I was hoping for DDG to go into the technical side of DNT at least a little bit, even at a very high and simple level. But really this is just an ad for DDG that's mostly based on instilling fear. I didn't find it very effective.
EDIT: to be fair, the sister site: http://donttrack.us/, is closer to what I was expecting. But still vague and still feels like it's just trying to instill fear.
We struggled with this actually, but the technical reality is that it currently means nothing to the point that it might as well do nothing technically. And that's the point of the site -- not to scare, but to say this setting that is now in your browser doesn't do anything, and even when and if it does, it isn't likely to do what you think it does, i.e. not track you.
Basically, the talks have completely broken down to the point the advertisers are delegitimizing the W3C proposals, which are incidentally not finalized either.
Do Not Track was on a much better track when Mozilla, privacy advocates, and major industry advertising groups (and major websites like Twitter) were working together to build a system that would help users express their wishes and advertisers respect those wishes.
Things were looking pretty good for the industry embracing self regulation where advertisers would agree to respect the user's wishes and the user's wishes would be expressed by users making an explicit request through the DNT setting in their browsers.
Then Microsoft negated all that industry self-regulation progress by flipping the switch without user intervention. This undermined the beginnings of an agreement that would have advertisers respect the wishes of users voluntarily.
I don't understand their motivation -- maybe MS was counting on legislation to require advertisers to respect DNT, or maybe they saw this as a way to scuttle the talks between Mozilla, other privacy advocates, and the ad industry. Microsoft does, after all, have similar interests to Google in tracking users for advertising purposes. Maybe they just thought the PR win from telling people who didn't understand the DNT conversation that they were "private by default" was going to help them take back users from Firefox and Chrome (even though their move to do that undermined the whole effort.)
Those are just guesses at their motivation, but I cannot come up with any better explanations. Can you?
>Those are just guesses at their motivation, but I cannot come up with any better explanations. Can you?
Think about it from a game theoretical perspective. How can they lose?
1) They get to pretend they're protecting users. Look at us we turned on Do Not Track by default (because you're too stupid to do it yourself, naturally -- wait, sorry, you're not stupid, come back)!
2) It makes their competitors look like they're not protecting users as much as Microsoft claims they are. Look how sinister Google is, they don't even turn on Do Not Track by default in their web browser. And Mozilla is therefore just as evil (notwithstanding that they're a nonprofit with a far less clear incentive than Microsoft to want to track you and pretty unambiguously have it turned off by default as a result of realism rather than malice), so doesn't that just make you want to come back to Windows and Internet Explorer?
3) If they manage to scuttle Do Not Track, yay! Now they get to keep tracking the people who use Bing, etc.
4) When having it turned on by default becomes the obvious deal breaker everyone expected it to be when taking part in a voluntary consensus-based process with advertisers, the subsequent falling apart of talks makes the advertisers look like dirtbags, which falls right into Microsoft's narrative of trying to make any of their ad-funded competitors (but especially Google) look like they're constantly doing something sinister.
5) If they don't manage to scuttle Do Not Track, yay! It's on by default in Internet Explorer. This hurts Microsoft's online services, but it likely hurts their competitors more, and Microsoft has historically been very successful with a strategy based on destroying competitors.
Realistically, the response to Microsoft turning it on by default should have been extremely simple: Make the spec say that the browser must have it turned off by default, and then allow websites to ignore the flag whenever the browser implementation doesn't comply with the spec. Then Microsoft can do whatever they want, but if they do the thing that breaks the consensus then the flag is no longer respected, but just for Internet Explorer users. Everyone else gets the same Do Not Track that everyone else agreed was a good idea, and Microsoft's strategy backfires because now their browser is the least privacy-protecting one since even the users who actually want to turn it on can't when all advertisers are ignoring the flag just with Internet Explorer.
Microsoft has substantial investment in advertising solutions and advertising companies of their own so 4) doesn't really work. Appnexus is just one example of an advertising startup that has taken considerable investment from MS in recent years and having DNT on by default would be very bad for their business.
