FTC Wants Do-Not-Track Browser System… But Does The Government Need To Be Involved?
from the it's-called-no-script dept
So a lot of folks are talking about the FTC’s new plan for a “Do Not Track” system, which would be a browser-based tool that would let people indicate that they do not want various marketing/advertising/tracking tools to track their internet surfing. While I appreciate the FTC’s general concern about privacy, I’m sort of wondering why it needs to be involved at all, if the idea is to create a browser-based system for this. There are already technological tools out there to do much of what the FTC appears to want. You can disable cookies or use tools like No Script to block most tracking efforts already. So what does the FTC’s push do that isn’t already being done by the market?
Filed Under: browser, do not track, ftc, privacy, regulations
Comments on “FTC Wants Do-Not-Track Browser System… But Does The Government Need To Be Involved?”
Oy vey!
Yeah, and in building this FTC monstrosity, the easiest way to track a person will then be to check their FTC profile. Way easier than going out and getting the data yourself.
Also, (just a reminder everybody) there was a ton of bluster about Social Security Numbers never ever being used for identification. Of course, that was before the SSC Act was passed.
derp
its called “noscript+adblock”
a browser is only as “trackable” as you let it be.
stop running 3rdparty javascript and viola, you no longer have to worry about 29 million organizations tracking your every move.
the best part? pages load a million times faster when they arent busy pulling a thousand .js files from a million different ad companies.
why doesnt everyone do this? I have no clue.
Re: derp
Even with noscript+adblock you can still be reasonably tracked. The techniques used to do so are not generally in use as there is not a large enough percentage of the population using noscript+adblock.
But that doesn’t make this proposal any better.
Re: Re: derp
I set up a virtual machine with a fresh install of Firefox (with NS and Adblock) originally it was intended as a testlab for code, now i do browsing in it aswell, and the whole .vm file gets deleted every few days and replaced with a copy of a clean one.
Roundabout way to do it (and one might argue slightly paranoid), but it works.
Re: Re: derp
Ctrl+Shift+P = Start private browsing….
DIY privacy intruder :)
People can do way better to intrude ones privacy.
http://hackaday.com/2010/12/01/you-know-that-they-say-about-guys-with-big-lenses/
Disabling cookies gets you nowhere. There are many other systems you’d have to disable — including a variation on the css history hack you referenced earlier that can actually persist arbitrary data) you’d have to disable. And that leak has only been plugged in FF4 — every other browser is susceptible. But that’s just scratching the surface…
If you’re privacy-sensitive, try not to shit your pants: http://samy.pl/evercookie/
There are some interesting possible technical solutions to these problems — but a policy solution is just absolutely impossible. The browser is just too insecure — we can’t reasonably expect every company to vet every bit of ad code that goes on their servers. Censorship through third party liability indeed.
Re: Re:
turn off javascript
Internet Explorer
I’ll play Devil’s Advocate here.
If it’s not built into Internet Explorer, it doesn’t exist. Since most users use IE anyway, and have no idea to install Firefox, let alone Addons, they don’t care that NoScript and ABP exist. It’s not serving the “majority” of the population.
Re: Internet Explorer
You’re mostly correct, although I think Firefox has outrun EI.
However this does not make it the purview of the government to jump in with a ‘solution’. As much as I appreciate the Do Not Call list I still think it was at best a questionable stretch of government power.
Re: Internet Explorer
Nobody should use IE — ever. It cannot be secured, period.
This is not to say that other browsers are secure, in the sense of “completely secure”. Of course they’re not. They do, however, give the user a fighting chance thanks to a combination of vastly superior design, development, testing, and deployment practices.
Anyone running IE might as well just hand over their system to the botnet operators; the latter will own it shortly anyway.
There is a trial extension still in development to deal with Nevercookie. It is at present called Anonymizer Nevercookie and when fully developed will be carried in the add-ons for Firefox.
You are identifiable by the extensions and plug ins you run, along with browser version, OS, and other info sent to the web page to adjust for your viewing.
Re: Re:
Here are the EFF’s findings on that. Short answer over 80% of folks can be uniquely identified by just what the browser sends in.
http://www.eff.org/press/archives/2010/05/13
“There are already technological tools out there to do much of what the FTC appears to want.”
