you want, my karma's excellent so "funny" is fine). His point in the admittedly humorous post was that these lists would be completely worthess, as there is no possible way to enforce them.

This is completely unlike the "do not call" lists; these are country-specific. If I spam your phone and you're on a do not call list, we're most likely to share the same government (at least so far) You can be prosecuted.

OTOH, the AC's post above this one should be modded funny. Oh, right, tough room...

This post void where prohibited by law

-mcgrew [kuro5hin.org]

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21187869)

Mod: +1 WTF?

Re:Do not spam? (2, Insightful)

FlyByPC (841016) | more than 7 years ago | (#21187585)

Right this way, sir. Our company has set up a database to help manage your email marketing experience. And it won't even cost you a thing! Just confirm your valid email address via a script, and...

The sad thing is, I know this would collect a LOT of valid emails. (Probably from folks who would buy things from spammers, too.) Unfortunately, I'm not quite evil enough to bring myself to do that. It's too bad, really.

You can't help stupid (1)

fragmentate (908035) | more than 7 years ago | (#21189421)

This isn't stupid enough by itself. It gets even stupider.

In order for a web site to know that a person has "opted out" of tracking, the site would have to set a cookie to track that user's preference to not be tracked.

While I realize there is a difference between a cookie like:

  • Cookie: optout=yes;
...and...
  • Cookie: trackmeforever=someWeIrD_unique_ID;

It's still tracking. Maybe I'm nitpicking...but, so are they, yes?

Re:Do not spam? (1)

cybermage (112274) | more than 7 years ago | (#21189831)

I'm not entirely convinced that such a list would fail ... with the right precautions. Some ideas just off the top of my head:

One option:
===========
- Distribute the list only to marketers who's credentials and location you have verified.
- Require that distributed copies of the list not be redistributed.
- Fill the list with 10-20% honey-pot addresses. These addresses should vary from distribution to distribution so as to establish a "unique fingerprint" that would take the comparison of several distributions to identify even a part of.

Another option:
===============
- Establish a online service available only to marketers who's credentials and location you have verified.
- Require that they submit addresses to be compared to the database, and tell them which addresses have requested to opt-out from the list they submit.
- Record that they asked about a given address in association with that address.
- Allow the address holders access to review who has been told not to mail to them through the system for their own comparison to the spam they're receiving.

Will either system do anything about illicit email harvesting and other forms of blanket spamming? Of course not. Would either system keep legitimate operations from hassling you with a minimal risk of increasing your spam load. I think so.

At the risk of being modded a troll, I think the long-term solution to spam is to allow it and regulate it. If it were allowed, I believe people who are skirting the law to send spam would be rapidly marginalized by legitimate operations. The American way for most commercial endeavors is to allow it, regulate it, and tax it. Do those three things to commercial email, provide a centralized opt-out system, and I believe the illicit stuff will be marginalized and far easier for law enforcement to deal with. (Also, the loss of tax revenue would be an incentive for lawmakers to stiffen the penalties for the violators). BTW, when I say tax it, I mean the sending. Even a one cent fee per email would be an enormous tax windfall if even a small fraction of these operations went legit.

Track This (-1, Troll)

Anonymous Coward | more than 7 years ago | (#21187831)


Fuck Bush [whitehouse.org]

Re:Do not spam? (0)

Anonymous Coward | more than 7 years ago | (#21188159)

Simple. Just leave your e-mail in a simple message titled 'I don't want spam' in alt.computers.nospam and I'll make sure it'll go to where it needs to go.

Don't forget to make list available to scammers! (2, Funny)

wsanders (114993) | more than 7 years ago | (#21188299)

Well, out here at the Minsk Home for Deposed Nigerian Cabinet Ministers the first thing I must do is get hold of this list so I can stop scamming all you people.

Since most web usage is tracked anonymously it's much more likely that identifiable information will be hijacked from a copy of the the "no not track" list than from any of the web tracking itself. Seems like kind of a silly, tinfoil-hat-inspired idea!

unrealistic goals (4, Funny)

User 956 (568564) | more than 7 years ago | (#21187029)

Rather than burying privacy policies in fine print, companies should also disclose them more fully and provide easier ways to opt out, the groups said.

Also, they want world peace, and a pony.

Re:unrealistic goals (2)

N3WBI3 (595976) | more than 7 years ago | (#21187047)

Ponies exist, they desire a unicorn..

Re:unrealistic goals (5, Informative)

morgan_greywolf (835522) | more than 7 years ago | (#21187107)

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

  • Download Firefox
  • Install the Adblock Plus and NoScript extensions
  • T
  • Go to Edit | Preferences or Tools | Options (depending on platform) and go to the Privacy tab. Uncheck 'Accept cookies from sites'.
  • Click Exceptions. Add in all the sites that you use that need cookies to work right (online banking, Slashdot, etc.)


Tada! You're done. Now you can't be tracked (unless you specifically want to be).

Re:unrealistic goals (2, Insightful)

walt-sjc (145127) | more than 7 years ago | (#21187225)

This "do not track" group is a bunch of die-hard IE users. Since MS refuses to add reasonable privacy tools, they are looking for legislation. Idiots. This is a browser problem, not an advertiser problem. Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE, I don't know what the hell they are thinking Congress will do. Most likely we will end up with a law that outlaws privacy tools like Firefox / Adblock and instead mandates a stupid list that only US based companies are obliged to obey.

Re:unrealistic goals (0, Offtopic)

sm62704 (957197) | more than 7 years ago | (#21187701)

Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE

You don't understand, the CAN SPAM act does exactly what it is intended to do: it makes it so that you can spam with impunity.

See, what you're forgetting is that we have the best government money can buy. Vote? HA! What's one measly vote against a ten million dollar campaign contribution (ironically from an entity that is not allowed by law to vote).