4) is about image rather than reality. Microsoft likes to portray themselves as the people who demand your money instead of your privacy (even though they really take both). And people continue to think of Microsoft as a software company rather than an ad broker notwithstanding their nontrivial advertising interests as you point out.
This leaves them in a position that allows them to paint advertisers as unscrupulous and have the taint stick more to their competitors than to themselves, which they've clearly been taking advantage of.
Moreover, if Microsoft could somehow eliminate all of internet advertising for everyone, I expect they would do it. Because as much as it would hurt Microsoft, it would destroy their most viable competitors. And it's more profitable (at least in the short to medium term) to have a monopoly on a market a fraction of the size than to have your margins and market share continually eroded by vigorous competition.
From what I understand, your point is that advertisers don't respect the DNT anymore because Microsoft turned it on by default.
But would there have been any incentive for advertisers to respect the DNT even before Microsoft got involved? If the answer to that is no, then I don't think we can blame Microsoft for what would have been an inevitable outcome anyway.
Sending servers a "Do-Not-Track" header is like putting a "please don't look at my house!" sign on your porch. It's a request to forbid a fairly harmless behavior (cross-site cookies) which is potentially a prelude to malicious behavior (robbing your house / mapping a visitor's browser to a person).
There's also the problem of how vague the spec is. For example, it states "A first party is a functional entity with which the user reasonably expects to exchange data", and then says that DNT should block non-first-parties from storing data about the user. So should YouTube be forbidden from logging in the user based on their Google cookie? After all, most users don't know that they're the same company, and wouldn't expect visiting YouTube to use information from Google. Same applies to any other "big company / acquisition" pair, such as Facebook/Instagram.
It would be much better to forbid the malicious behavior itself, such as by writing privacy laws that require companies to obtain explicit consent before distributing data collected from or about users. That would have stopped events like "I visited some random website and they knew my address!"
> Sending servers a "Do-Not-Track" header is like putting a "please don't look at my house!" sign on your porch
If we must make an analogy, it might be more like, "please don't sell photos of my house without my approval." But even that isn't a good analogy because houses aren't people vising websites.
There are many uses of cross-site cookies that do not involve selling users' personal data. The most obvious one is customized ads (as used by Google et al), but shared logins and hosted commenting systems are also common.
> Arguably customized ads is still selling user's personal data
I think this is not true, and that it's an important distinction to make.
Selling a user's data means that a site has taken information the user gave them, and sent that data to a third party in some non-anonymous format. It's an unconscionable breach of trust. When there's some service that tells any site a user visits what that visitor's home address is, that's horrifying. It's like having a friend who forwards your private facebook posts to 4chan.
In contrast, when a service uses personal data to change what ads are shown, the data is never sent to a third party. If you tell Google my address so map search gives local results, then they might use that to filter out ads for stores in a different state, but they won't tell those stores where you live.
I definitely see the difference. However, even in the second case, the user's data is being used to make a profit; the company collecting the data and showing the ads is making the ads more valuable - i.e. making more money off of them - with the user's data.
Again, I totally agree that selling the data to a third party is much worse.
If I were to create a browser extension which added a "Do-Not-Charge-Me" header, without input from retailers, would I then be able to get annoyed that I still had to pay for my goods, despite having ticked a little box in the browser settings?
Well, the argument from the advertisers is this: they have no idea whether or not people want to be tracked, so they don't know when it is not OK to do so (i.e. they are claiming to be autistic). Maybe some people really do want to be tracked and given advertisements that are more relevant to their interests, according to the advertisers, and so having browsers block tracking systems would hurt those users; also, they like to remind us, invasive advertising funds the web (but I have my doubts about that point). DNT is supposed to give users a way to opt out of invasive advertising that does not involve simply blocking ads; we are supposed to accept this compromise, because otherwise we'll just be in another arms race (which I suspect we will win, given how effective ABP is at blocking ads).
The theory is that the industry can self-regulate, because we are holding the Sword of Damocles over their heads: we already showed them that we can block pop-ups, pop-unders, hover ads, Flash ads, Java ads, and the numerous other things they came up with. We also showed them that we can win an arms race, by making spam filters so effective that the volume of spam actually began to decrease.
