What is Do Not Track (DNT)? An illustrated guide (whatisdnt.com) |
What is Do Not Track (DNT)? An illustrated guide (whatisdnt.com) |
EDIT: to be fair, the sister site: http://donttrack.us/, is closer to what I was expecting. But still vague and still feels like it's just trying to instill fear.
Here's the current state: http://www.nytimes.com/2012/11/29/technology/mediator-appoin...
Basically, the talks have completely broken down to the point the advertisers are delegitimizing the W3C proposals, which are incidentally not finalized either.
And you have the big sites waiting on the sidelines and explicitly telling people they're doing nothing: https://support.google.com/chrome/bin/answer.py?hl=en&an...
Twitter is the exception: https://support.twitter.com/articles/20169453#
So you have this setting out there in the wild in all the major browsers that literally does close to nothing.
Things were looking pretty good for the industry embracing self regulation where advertisers would agree to respect the user's wishes and the user's wishes would be expressed by users making an explicit request through the DNT setting in their browsers.
Then Microsoft negated all that industry self-regulation progress by flipping the switch without user intervention. This undermined the beginnings of an agreement that would have advertisers respect the wishes of users voluntarily.
I don't understand their motivation -- maybe MS was counting on legislation to require advertisers to respect DNT, or maybe they saw this as a way to scuttle the talks between Mozilla, other privacy advocates, and the ad industry. Microsoft does, after all, have similar interests to Google in tracking users for advertising purposes. Maybe they just thought the PR win from telling people who didn't understand the DNT conversation that they were "private by default" was going to help them take back users from Firefox and Chrome (even though their move to do that undermined the whole effort.)
Those are just guesses at their motivation, but I cannot come up with any better explanations. Can you?
Think about it from a game theoretical perspective. How can they lose?
1) They get to pretend they're protecting users. Look at us we turned on Do Not Track by default (because you're too stupid to do it yourself, naturally -- wait, sorry, you're not stupid, come back)!
2) It makes their competitors look like they're not protecting users as much as Microsoft claims they are. Look how sinister Google is, they don't even turn on Do Not Track by default in their web browser. And Mozilla is therefore just as evil (notwithstanding that they're a nonprofit with a far less clear incentive than Microsoft to want to track you and pretty unambiguously have it turned off by default as a result of realism rather than malice), so doesn't that just make you want to come back to Windows and Internet Explorer?
3) If they manage to scuttle Do Not Track, yay! Now they get to keep tracking the people who use Bing, etc.
4) When having it turned on by default becomes the obvious deal breaker everyone expected it to be when taking part in a voluntary consensus-based process with advertisers, the subsequent falling apart of talks makes the advertisers look like dirtbags, which falls right into Microsoft's narrative of trying to make any of their ad-funded competitors (but especially Google) look like they're constantly doing something sinister.
5) If they don't manage to scuttle Do Not Track, yay! It's on by default in Internet Explorer. This hurts Microsoft's online services, but it likely hurts their competitors more, and Microsoft has historically been very successful with a strategy based on destroying competitors.
Realistically, the response to Microsoft turning it on by default should have been extremely simple: Make the spec say that the browser must have it turned off by default, and then allow websites to ignore the flag whenever the browser implementation doesn't comply with the spec. Then Microsoft can do whatever they want, but if they do the thing that breaks the consensus then the flag is no longer respected, but just for Internet Explorer users. Everyone else gets the same Do Not Track that everyone else agreed was a good idea, and Microsoft's strategy backfires because now their browser is the least privacy-protecting one since even the users who actually want to turn it on can't when all advertisers are ignoring the flag just with Internet Explorer.
But would there have been any incentive for advertisers to respect the DNT even before Microsoft got involved? If the answer to that is no, then I don't think we can blame Microsoft for what would have been an inevitable outcome anyway.
There's also the problem of how vague the spec is. For example, it states "A first party is a functional entity with which the user reasonably expects to exchange data", and then says that DNT should block non-first-parties from storing data about the user. So should YouTube be forbidden from logging in the user based on their Google cookie? After all, most users don't know that they're the same company, and wouldn't expect visiting YouTube to use information from Google. Same applies to any other "big company / acquisition" pair, such as Facebook/Instagram.
It would be much better to forbid the malicious behavior itself, such as by writing privacy laws that require companies to obtain explicit consent before distributing data collected from or about users. That would have stopped events like "I visited some random website and they knew my address!"
If we must make an analogy, it might be more like, "please don't sell photos of my house without my approval." But even that isn't a good analogy because houses aren't people vising websites.
If I were to create a browser extension which added a "Do-Not-Charge-Me" header, without input from retailers, would I then be able to get annoyed that I still had to pay for my goods, despite having ticked a little box in the browser settings?
