Glad to see that this thread is bringing up a lot of the points we address in our microsite: http://whatisdnt.com/
A large part of the issue stems, simply, from the wording. Although the wording has been standardized and referenced a million times over, it would do a lot of service to simply change it to, "Do Not Target" or something less misleading. Do Not Target is a little more opaque which prompts users to do a bit more investigating as to what's really behind it. I'm not sure how accurate it is that, "most people with DNT:1 set also have other client-side mechanisms to control information flows outwards." It might be true for most users who are hyper-privacy conscious (and privacy educated) or technically savvy but, for the average user, a setting called, "Do Not Track" is explicitly misleading. Meaning, they're probably not taking many steps beyond that, if they feel secure. In the least, it should be best-practice to add a flag next to the browser setting that users may still be tracked (optimally, with a link to a resource like http://fixtracking.com/ ). The same issue is present when users attempt to privately browse with, "Incognito Mode." There's a false sense of security there as well but, in the case of most browsers, they explicitly say that it's only preventing data from being stored locally. (The wording could be even more explicit but it's a step in the right direction). I'd like to see the same policy for any Do Not Track browser setting. For browser fingerprinting, EFF's Panopticlick project has some interesting data in the PDF at the bottom of the page here: https://panopticlick.eff.org/ (blocking JS, using TorButton, and various mobile browsers help fight browser fingerprinting). It may be difficult to develop 100% protection against browser fingerprinting but that doesn't mean the onus should fall back to the user. For example, that information could be handled as personally identifiable and subject to certain data deletion policies. Or, it could not be stored at all. -Zac http://cyberlaw.stanford.edu/node/6694 From: Joseph Lorenzo Hall <[email protected]> > Date: Wed, Feb 13, 2013 at 2:35 PM > Subject: Re: [liberationtech] Do Not Track Dangerous and Ineffective > To: "liberationtech <[email protected]>" < > [email protected]> > >> Heya Nadim, >> >> A couple points: DNT is meant to be a voluntary mechanism, as you >> describe, that we hope will see wide adoption by the big players with >> presences on many, many web pages. I don't think anyone sees it as a >> substitute for control mechanisms, and I bet most people with DNT:1 set >> also have other client-side mechanisms to control information flows >> outwards (IE being a weird exception where DNT is on by default). >> >> A knit-pick: while the technical mechanism has been mostly stable for a >> while, the compliance standard (how websites that claim to be compliant >> must behave) is still looking like early 2014 for the final w3c last >> call. >> >> At a w3c workshop in November, there were a couple great tech papers >> from Mike Perry and Nick Weaver [1][2] describing how browsers could be >> made more privacy perservative, but there is a lot of very hard work to >> be done there. >> >> At CDT we're wary of having an arms race between trackers and >> self-defense, because it's not one we're sure users will win. Browser >> fingerprinting, for example, seems to be a very hard if not >> insurmountable hurdle on the user side of that arms race. >> >> best, Joe >> >> [1] http://www.w3.org/2012/dnt-ws/position-papers/21.pdf >> [2] http://www.w3.org/2012/dnt-ws/position-papers/22.pdf >> >> On Wed Feb 13 13:57:57 2013, Nadim Kobeissi wrote: >> > Dear LibTech, >> > I've written a blog post about a problem with web privacy practice >> > that's been bothering me for a long time. I think there needs to be a >> > discussion about Do Not Track — there are many problems with this >> > privacy standard and some of its implications may in fact be >> > substantially dangerous. >> > >> > My blog post is accessible here: http://log.nadim.cc/?p=112 >> > >> > ------------ >> > >> > "Do Not Track" Dangerous and Ineffective >> > >> > In 2009, before I became seriously involved in web security, a >> > standard called Do Not Track was proposed, standardized by the W3C in >> > 2011, and implemented in Internet Explorer, followed by Mozilla >> > Firefox and Google Chrome. >> > >> > Do Not Track is supposed to prevent websites from tracking your >> > activity online, probably for advertising purposes. It works by making >> > your browser politely ask every website you visit to not set tracking >> > cookies and so on. >> > >> > There are real, dangerous problems with this approach and I really >> > cannot believe it was ever taken seriously. Now that it’s implemented >> > and standardized so widely, it’s become a serious threat to how >> > Internet privacy is perceived. >> > >> > The main problem with Do Not Track is that it lulls users into a >> > completely false sense of privacy. Do Not Track works by simply asking >> > the websites you’re visiting not to track you — the websites are >> > completely free to ignore this request, and in most cases it’s >> > impossible for the user to find out that their Do Not Track request >> > was in fact discarded. When the user therefore enables Do Not Track on >> > their browser, they are lulled into a false belief that they are no >> > longer being tracked, even though from a security perspective, the >> > tracking prevention that Do Not Track presents is useless. >> > >> > In fact, Google’s search engine, as well as Microsoft’s (Bing), both >> > ignore the Do Not Track header even though both companies helped >> > implement this feature into their web browsers. Yahoo Search also >> > ignored Do Not Track requests. Some websites will politely inform you, >> > however, of the fact that your Do Not Track request has been ignored, >> > and explain that this has been done in order to preserve their >> > advertising revenue. But not all websites, by a long shot, do this. >> > >> > Do Not Track is not only ineffective: it’s dangerous, both to the >> > users it lulls into a false belief of privacy, and towards the >> > implementation of proper privacy engineering practice. Privacy isn’t >> > achieved by asking those who have the power to violate your privacy to >> > politely not do so — and thus sacrifice advertising revenue — it’s >> > achieved by implementing client-side preventative measures. For >> > browsers, these are available in examples such as EFF’s HTTPS >> > Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper >> > measures from an engineering perspective, since they attempt to guard >> > your privacy whether the website you’re visiting likes it or not. >> > >> > Do Not Track needs serious revision, replacement or simply removal. As >> > it is right now, its only discernible function is to promise users >> > with little to moderate computer knowledge (most of the world) that >> > they’re browsing in privacy, while in reality discouraging them from >> > adopting real privacy solutions that work. Web privacy and security >> > engineers need to have a discussion about this. >> > >> > NK >> > >> > >> > -- >> > Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >> -- >> Joseph Lorenzo Hall >> Senior Staff Technologist >> Center for Democracy & Technology >> 1634 I ST NW STE 1100 >> Washington DC 20006-4011 >> (p) 202-407-8825 >> (f) 202-637-0968 >> [email protected] >> PGP: https://josephhall.org/gpg-key >> >> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