"Your" representatives don't represent you, they represent fine American corporations like Sony, BP, Shell, etc. who now can spam without fear of the law. Who do you think paid for this law, anyway?

-mcgrew [mcgrew.info]

Re:unrealistic goals (1)

m2bord (781676) | more than 7 years ago | (#21188069)

the problem stems from congress writing legislation that will satisfy everyone and instead it satisfies no one. we have elected officials who have the backbone of a jellyfish (none).

what we need is for congress to say, consumers have an expectation, if not a right, of privacy. what they do in a legal environment should be there business and their business alone.

but what we get is, things like the ftc's do not call list where yea...your number is blocked unless of course if you send in a text message to a contest, or your give your phone number to a merchant, or you do anything else that would give the allusion of an existing business relationship.

do not call means just that but business lobbyists have convinced our elected leaders that their right to seek a profit is more important than our right to be left alone.

Re:unrealistic goals (1)

RulerOf (975607) | more than 7 years ago | (#21188581)

Considering that the wonderful US Congress can't even get a reasonable anti-spam law in place and instead created one that makes the problem WORSE

It's worth pointing out that even if spam was punishable by death, and also resulted in the execution of your friends and family before your eyes, we'd still get just as much spam. There are even tougher laws for a more illicit market: Drugs. You can go to jail for the better part of the rest of your life in some states, or at least long enough to ruin it, just for falling victim to a crack or heroin addiction (and of course, getting caught).

Last time I checked, draconian laws enacted by lawmakers who are incapable of understanding the problem in both situations STILL haven't helped either one.

Re:unrealistic goals (1)

Kadin2048 (468275) | more than 7 years ago | (#21189605)

Huh?

I'm not sure I understand your point. The drug market doesn't really respond very well to threats of punishment, because many of the substances involved are physically addictive. Thus there's always a demand, regardless of how hard the government cracks down on it. The drug dealers are probably motivated by threats of punishment (in that if the threat is higher, they'll demand more compensation to take the risks, thus driving the cost of drugs higher), but the consumers definitely aren't.

Spam-sending seems like it would be far more sensitive to cost. If you executed everyone who sent spam, and you had an apparatus that was fairly good at catching people who sent it (you got a non-trivial percentage, anyway), the remaining people sending spam would have to be pretty desperate for the money. That would mean they'd charge more, and that would mean that the firms paying for the spam in the first place would have a disincentive to purchase their services.

An online pharmacy isn't addicted to spam in the same way that a junkie is addicted to smack; if there's a method of advertising that's more effective for the price than spam, the online pharmacy is going to do it. (Or, put differently, if spamming is no longer cost-effective, they're not going to pay for it any longer.)

Spam has a very low response rate anyway; if you pushed the cost to send it above what generally comes back from a mailing, it would stop. There's nothing really magical or biologically addictive about it -- it's just an obnoxious economic practice.

Re:unrealistic goals (1)

Relic of the Future (118669) | more than 7 years ago | (#21187241)

Alternate step one and two: Download Opera

Re:unrealistic goals (0)

Anonymous Coward | more than 7 years ago | (#21187533)

Alertnate step: Your mom!

Re:unrealistic goals (1)

Chris Mattern (191822) | more than 7 years ago | (#21189065)

I tried, but the Magic Flute was over 3 gigs!

Chris Mattern

Re:unrealistic goals (0)

Anonymous Coward | more than 7 years ago | (#21187417)

Nice to see you English adding a Tea Break for good measure!

Re:unrealistic goals (1)

KingSkippus (799657) | more than 7 years ago | (#21187455)

I'm sorry, you lost me around that third step.

Re:unrealistic goals (1)

calebt3 (1098475) | more than 7 years ago | (#21187561)

I'm confused. Where are the '?????' and 'Profit!' steps?

Re:unrealistic goals (1)

Thaelon (250687) | more than 7 years ago | (#21187707)

Permit Cookies [mozilla.org] is a more user friendly version of your last two steps.

Turn off cookies for all sites, then to permit a site (session or permanently) you just hit alt+c and choose one, then hit enter.

Re:unrealistic goals (1)

Fred Ferrigno (122319) | more than 7 years ago | (#21189245)

I prefer CookieSafe [mozilla.org] . It's got a simple UI that works almost identically to NoScript. I have it set to accept cookies globally per session since many sites won't work without them, with sites that require logins white listed.

Re:unrealistic goals (1)

Otis2222222 (581406) | more than 7 years ago | (#21187837)

As much as I like Adblock Plus and Noscript, I tend not to recommend that people install Noscript or disable cookies. Adblock Plus and automatic filter downloads are nice. But it's a lot to ask someone to manually whitelist a bunch of Noscript stuff with every new website they visit. My current Firefox installation is going on 1 year now, and you'd think I would have a good whitelist built up. But it never fails that just about every day I there is a good chance I will visit 3 or 4 websites that won't render correctly if I don't manually tell Noscript to allow between 3 and 5 more to the whitelist.

For me, that's just fine. But Grandma ain't gonna go for that. Oh, and for that matter you run into the same problem disabling cookies on a lot of sites. Go ahead and blame lazy web developers or whatever, but cookies and javascript are unfortunately a way of life when getting online if you want a good browsing experience.

Re:unrealistic goals (2, Informative)

mdm-adph (1030332) | more than 7 years ago | (#21188145)

My friend, I had kinda the same problem as you did (having to maintain a huge whilelist with NoScript) -- that's why, on the first tab of the configuration window, you'll see an option for "Allow Top-Level Sites by Default." No more keeping track of a huge whitelist.

Now, any site you go to will automatically allow JavaScript from that domain (I mean, if you didn't want its JavaScript running on your machine, what are you going there for?). Any other domain's scripts that are present on that page will still not run, and I'm sure that you'll find that 90-95% of the time those extra scripts are ads and tracker scripts.