Well, the argument from the advertisers is this: they have no idea whether or not people want to be tracked, so they don't know when it is not OK to do so (i.e. they are claiming to be autistic). Maybe some people really do want to be tracked and given advertisements that are more relevant to their interests, according to the advertisers, and so having browsers block tracking systems would hurt those users; also, they like to remind us, invasive advertising funds the web (but I have my doubts about that point). DNT is supposed to give users a way to opt out of invasive advertising that does not involve simply blocking ads; we are supposed to accept this compromise, because otherwise we'll just be in another arms race (which I suspect we will win, given how effective ABP is at blocking ads).
The theory is that the industry can self-regulate, because we are holding the Sword of Damocles over their heads: we already showed them that we can block pop-ups, pop-unders, hover ads, Flash ads, Java ads, and the numerous other things they came up with. We also showed them that we can win an arms race, by making spam filters so effective that the volume of spam actually began to decrease.
Of course, for DNT to work, the number of ABP installations would have to spike whenever the advertisers prove that they are not acting in good faith. Which is what they did when they tried to claim that DNT meant users don't want to see targeted ads, but that it was still OK to collect tracking data. To me, that suggests that DNT is already over and that we need to finish the game by making ABP a standard feature.
There's a tenuous relationship between DNT and DuckDuckGo too. On one hand you've got a small group of unknowns who profess not to keep logs (but who knows, right?) and on the other you have a slapdash attempt to regulate the ad industry. Use DuckDuckGo because it's a good search engine.
Eh? If the servers comply with the header, they won't actually track you. Not sure what the article is implying - that everyone will lie?
It's a bit heavier going that the DDG approach, and more euro-centric, but hopefully gives a decent understanding.
Any feedback or comments encouraged.
As an idea I think DNT is quite strong. Do you agree?
Of course the implementation is incredibly weak, but isn't that a separate issue?
To be transparent, I am the CTO of Perfect Audience, an advertising startup that does retargeting, which does use tracking to show users ads for sites / products they have previously looked for. These ads are worth more than non-data driven ads and make more money for publishers than non-data driven ads bought via bidding, which is where most advertising is moving today.
A search engine which knows that I live in the US and am interested in things in the US can more easily figure out that the Newtown that I'm interested in is the one in Connecticut in the United States.
Everyone tends to talk about the "filter bubble" as if it were always a bad thing, but editorial decisions are a good thing. To say that you always have to "teach the controversy" means that you fall into the trap that newspapers in the US have fallen into, where they feel obliged to give equal time to people who deny global warming, or people who try to argue that you need automatic weapons to hunt deer, or people who claimed that tobacco doesn't cause cancel, as people who have the backing of science behind them.
More positively, is the fact that newspapers to refuse to print stories about the moon landing being faked, evidence of the "media bubble"? If so give me more of it. I want more editorial filtering by the media, not less.
It could be argued that it's a sort of bubbling nonetheless, based on the preferences of some unspecified authority rather than each individual. But that's outside the scope of what DDG tries to address anyway.
But I object to your middle paragraph. Editorial decisions have nothing at all to do with bubbles. Bubbling is altering results based on the individual user, there is no connection to the results of mass media prioritization.
Basically, what you want isn't bubbling.
I should at least be able to see a log of what ads or links I blocked using DNT. Otherwise it's all pretty pointless.
This leaves them in a position that allows them to paint advertisers as unscrupulous and have the taint stick more to their competitors than to themselves, which they've clearly been taking advantage of.
Moreover, if Microsoft could somehow eliminate all of internet advertising for everyone, I expect they would do it. Because as much as it would hurt Microsoft, it would destroy their most viable competitors. And it's more profitable (at least in the short to medium term) to have a monopoly on a market a fraction of the size than to have your margins and market share continually eroded by vigorous competition.
Really though, my word choice was poor. What I should have said is that I doubt the necessity of advertising to fund the web, citing the examples above.
Also, sorry if I am attacking your company. It's nothing personal.
> Arguably customized ads is still selling user's personal data
Selling a user's data means that a site has taken information the user gave them, and sent that data to a third party in some non-anonymous format. It's an unconscionable breach of trust. When there's some service that tells any site a user visits what that visitor's home address is, that's horrifying. It's like having a friend who forwards your private facebook posts to 4chan.
In contrast, when a service uses personal data to change what ads are shown, the data is never sent to a third party. If you tell Google my address so map search gives local results, then they might use that to filter out ads for stores in a different state, but they won't tell those stores where you live.
Again, I totally agree that selling the data to a third party is much worse.