I disagree. A browser + add-ons actually make for a distinct tracking mechanism within itself:
https://panopticlick.eff.org/index.php
There are other issues which can’t be blocked. In fact, Techdirt just wrote about one just recently.
Despite this, I agree the FTC need not be involved unless browser developers are intentionally making tracking a feature, not a bug.qw
Re: Re:
They are, find and read MS’s decisions on security in IE8, they were actually pulled back after marketing argued of possible lost revenue..(i.e. security was going to be to strong so little if any popus or other adds would have gotten through)
So maybe the FTC does need to get involved
How do they track that I don’t want the them to track that I don’t want to be tracked? 🙂
Re: Re:
YO DAWG, I HEARD YOU LIKE GETTIN TRACKED, SO I PUT A TRACKER IN YO TRACKER SO YOU CAN GET TRACKED WHILE YOU GET TRACKED.
Well, yes, I can. But I’m the type of person who reads Techdirt.
Adblock and especially NoScript are actually very user-unfriendly; people who use them already may not realize this because they’re geeks. The average person would not be able to figure out how to properly protect themselves from being tracked.
If the FTC can offer an idiot-proof anti-tracking system (which is unlikely, but stranger things have happened), then by all means, let ’em go for it. The free market’s open to all players, including the government.
I guess you can’t satisfy the unsatisfiable. Time to DDoS https://www.donotcall.gov/
Cookies no longer required to track you
The latest craze in tracking: fingerprinting.
Re: Cookies no longer required to track you
That is why God made spoofing for.
TOR+Privoxy is great for that it spoofs everything.
Ad the noscript as another layer and don’t ever enable scripts and you should be good for 99% of the internet.
"FTC Wants Do-Not-Track Browser System..."
Good luck with that, FTC. Hey, why don’t you create a No-Spam list while your at it! HAH!-HAH! What a bunch of idiots. };P
It paves the way for a formal system similar to the no-call list and our current semi-standard “Unsubscribe” features in email lists.
When that is in place, it is easier to put pressure on the companies/websites that are abusing individual’s information.
The No Call list has too many loop holes.
While telemarketers can’t call you directly, they can call and leave a message if you don’t answer and it is perfectly legal.
Worse you have supplied your phone into a data bank that politicians have left a loophole for themselves to call you about political contributions, also perfectly legal and allowed.
The smarter path on that is don’t answer the phone unless you know who it is. Then you’re not in the data bank to be mined for info.
This same option is not open for the internet. They aren’t asking for permission to harvest data on you, they are simply taking it without asking anything.
Since it is valuable in the sense of selling lists, I don’t want them to have the data. Period.
“There are already technological tools out there to do –MUCH OF– what the FTC appears to want. You can disable cookies or use tools like No Script to block –MOST– tracking efforts already.”
That’s just stupid. Seriously, “much of” and “most” don’t cut it. Would you like your doctor to tell you they removed “much of” the gangrene?
Also, get BetterPrivacy, a Firefox add-on that kills Flash based cookies, in addition to AdBlock and NoScript.
usefulness
The problem I have with the automatic calls for proxies and adblock / js blocking is that many of the same technologies can and often are very useful.
I design interfaces for a living and my emphasis is on making the experience better. A lot of the time this is made easier if we make a website that has some understanding of what the customer is doing. Amazon is the quick and easy example, with their recommendations and pages that collect what you have viewed and use it to suggest more stuff you might like.
While I don’t imagine the FTC would end up doing much of a job with any rules to ban anything, the very idea of having some central body pouring scorn on the marketers who abuse these technologies seems like a good thing.
But...
MOST people who use the internet would have no idea how to turn off cookies or install ad blockers, especially since they use Internet Explorer… I work in tech support for the largest provider in the US, and 90% of the people I talk to would not have a clue what this article is even talking about. They need a clearly marked button to push.
Do-Not-Call Too!
There are already technological tools out there to do much of what the FTC appears to want.
You could say the same thing for the do-not-call list or the gov’t rules against telemarketing to mobile phones. Yeah, let’s get rid of all those pesky restrictions!