Doing the whitelist thing (having to manually allow every domain's JavaScript every time you go to a new site) will eventually bite you in the ass -- after about a year of using NoScript, my whitelist had grown so large that every site I visited had a noticable 4-5 second pause, which was literally just NoScript checking through the huge whitelist!

Re:unrealistic goals (1)

John Hasler (414242) | more than 7 years ago | (#21189805)

> Now, any site you go to will automatically allow JavaScript from that domain (I mean, if
> you didn't want its JavaScript running on your machine, what are you going there for?).

While most sites I visit push JavaScript at me, almost all of them work fine without it. Same goes for cookies.

Re:unrealistic goals (1)

zgregoryg (1061612) | more than 7 years ago | (#21187981)

A better way of preventing cookie tracking in FF: View cookies set from time-to-time and remove those which are obviously related to ads and tracking domains, you can tell by the domain name, ad.yieldmanager.com for example. By doing this you will automatically add domains you do not wish to set cookies to the exclusions list while at the same time ensuring any site you visit will work properly upon first visit. After a few runs though this process you will have caught most of them. ;-)

Re:unrealistic goals (1)

badasscat (563442) | more than 7 years ago | (#21189443)

Agreed. Completely unrealistic. If you want to opt out of being tracked by advertisers, here are the only steps you need to perform:

This depends on what you mean by "being tracked". If you mean tracked from site to site, then sure. If you mean tracked within a particular site, then no. There's no way to stop this.

I have a basic stat tracker on my blogs that I use for my own amusement; I just like to see who visits my sites. I see plenty of people visit with javascript turned off, and I don't use cookies (it's just a blog, for crying out loud). I can still track them as they browse around the site and I can see them if and when they come back. All I don't see is their OS and screen resolution.

Advertisers honestly don't much care about tracking people from site to site. I handle ad trafficking for my company, and I'm not even sure where I'd find this information in DART, doubleclick's ad trafficking software. That's not to say nobody cares about it, but I've never worked for a company that did. They care a lot more about tracking people navigating through their own sites, and there's no way to prevent this.

I don't really think there should be, either. If you're running a B&M store, you have a right to look at your customers and see what they're doing on your property. You have a right to determine, for example, that 60% of your customers are women, and that 80% of your customers never even look at the shelves on the back wall. This is not an invasion of privacy; these people are on your property. It's your store; you have a right to know these things. It's no different with a web site.

Re:unrealistic goals (3, Insightful)

TheMeuge (645043) | more than 7 years ago | (#21187117)

Exactly.

My first reaction to this story was to add the "futile" tag.

I think we all have to get used to the thought that if there is any information out there, that is publicly accessible in plaintext, it will be cataloged, author identified, and data-mined ad infinitum. Given the technological capability to collect, organize, and process data... as well as the prolific availability of said data, we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression.

The way I see it, the only way to ensure any real privacy, is to personally ensure anonymity at any point where it seems necessary. With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society... but this is a choice we're all making right now, and will certainly have to make in the future.

Re:unrealistic goals (1)

foniksonik (573572) | more than 7 years ago | (#21187809)

The best way to ensure privacy is actually to charge for the use of said data.... ie: for the person whose data is being used to get a check in the mail.

When companies have to pay for this they will be more circumspect about what data they collect and how much.

This would work for spam as well.... opt in and get paid. Currently someone else is getting paid to collect your data, leaving you out of the equation except as the victim/volunteer.

Advertisers and market researchers should be paying us for the opportunity to sell us something that is hopefully targeted at our interests, in hopes that we will pay them back many times by purchasing that item/service.

Re:unrealistic goals (0)

Anonymous Coward | more than 7 years ago | (#21188715)

data-mined ad infinitum
I just checked, and I can't believe "Ad Infinitum" isn't already the name of a data mining company. Ohhhh the irony!

Re:unrealistic goals (0)

Anonymous Coward | more than 7 years ago | (#21188779)

Futile as it may appear, how many legitimate companies would knowingly violate such a law if they risked being caught ? I think the answer is close to none, and having a law like this would provide an avenue to seek justice against the few who did. Less than reputable concerns wouldn't likely conform to privacy laws much less other laws anyway but they don't appear to be the target.

I think the target is the ten pages of legalese in "privacy statements" and "terms of use" that bury in the details how big company X will have rights to your firstborn if you use their site/product/whatever. This gives a clear way for the consumer to say no and have recourse if it's not obeyed.

Re:unrealistic goals (1)

KudyardRipling (1063612) | more than 7 years ago | (#21189355)

we cannot reasonably expect any privacy laws to deter usage of this data, whether it be by private companies for profit, or government entities for censorship and oppression...With this, there will come more and more tradeoffs in terms of conveniences, and ultimately perhaps even one's place in society...

This makes the government's job that much easier as to whom shall appear on the 'no-fly' and 'no foreign travel' lists.

~|.$*#
NO FEDDERS

Re:unrealistic goals (1)

facon12 (1128949) | more than 7 years ago | (#21187121)

Its unrealistic for sure, but at the very least the ideas seem to be headed in a good direction: Protecting the consumer. It is unfortunate though that it will never happen, its like wanting radio commercials to slowly and clearly state their disclaimers as well. At the very least though i do think we should get some sort of notification, not a popup but maybe a little icon in the lower corner of the screen to let us know.

you still are using word "mull" in wrong contect (1, Funny)

unity100 (970058) | more than 7 years ago | (#21187035)

mull, from what i remember means scuttle, bar, make harder, oust. these people are not trying to prevent a do not track list, they are trying to establish one.

