Am I the only one who thinks "Do-Not-Track" is a snake-oil-grade security and what this header reliably does is only adding a single more bit to uniquely identify the visitor?
Some marketters just have really weird ideas about what they should be allowed to do. Or even what i should be allowed to stop them doing.
Spam is obviously evil to most people, until they decide to spam for their particular product.
SEO has had some strongly negative effects on the www. I'm sort of thinking of starting a movement like "contrast revolution" or "viewable in any browser". My banners would be "zero SEO performed here".
I think most ad/marketing companies are perfectly willing to stop tracking people who specifically request not to be tracked -- provided there aren't too many people making that request. Witness the opt-out cookies (http://www.aboutads.info/choices/) which are a kludgey hack, but have been supported by the industry for ages and, as far as I know, work as described.
The issue is whether or not that DNT box is checked by default. As we all know, most people don't change default settings.
Basically, commercial online services (which includes mobile apps) need to add a sentence/paragraph about how they are handling the Do Not Track header requests. This is a California OPPA amendment starting today.
We/iubenda is giving away a special discount to those affected in California, which most of you may be.
Honest question: How does one send a Do Not Track header request to a mobile app? One does not interact with a mobile app via HTTP (although the app may use HTTP internally) and can therefore not send HTTP headers...
Or, is it in your opinion, a law written by someone who does not have sufficient technical understanding to find the correct wording, and now the law applies erroneously applies to mobile apps?
I'm wondering about how 'club card' tracking is affected by this. If I use a club card at the hardware store, and it has a corresponding website that allows me to manage the card's account, is the tracking law going to apply to purchases I do in store as well?
So practically speaking, this California law will have a national effect.
Since it is near impossible to determine if a visitor is a California resident or not, sites/apps will just implement the necessary notices and features to comply with DNT for everyone.
California has ~12% of the US population and a slightly larger share of the national economy. Its laws have long had national effects. In fact, as the 12th largest economy in the world, I think you could safely say its laws have international effects.
I would think that this law has no enforcement outside of California for websites that are outside of California. As a non-California resident operating a website not in California, I am not subject California law. This is the same basis used for not collecting out of state sale tax.
It applies, but California has effectively zero enforcement capability if you're operating out of say, Rhode Island.
The only outside scenario is if you get really large, and become a juicy target for the state to go after (and or eg you're large and doing something particularly aggressive in violation). The state simply could never afford the massive enforcement costs to go after every web site owner on earth external to California, so they'll obviously only target the big prizes.
Yes, the law applies to any "operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service."
The underlying logic is the following "An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site". Basically what states/legislations are doing is protecting their citizens, therefore reversing that logic. So in theory I'd say yes.
I'm not too familiar with the extent of California's "long arm" with respect to websites, but CA tends to take the position that most any contact with the state gives CA jurisdiction (I'm probably a bit broad here). So, a website that collects info from CA residents could be seen as conducting business in the state and would be subject to this law. Physical presence is usually not a requirement.
I've suggested in the post that something along the lines "we do not react to Do Not Track signals" may be a start. It's hard to tell what will be a standard down the road. If you do honor those signals though, a more thorough description will be in order.
Also note that (6) sets out slightly stricter standards regarding disclosure:
(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
If you support it: "We support the Do Not Track browser setting. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you."
Wow I didn't know the law even talks about Do-Not-Track. It's a distraction posing as a solution. The time spent talking about Do-Not-Track could be spent on useful things such as contributing to torbrowser.
Hm I think most would agree with a statement like this. On the other hand I think it's important for privacy laws to be in place. We all know how regulations are lagging years behind, so theoretically, this is just the beginning.
In the meantime it's important to comply with it with the simplest means possible imo. That's what we're trying to help with.
[+] [-] drdaeman|12 years ago|reply
[+] [-] DanBC|12 years ago|reply
Some marketters just have really weird ideas about what they should be allowed to do. Or even what i should be allowed to stop them doing.
Spam is obviously evil to most people, until they decide to spam for their particular product.
SEO has had some strongly negative effects on the www. I'm sort of thinking of starting a movement like "contrast revolution" or "viewable in any browser". My banners would be "zero SEO performed here".
[+] [-] eli|12 years ago|reply
The issue is whether or not that DNT box is checked by default. As we all know, most people don't change default settings.
[+] [-] iSimone|12 years ago|reply
We/iubenda is giving away a special discount to those affected in California, which most of you may be.
[+] [-] CookWithMe|12 years ago|reply
Or, is it in your opinion, a law written by someone who does not have sufficient technical understanding to find the correct wording, and now the law applies erroneously applies to mobile apps?
[+] [-] kordless|12 years ago|reply
[+] [-] jason_wang|12 years ago|reply
Since it is near impossible to determine if a visitor is a California resident or not, sites/apps will just implement the necessary notices and features to comply with DNT for everyone.
[+] [-] nknighthb|12 years ago|reply
[+] [-] coin|12 years ago|reply
[+] [-] Jayschwa|12 years ago|reply
https://tools.ietf.org/html/rfc3514
[+] [-] jevinskie|12 years ago|reply
[+] [-] adventured|12 years ago|reply
The only outside scenario is if you get really large, and become a juicy target for the state to go after (and or eg you're large and doing something particularly aggressive in violation). The state simply could never afford the massive enforcement costs to go after every web site owner on earth external to California, so they'll obviously only target the big prizes.
[+] [-] acmiller|12 years ago|reply
http://leginfo.legislature.ca.gov/faces/codes_displaySection...
(That website hasn't been updated yet to reflect the changes made by this new law.)
[+] [-] iSimone|12 years ago|reply
[+] [-] lxa478|12 years ago|reply
[+] [-] jusob|12 years ago|reply
[+] [-] iSimone|12 years ago|reply
Also note that (6) sets out slightly stricter standards regarding disclosure:
(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
[+] [-] termsfeed|12 years ago|reply
[+] [-] lhgaghl|12 years ago|reply
[+] [-] iSimone|12 years ago|reply
In the meantime it's important to comply with it with the simplest means possible imo. That's what we're trying to help with.