Of course, for DNT to work, the number of ABP installations would have to spike whenever the advertisers prove that they are not acting in good faith. Which is what they did when they tried to claim that DNT meant users don't want to see targeted ads, but that it was still OK to collect tracking data. To me, that suggests that DNT is already over and that we need to finish the game by making ABP a standard feature.
I am a little confused about your doubt that advertising funds the web, especially the published web (vs web-apps). Can you expand on this point?
To be transparent, I am the CTO of Perfect Audience, an advertising startup that does retargeting, which does use tracking to show users ads for sites / products they have previously looked for. These ads are worth more than non-data driven ads and make more money for publishers than non-data driven ads bought via bidding, which is where most advertising is moving today.
Well, I won't deny that some websites are funded by advertising (Google comes to mind). On the other hand, there are a large number of websites that are ad-free, ranging from small personal blogs (which have low hosting fees; I know people who pay a tiny amount for EC2 to host their blog) to websites with millions of pageviews per day (e.g. Wikipedia). We had a world wide web before we had web advertising; somehow, people were able to pay for things back then.
Really though, my word choice was poor. What I should have said is that I doubt the necessity of advertising to fund the web, citing the examples above.
Also, sorry if I am attacking your company. It's nothing personal.
It seems odd that DNT is a controlled at the browser-level and turning it on instructs every site to "not track me" (whatever that means). There are some sites that I want to be tracked by and DNT is an all-or-nothing control. This seems really poorly thought out.
There's a tenuous relationship between DNT and DuckDuckGo too. On one hand you've got a small group of unknowns who profess not to keep logs (but who knows, right?) and on the other you have a slapdash attempt to regulate the ad industry. Use DuckDuckGo because it's a good search engine.
I'm not convinced DuckDuckGo is such a great search engine. If I do a search for "Newtown", the first returned item was for the Newtown in New South Wales.
A search engine which knows that I live in the US and am interested in things in the US can more easily figure out that the Newtown that I'm interested in is the one in Connecticut in the United States.
Everyone tends to talk about the "filter bubble" as if it were always a bad thing, but editorial decisions are a good thing. To say that you always have to "teach the controversy" means that you fall into the trap that newspapers in the US have fallen into, where they feel obliged to give equal time to people who deny global warming, or people who try to argue that you need automatic weapons to hunt deer, or people who claimed that tobacco doesn't cause cancel, as people who have the backing of science behind them.
More positively, is the fact that newspapers to refuse to print stories about the moon landing being faked, evidence of the "media bubble"? If so give me more of it. I want more editorial filtering by the media, not less.
The things you discuss, though, are things you would apply over the mass of people based on (ostensibly) observer-independent factors. That's not the sort of bubbling to which DDG and its ilk object, because it is not based on individualized preferences, nor is the data gathered by tracking people.
It could be argued that it's a sort of bubbling nonetheless, based on the preferences of some unspecified authority rather than each individual. But that's outside the scope of what DDG tries to address anyway.
Filtering based on location, language, and current time are all very logical. I have no problem with that. The 'bubble' problem is more about personal filtering. Who you are, what you do on the web.
But I object to your middle paragraph. Editorial decisions have nothing at all to do with bubbles. Bubbling is altering results based on the individual user, there is no connection to the results of mass media prioritization.
DNT is really not much more than an HTTP header. Browsers could be set up to send that header to some sites and not others, and that behavior could be made configurable.
Agreed. And DNT does give me a false sense of security. I set it on, and then I just imagine that no ad agency can track me anymore. This is not just a theory. It's exactly what I intuitively thought when I clicked "on" for it, even though I know that's not really what it does. But that's all the pro-DNT marketing made me feel about it.
I should at least be able to see a log of what ads or links I blocked using DNT. Otherwise it's all pretty pointless.
EDIT: to be fair, the sister site: http://donttrack.us/, is closer to what I was expecting. But still vague and still feels like it's just trying to instill fear.