Re:you still are using word "mull" in wrong contec (2, Funny)

N3WBI3 (595976) | more than 7 years ago | (#21187075)

Unless of course they are using Mull as in Mull Over which means 'Reflect deeply on a subject'

No, "mull" is appropriate (1)

Kelson (129150) | more than 7 years ago | (#21187089)

When applied to an idea, "mull" generally means to think about it in detail.

Re:you still are using word "mull" in wrong contec (1)

RandoX (828285) | more than 7 years ago | (#21187101)

You're incorrect. As in; not correct; not in conformity with fact or truth; "an incorrect calculation"; "the report in the paper is wrong"; "your information is wrong ...

Never heard that usage. (1)

Nursie (632944) | more than 7 years ago | (#21187119)

As far as I'm concerned it either means to fortify, heat and spice (mulled wine, cider etc), or to think over/consider an idea or range of options.

Usage here is just fine.

Re:you still are using word "mull" in wrong contec (2, Informative)

Chris Mattern (191822) | more than 7 years ago | (#21189103)

You are a special, unique individual, and that's a great thing. Unfortunately, you also have a special, unique definition of "mull", and that's not working out so well.

Chris Mattern

Re:you still are using word "mull" in wrong contec (0)

Anonymous Coward | more than 7 years ago | (#21189349)

Ah, but what is the definition of "contect".

A stupid idea. (0)

Anonymous Coward | more than 7 years ago | (#21187039)

This is going to be very hard to enforce. Besides, privacy doesn't exist these days.
"The only ones fighting for privacy are the ones who have something to hide" - Rupert Murdoch
--
Madonna is the only talented content creator!

Re:A stupid idea. (0)

Anonymous Coward | more than 7 years ago | (#21187309)

"The only ones fighting for privacy are the ones who have something to hide" - Rupert Murdoch

After which Murdoch immediately put his wallet where his mouth was and gave out his credit card # to everyone.

Anyone else see the problem here? (3, Insightful)

Kelson (129150) | more than 7 years ago | (#21187053)

Anyone else see the problem here?

OK, let's set up a "Do Not Track" list. How are they going to know not to track you? By figuring out who you are, then checking to see if you're on the list.

Oops.

A better idea would be a standardized opt-out system where your browser tells every server, "Do not track me," then set up web applications to honor that choice.

Maybe set up an X-DontTrackMe header for HTTP requests. Or a standardized DontTrack=true cookie not linked to a domain. Something that has no unique information and gets sent to every website. Then turn it on and off in the browser with a checkbox.

Something like that could be tested as a Firefox extension or IE browser helper (if I'm remembering the terminology correctly) to start with, then added to browsers themselves.

Re:Anyone else see the problem here? (2, Funny)

walt-sjc (145127) | more than 7 years ago | (#21187419)

I don't allow cookies. Your method won't work. How about a "X-I-want-to-be-tracked" cookie and a "X-my-SSN#-is" for the 3 idiots on the planet that WANT to be tracked?

Re:Anyone else see the problem here? (1)

aethogamous (935390) | more than 7 years ago | (#21187445)

From the proposal...

To help ensure that these principles are followed, the FTC should:

Create a national Do Not Track List similar to the national Do Not Call List:

o Any advertising entity that sets a persistent identifier on a user device should be required to provide to the FTC the domain names of the servers or other devices used to place the identifier.

o Companies providing web, video, and other forms of browser applications should provide functionality (i.e., a browser feature, plugin, or extension) that allows users to import or otherwise use the Do Not Track List of domain names, keep the list up-to-date, and block domains on the list from tracking their Internet activity.

o Advertisements from servers or other technologies that do not employ persistent identifiers may still be displayed on consumers' computers. Thus, consumers who sign up for the Do Not Track List would still receive advertising.

o The Do Not Track List should be available on the FTC Web site for download by consumers who wish to use the list to limit tracking.

o The FTC should engage in public education to disseminate the Do Not Track List information broadly to consumers, along with instructions for its use. The FTC should actively encourage all creators of browsing and other relevant technology to incorporate a facility that will enable consumers to use the list.

The proposal can be found at http://www.worldprivacyforum.org/pdf/ConsumerProtections_FTC_ConsensusDoc_Final_s.pdf [worldprivacyforum.org]

Re:Anyone else see the problem here? (1)

DCTooTall (870500) | more than 7 years ago | (#21187569)

I thought of the SAME thing.

On the Wired [wired.com] article with the story they have a diagram which shows how the whole proposed list is SUPPOSED to work. One of the notes included in it is that "Consumers may have to download a browser upgrade, Plug-in, or extension to get the Do-Not-Track list to work for them"

So.... lemme get this straight.... a Fed Maintained list....which required you to install a special application onto your computer...In order to keep private companies and websites from tracking you.

Now.... I'm not normally one who immediately expects some sort of grand conspiracy in every little thing, especcially something like this whole idea which is obviously the brainchild of people who don't have a clue how the internet and Web Actually function beyond their browser. But, part of me wonders if we'd see some of the big-brother groups like the NSA throw their support behind something like this since it basically would give them a great way to track people who are under the mistaken belief that they would not be able to be tracked.

Honestly, I can see them seeing it as another GREAT way to keep tabs on people. Hell, even the FBI might tap into it, and then hide behind the "online predator" defense if they get caught, simply because a large number of people who do things they shouldn't online do so because they think they can't be tracked/caught. Throw something like this list up for them, and I could see some people thinking it's another way to hide their online usage.

opt-out lists are the work of satan (1)

CarpetShark (865376) | more than 7 years ago | (#21188135)

Why "opt-out" at all? If there's potential for abuse, it should be opt-in. That's already been accepted with bulk commercial email. Now, it just needs to be enforced.

Hash.. (1)

msimm (580077) | more than 7 years ago | (#21188415)

Using a hash would work, but the number of problems with the list far out weight any good reason to have a sensible debate on the top.

Re:Anyone else see the problem here? (1)

neoform (551705) | more than 7 years ago | (#21188421)

So if I'm running a website and someone says "don't track me" I'm supposed to not log any of the user's actions on my server?

Golly, I wish I could do that while robbing a bank with my "don't videotape or look at me" tshirt on.

Re:Anyone else see the problem here? (1)

noidentity (188756) | more than 7 years ago | (#21188961)

Exactly. Unlike telemarketing calls, this issue can be solved with a simple technical measure. Well, at least the problem of letting the server know of your preference to not be tracked. Enforcing it is an entirely different matter, and very difficult since you have no way of knowing that it's tracking you (it doesn't need to send your browser any cookies, for example). And this points to a fundamental difference: this kind of tracking doesn't directly impose on someone like a telemarketing call does.

Anyone else see the solutions here? We have list (0)

Anonymous Coward | more than 7 years ago | (#21189367)

We have what you're asking for - it's called the HOSTS file. Put every damned ad tracking domain next to a 0 and you're done. Mine has already gone past 20,000 entries and it works just fine with Win XP and Tiger, thankyouverymuch.

Your job bunky, is to be part of the solution and start submitting entries. I wish stopbadware.com would publish its list instead of making me look up domains one at a time. Those guys are part of the problem.

A bit like caller ID blocking (1)

EmbeddedJanitor (597831) | more than 7 years ago | (#21189535)

As parent says, using a list to "do not track" is self contradictory.

The only way to do it is via some sort of "don't track me" token. But what do we really mean by "don't track me". Some services need cookies etc. Are cookies tracking? What about the context used to set up a secure connection for transactions?

Internet != Telephone (5, Insightful)

One Childish N00b (780549) | more than 7 years ago | (#21187065)

The 'Do Not Call' list works - to a degree - because people who ignore it run the risk of legal action, due to all being inside the country they're calling. I can't see many companies going to the extent of running offshore telemarketing companies due to the high cost of international calls.

This problem obviously does not exist on the internet - the cost of serving up those banners to millions of people clearly doesn't eat into the profits of these companies, so there's no reason for them to stop, and if laws are passed forcing them to stop, they'll simply be replaced by foreign companies advertising either on behalf of the same companies serving up the ads now, or set up by the advertising companies to circumvent the laws.

This won't work.

Re:Internet != Telephone (1)

querist (97166) | more than 7 years ago | (#21188243)

Your reasoning on the telephone situation is sound, but you have overlooked something: VOIP. I have received telemarketing calls from overseas, and it was obvious by the sound quality that it was a VOIP call. The caller even confirmed that he was calling from India.

Unfortunately, they have already figured a way around that law if they want to do it.

Re:Internet != Telephone (1)

neoform (551705) | more than 7 years ago | (#21188453)

You obviously don't realize how many telemarketting firms are located in Montreal (90% of which call the US, since they don't have to follow US do not call lists)..

Lost revenue (1)

distr0 (1161389) | more than 7 years ago | (#21187067)

I could see this causing alot of sites to shut the doors because of lost advertising money Personally i'd rather see a little ad than have to pay for all the sites that I like. Online tracking/advertising is a really effective system, and usually not too intrusive unless a particular website goes overboard

Re:Lost revenue (1)

N3WBI3 (595976) | more than 7 years ago | (#21187125)

You can still count web hits and referrals via links..

Wow, just wow. (0)

Anonymous Coward | more than 7 years ago | (#21187087)

> AOL also said it will expand the use of extended opt-out technology, developed by Tacoda, an online ad company AOL bought earlier this year
>
> Currently, if users choose to opt-out from online ad tracking, a cookie, or small piece of software, is placed on their browser reflecting that choice. But if users delete their cookies, then the opt-out is lost. AOL's technology would enable the opt-out cookie to reset after cookies are deleted.

In other words, we put this cookie here to track you.

If you don't want to be tracked, let us put this special cookie here.

And if you really don't want to be tracked, and you delete your cookies, we've got some double secret probation "technology" that can put it back for you! (What do you want to bet it's a persistent Flash object, or given that this is AOL we're talking about, a background task that runs 24/7 to put the cookie back, should it ever be accidentally deleted...)

Where I come from, that's spyware.

The real opt out is to block all traffic to advertising domains at the router, and it's the one method the marketing companies dread the most, because who would ever opt back in?

How? (2, Interesting)

saterdaies (842986) | more than 7 years ago | (#21187129)

The problem with the suggestion is implementation. IP Addresses are shared and reused and so aren't unique to a user or household. Cookies also don't work since they are only sent to the site you're hitting - so a cookie for ftc.gov isn't going to be sent to DoubleClick. Having individual advertisers have opt-out systems isn't great since a lot of the time I don't know who is serving the ads I'm seeing (without delving into the HTML).

Unfortunately, there is no simple way of defining something like this. A better solution might be to regulate the type of information that they are allowed to collect in the first place. If they aren't allowed to record my IP address (or any other identifying information like a zip code I type in a form or POST/GET data), then there would seem to be limited privacy implications. They could gather data showing that people who like power tools also like Sony stereos or whatnot, but without information like IP addresses, form and GET/POST data, there is little they can use to violate my privacy.

Am I missing something?

Re:How? (1)

FranTaylor (164577) | more than 7 years ago | (#21187235)

Doubleclick and others put tiny images on many web pages so they see your cookie no matter where you go.

Re:How? (1)

saterdaies (842986) | more than 7 years ago | (#21187627)

They see your DoubleClick cookie. There isn't a way to do this cross-adnetwork. So, I can opt out with DoubleClick, AdSense, Microsoft, Yahoo, TextLinkAds. . . individually. But I can't get a cookie from the FTC or someone that will be readable by all the advertizers.

Correct me if I'm wrong (0, Redundant)

techpawn (969834) | more than 7 years ago | (#21187153)

Won't this damage a lot of adSense technology already in place by non-evil companies? Also, would this apply to browsers keeping history of where you've been?

Re:Correct me if I'm wrong (1)

WK2 (1072560) | more than 7 years ago | (#21189397)

They are working on an amendment that says that non-evil companies do not have to follow these rules.

on a "do not spam" list (5, Informative)

khallow (566160) | more than 7 years ago | (#21187157)

The largest lesson in emal spamming has been that they'll send spam to anything resembling an email. They don't care where it came from or how and why they got it. So as I see it the only value of a "do not spam" list is that it will contain a lot of active email addresses. That is gold to spammers and I think anyone who believes such a list will reduce spamming (rather than have the opposite effect) is sorely deluded.

Re:on a "do not spam" list (3, Insightful)

kinko (82040) | more than 7 years ago | (#21188749)

Obviously such a list would not contain the actual addresses, but some type of checksum for each address. Then the onus would be on the sender to make sure that any email addresses they already know about do not hash to a value in the list.

Re:on a "do not spam" list (0)

Anonymous Coward | more than 7 years ago | (#21188785)

Because we all know the spammers wouldn't use the hash to remake the emails and send to them anyway. Cause spammers are 100% honest caring people.

(yawn) Yet another pre-defeated proposal (4, Interesting)

Arrogant-Bastard (141720) | more than 7 years ago | (#21187211)

Sometimes I find myself idly wondering how many miserable failures of opt-out proposals will be necessary before people get a clue that opt-in offers the only possible way to success.

Then I snap out of it and remind myself that of course some people have a clue, and that's precisely why they continue to put these proposals out (or to enthusiastically back them): doing so serves their purposes nicely. It allows them to proudly say that "they've taken the lead in protecting privacy" while of course they're doing everything they possibly can to do the opposite. (They do this, of course, because they're well aware that few people would opt-in to have telemarketers bother them, or to have spammers clog their mailboxes, or to have their personal data collected.)

This situation is unlikely to change in the forseeable future. Just as it's given us ineffective anti-telemarketing measures, just as it's given us ineffective anti-spam measures, the outcome of this process will inevitably give us ineffective anti-privacy-invasion measures.

Which is why it's probably best to just ignore this nonsense and instead use technological means to either deny data to invaders or feed them bogus data.

Nice idea but! (1)

Anon-Admin (443764) | more than 7 years ago | (#21187273)

This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

Re:Nice idea but! (0)

Anonymous Coward | more than 7 years ago | (#21187765)

This is a great idea, but how do you enforce it? That is the issue with most internet laws. Pass all the laws you want, you just can not enforce any of them.

Insightful.

A DNS/domain/ip black list that your browser uses is a far better idea as compliance isn't a company option. You get reported for tracking, hole the domain or IP to a blank page. Let them squeal. They are not going to cooperate voluntarily.

terribly sorry (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#21187275)

I am in a pinch right now, and I know that this is COMPLETELY OFFTOPIC, but I was wondering if slashdot will help me out anyway. A company I work for just fired an employee that is most like to be pretty belligerent. Our biggest worry is that he is going to call the SBA. We realize that some of our software is not legal, and we have actually been working on bringing our office up to code. However, we are not there yet. We are not a big company, and one fine of 150,000$ will put us out of business. If the SBA gets a tip on one of their hotlines, do they even bother to investigate small businesses? We have about 40 employees and about 8 computers. I thought I had heard once that if you call the SBA yourself, they will help you get up to code without fining you, but I couldn't find anything online about that. Anybody out there with some experience with the Software Business Alliance that can help me out? Thanks!

Re:terribly sorry (0)

Anonymous Coward | more than 7 years ago | (#21187673)

I can't believe I'm responding to this, but the outfit you're looking for is the Business Software Alliance [bsa.org] , not the SBA.

Why don't you contact them, throw yourselves on their mercy, and let us know how that works out for you?

Kick me (2, Insightful)

FranTaylor (164577) | more than 7 years ago | (#21187307)

This is the Internet equivalent of having a 'Kick Me' sign stuck to your back.

I do this already. (2, Insightful)

sherriw (794536) | more than 7 years ago | (#21187429)

I already 'opt out' of website advertising - I add the advertiser to my do not advertise list. It's called adblock. It's gold.

Re:I do this already. (1)

sootman (158191) | more than 7 years ago | (#21188369)

I'm more of an /etc/hosts [mvps.org] kind of guy, myself.

Legalized Stalking (0)

Anonymous Coward | more than 7 years ago | (#21187501)

Like many regulations added it is just a protection for coporations to prevent corporations from being prosecuted under laws intended for people. Prior such regulations have already legalized corporate stalking, this one is just in response to citizen complaints about being stalked. A big question here is how the implementation of opting out will work, this could really provide far too much indentifying info to the stalkers. With a business oriented web there is far too much identifying information already.

You may view this post as trollish, flamebait, or even tinfoil hat material, but it is still annoying that something as informative, communicative and potentially a source of world peace, may instead lead to our downfall. The exchange of knowledge and ideas built the internet into something desirable to log into and made the internet the meeting place of minds. Corporations of course noted this and applied the old marketing mantra "location, location, location". Unfortunately cost structures are such that most sites have to turn to advertising to exist, others exist solely for the advertising. Governments of the world have noticed the exchange of ideas here too and they fear them greatly and thus they have taken to stalking us as well. Somehow I doubt this new regulation will allow us to opt out of their stalking.

Remember the TNG episode where even thoughts of violence were prosecutable? Believe it or not, there is a value to anonymous thinking, travel and speech. Will technology destroy such freedoms? In many areas, I truely want to be an Anonymous Coward for in doing so I remain an Anonymous Patriot.

They'll track the denied tracking. (1)

IMarvinTPA (104941) | more than 7 years ago | (#21187571)

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

User: "Hi, I don't want you to track the places I've visted."
Marketer: "Ok."
User: "Remember, I don't want you to track me, and I have just visted XYZ site."
Marketer: "Ok, I'll forget."

IMarv

Re:They'll track the denied tracking. (1)

smussman (1160103) | more than 7 years ago | (#21187683)

They'll give you a cookie that tells them you have opted out. Then another firm will track which things you weren't tracked in because you opted out of it. That's so great!

I don't see how this could be reasonably implemented. You can't put your IP address on the do-not-track list, because it could change day-to-day. You'd need a cookie in your browser saying you opted out. But that's as much information as if you hadn't opted out in the first place, they'd just have to toss the info after they got it.

User: "Hi, I don't want you to track the places I've visted."
Marketer: "Ok."
User: "Remember, I don't want you to track me, and I have just visted XYZ site."
Marketer: "Ok, I'll forget."

IMarv
I think this could easily be overcome by everyone using the same cookie (e.g. "doNotTrack=true"). While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

Re:They'll track the denied tracking. (0, Redundant)

UbuntuDupe (970646) | more than 7 years ago | (#21187725)

While they will be able to track the cookie, if hundreds of thousands of people are using that same cookie, the data is not going to mean much.

On the contrary, it will give us aggregate web surfing statistics for paranoid privacy loons ;-)

And how do they propose . . . (1)

gambolt (1146363) | more than 7 years ago | (#21187603)

that website owners pay for bandwidth since this would kill adsense, pretty much?

The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online, there is no way to link a name to the observed browsing habits of a person unless ISPs get involved and connect IPs to names.

Re:And how do they propose . . . (1)

Cajun Hell (725246) | more than 7 years ago | (#21188947)

[And how do they propose] that website owners pay for bandwidth since this would kill adsense, pretty much?

They're not proposing anything. Paying for bandwidth is somebody else's problem. They're just (ostensibly) trying to protect rights, not plan the economy.

Of course, a paranoid person could read something interesting into this. Perhaps it is a "good thing" if the government can make web publishing more economically hard. It would help shut up troublemakers. There's too much independent media; some of them even question (or mock!!) our leaders' wisdom.

The alternative to tracking via cookies is micropayments where you have to pay a fraction of a cent for each web page you view.

There ya go. Looks like you have a proposal.

It's not even you that's being tracked. It's your browser. Unless you constantly use your real name online..

Or rather, unless you use your real name once online, you can't be tracked. If I don't know who gambolt on Slashdot is, but I do know he sends the same cookies with his 1x1 pixel image requests as leatherfetish69 on a certain sex discussion board (you know which one, gambolt), and that user has the same registration email address as repealamendment16 on a politics discussion board, and that user sends the same cookies for 1x1 pixel image requests as John Smith at the Atlantic City Professional Gamblers Federal Credit Union's website, then I suspect gambolt is John Smith.

Yes, I know about your gambling problem ("professional" my ass) and leather fetish. See the privacy risks of using the internet?

How do they know it's you? (2, Informative)

argent (18001) | more than 7 years ago | (#21187665)

Cookies don't work, they'd have to be set for each site. IP address doesn't work, they change and are shared. And what exactly is it people are worried about in the first place? That's what I don't get here... how is your privacy being violated if they don't know who you are?

If this is limited to advertising to people who are customers... that is, people who have some kind of relationship that would allow them to be identified... that would work. But it doesn't sound like that's what people are concerned about...

Re:How do they know it's you? (1)

stud9920 (236753) | more than 7 years ago | (#21189127)

1)Google Mail on day1 = cookie1 = ip address 1 --> your name, and mail secrets
2)Google Search on day1 = cookie2 = ip address 1 --> your benign search pattern
3)Google Search on day2 = cookie2 = ip address 2 --> your guilty pleasure search pattern
---------------
cookie2 --> ip address 2 at day2 and ip address 1 at day 1 are the same guy
ip address 1 --> cookie 1 and cookie 2 are the same guy
Therefore Google has the name, no longer content with your mail secrets, also know what your guilty pleasures are. Want a job at Google ? They KNOW you like midget porn. Your only chance is that Google staff members also like midget porn.

For all you know, MS does the same with MSN search and MSN Hotmail, not to speak of Yahoo, not to speak of datamining between databases of two or more companies. The latter is probably illegal but you can always hire market intelligence consultants to "exploit your data at its best". I'll let you guess how they do that better than your guys.

Advertising is too entrenched now (1)

erroneus (253617) | more than 7 years ago | (#21187715)

I recall when commercialism was just beginning on our early utopian internet. Now the net is largely garbage and advertising leaving people to assume that the net wouldn't exist without it... kinda like cable TV without commercials. I don't like it and we don't need it. But it isn't going away.

But there should be some kind of W3C standard for web browsers and commercial web sites that could offer up a simple "dash board" that identifies a variety of characteristics about the sites users are browsing and the information should be across the board standard and unified whether it's on MSIE, Firefox, Opera or whatever. The dashboard should display the site's host nation, information about whether various cookies are being used in tracking, any categories of the site and stuff like that. Then people will begin to have the information they need when visiting various sites. At the moment, just about all of these things are available but in bits, pieces and extensions here and there and it's not all the same everywhere you go. And this idea can't work for everyone I know... not everyone looks at the dashboards in their cars, so why would they look on their browser? Still. The information should be easy, available and most importantly, standardized for all professional/commercial sites to support.

List of terrorists? (1)

prxp (1023979) | more than 7 years ago | (#21187729)

Any excuse is being used these days to label people as terrorists, imagine if you are in a 'do not track' list for online activities!
I believe people in this "do not track" list would most certainly make their way into some other NSA terrorist tracking list as well. People would protest against that, they would say that this violates their privacy,their civil liberties, but The US government would simply cite the Patriot Act and some other national security excuse like "not all people on the 'do not track' list are terrorists, but terrorists are using this list against the US people, so we must take action and monitor the people that wish not to be tracked!". The initial fuzz would cease and everybody would passively accept this 'violation', mostly thinking they have nothing to hide. After a couple of years we would find out that some major telecommunications company is helping the US government tracking people in the 'do not track' list and a federal suit would be placed against this company. The suit would last only a few month, because the government would issue some new legislation (with the cooperation of all the legislative from both parties) that would protect the telecom company (and all others like it) against such charges (after all they are helping national security!). Again, after a few months, some other non-governmental institution would propose a new list (much in the same sense as the do not call list) that would protect people against social networking stalking. The government would consider the people on this list as potential terrorists, then.... etc... etc... etc... and everybody would accept that passively as they have nothing to hide... etc... etc...and the telecom company would be charged... etc...etc... and charges would be dropped... etc... etc... national security... etc... etc...

Let me get this straight ... (2, Funny)

fayd (143105) | more than 7 years ago | (#21187929)

They want to keep track of the people who don't want to be tracked ... *blink*

Bad Analogy With Do Not Call... (1)

Beetle B. (516615) | more than 7 years ago | (#21188353)

The Do Not Call list was to prevent unsolicited calls.

This, however, is saying, "Look, I want to go to your Web site and have you not track me." To which I think the valid response should be, "Well then, don't come to my Web site."

The user is entirely in control. He initiates the actions, not the Web site. It's not as if he's running a program and the Web site suddenly shows up. And if it does, that's spyware/malware, not cookie tracking.

I second the CookieSafe, Adblock and NoScript extensions. Once a user knows how to use them, life becomes good. Yes, it has been argued that your average user can't handle some of them, or that they're quite inconvenient for some. But if you go shopping at a store, others can see what you buy, unless you disguise yourself or wear a hood, which is also inconvenient. You have to decide how much you value privacy. It rarely comes for free.

P3P Privacy policy cookies (1)

mpcooke3 (306161) | more than 7 years ago | (#21188855)

I don't really see the point in this. For sites willing to obey the rules they can publish a P3P privacy policy for their site. This allows users to reject their cookies based on what the site owner plans to do with the data. Or alternatively a user can set his browser to accept 1st party cookies but reject 3rd party cookies.

I believe IE (and possibly firefox) actually requires a valid P3P policy to serve 3rd party cookies at all.

There is an argument that the browsers should be more aggressive at explaining to users that they are leaking their personal data due to the default privacy settings.

Do Not Track Request Form (1)

kalirion (728907) | more than 7 years ago | (#21189039)

Please fill in all of the following required fields:

First Name:
Last Name:
Birth Date:
Gender:
Marital Status:
Social Security Number:
Personal Email Addresses you do not wish tracked:

Personal Computer / Home Network IP addresses you do not wish tracked:

Web sites that you do not wish to be tracked to:

The change needs to happen in the browser (2, Interesting)

AmiMoJo (196126) | more than 7 years ago | (#21189209)

Browsers should probably delete all cookies when they close, for privacy reasons. This wouldn't be a major problem - it would just mean people need to log in to sites more often.

It would be like the default-block pop-up blocker, with a simple mechanism to opt-in to long term cookie storage on a per site basis.

One Opt Out To Rule Them All (1)

WillAffleckUW (858324) | more than 7 years ago | (#21189503)

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

Three levels of security for the paranoid King
Useless and a waste of time

Five cookies for the hapless sap
Who clicked on Track Me For All Time

Seven credit checks for the customer
Whose identity has been stolen

Nine illegal agreements for the click thru license
Soon to be voided

One opt out to rule them all
One opt out to bind them
One opt to find them all
And in the freedom blind them

Tried and failed (2, Informative)

uigrad_2000 (398500) | more than 7 years ago | (#21189539)

There is already a policy like this, called P3P [wikipedia.org] (Platform for Privacy Preferences Project).

P3P lets a create a all-encompassing privacy plan for their browser, and only websites that comply with particular levels of user privacy, and sign their sites as doing so, are able to set and read cookies in the way that the user specifies. The standard was created by W3C, and even had support initially from IE and Mozilla.

The code for P3P in Mozilla sat untouched from 2003 until 2007, so they turned it off for a few releases to see if anyone would notice. When no one complained, they finally yanked it out [mozilla.org] of the firefox and seamonkey trunks.

The vast majority of websites are never going to file one of these documents, since it is just a bunch of paperwork, and a setup for a lawsuit against yourself.

My questions not answered by this article are:

  1. What does this new system have that P3P does not?
  2. Why is the FTC involved? Does the government have to control every aspect of our lives?
  3. Who is actually going to trust every website out there to abide by these controls? A company that signs and promises not to abuse your data, and then asks for extra privileges are the most likely to abuse it.
  4. If a website does abuse data that they promised not to, how will they be caught? Will they be tried in court as criminals? Copyright infringers are tried as criminals and we all know how that turned out.

The Do not call registry works because it is tied phone numbers, which are static for users, and are the only gateway for phone communication between a user and a solicitor. There is no such vehicle for the internet. If the U.S. government wants to assign web browsing IDs for all users, then it could work. If that ever happens, I'm moving to Cambodia.

Tracking can be a Good Thing too (1, Interesting)

Anonymous Coward | more than 7 years ago | (#21189719)

isn't tracking a useful thing?

- cookies are used to maintain the session of web applications - this isn't going anywhere

- tracking user actions within a site lets us get great statistics, work out where our web apps need improving

how do you prevent malicious tracking without damaging the above?

who says what is malicious and what is good? who polices the police?

and what's wrong with being tracked anyhow?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?