The company opted to ignore the Do Not Track setting on Web browsers ... other Internet behemoths, including Google and Yahoo, have publicly confirmed that they also ignore Do Not Track
Am I the only one bothered by the silliness of "Do Not Track"? Or even worse, the EU cookie law?
You have a browser that leaks all kinds of info[1] about itself, tells everyone where you came from (sends referral), takes cookies from strangers like an untrained dog, making you uniquely identifiable and instead of fixing that, you ask everyone on the web to please disregard that info your browser just volunteered. How is that not completely backwards?
AdBlock, RefControl, and Disconnect, or their equivalents should be built into modern browsers. And maybe do something about the user agent, fonts, etc, too?
I also walk around town completely uncamouflaged, voluntarily displaying my uniquely identifiable face and whatnot, and yet somehow most businesses can still restrain themselves and do not follow me around, colluding to enable each other to videotape my every step for analytics purpose.
Sure, there's some technical steps that can be taken but there's also a social or cultural dimension to what behavior is popularly accepted fro companies.
The browser giving information automatically is not trivial to fix; the vast majority of users don't want the equivalent of a UAC popup every time they try to use a web app that has session cookies, for example. So the browser gives info by default because it's useful for making certain things work.
It seems to me that the best way to do this is to combine both approaches. There are some things you can do, but there's almost certainly going to be some clever way that people manage to circumvent these rules. One thing to consider is that the biggest threat is from the "omnipresent" companies like Google, Facebook, Twitter, etc, because they're the ones who have a 3rd party presence nearly everywhere on the web. Tracking someone's entire web history is a lot different than tracking 1 out of every 100 websites they go to, and the "big players" are the ones who are most likely to actually be scrutinized. I'm usually quite loathe to recommend any legislation, but I do think that these "big players" would likely comply with a legal requirement to respect "Do Not Track" requests, even if CoolBeanzTracker.biz would still ignore them.
In the end, I think the way forward should be to do our best to prevent our browsers from leaking such information, but also to punish people who, against our explicit wishes, take advantage of any small mistakes we make when we protect ourselves.
By analogy, it's probably not smart to go into a bad neighborhood at night alone with no protection, a large amount of cash and a flashy suit, but that doesn't mean that it's a silly thing to try and deter robberies and assaults on a societal level (either with social strategies like shaming and shunning or with violent strategies like law enforcement or retributive violence) - to the extent that it's cost-effective to do so.
I was seriously considering to make a browser plugin which would scrape pages for Google Analytics unique IDs, make a local database of them and randomly mix them up. Like this:
0. [page visited]
1. Does the page contain GA tracking ID?
no: do nothing
yes: add it to the database and replace it with another randomly chosen ID from the database
Now that's a funny idea. Instead of just opting out you can poison the tracking info pool which basically invalidates any of the data they get even the legitimate stuff.
I seem to remember a schoolgirl developing a project to do exactly that, a few months ago on HN. Trying to dig it out now, unless anyone else can chime in?
This is part of the better long-term solution for online privacy. Spend the effort to educate users about privacy and tracking and build easy to use software options, rather than investing time in standards that don't get adopted and are based on trust.
The voluntary standards were never going to work since the interests of the parties involved are diametrically opposed. The voluntary systems only work for the ad companies if a very small number of users take up the option and if privacy remains a niche issue. As soon as developers looked to apply DNT broadly, they baulked.
Trust is also an issue. Facebook previously said that although their share buttons are hosted on the same domain as facebook.com, meaning cookies are sent - that they are not storing or tracking user web browsing data. They now are using that data, and very little was made of the reversal.
The same reversal or business changes could turn on DNT in the same way. With DNT the sites still receive the cookies and can still store the data. They are able to comply with DNT for a period and then later reverse their position and still use the old data for targeting (and a DNT header is one more data bit that says a lot about a user).
There are now a number of competing opt out standards. None of them really work and they each have problems, but companies need to be able to say they let users opt out whenever they announce a new tech that encroaches further into our lives (Facebook use aboutads, the NAI has their own, Google has its own, most of the aggregators have their own, there are other efforts to sync opt-out).
The solution is to cut the problem off at the head and solve it with software. Browsers and that are easy to use in terms of specifying who you trust (like installing an app) and that don't ever make third-party requests by default. Now that the pretense of negotiating a solution has been dropped, effort can go into developing better software control for users and tech solutions - since none of the current offerings are perfect (which is excusable).
AdBlock Plus once blocked Google ads, till Google decided to pay them [0] to "whitelist" their ads by default. The cynical part of me sees this as a precursor for AdBlock to sign a deal with Facebook and let their ads/tracking through too, for a price of course.
AdBlock Plus wants to encourage non obtrusive advertising. Anyone can apply to have their ads/website added to the acceptable-ads whitelist. Larger companies are charged a maintenance fee.
There is a single checkbox in the options to toggle the whitelist, as well as a link to filter list being used and documentation.
and to all site owners moaning about people using adblock : this is why we can't have nice things. as long as policies like this exist, I'll block anything remotely able to track me.
If it's the tracking you'd like to avoid, don't use ad blockers!
They're the wrong tool for the job. They're for blocking ads. So they'll block ads that are not leaking your info (for your use case, a false positive) and will not (not necessarily) block other means by which you're being tracked (for your use case, a false negative).
Using blanket ad blocking sends the wrong signal to site owners, and creates little incentive to do the 'right thing' — it lets the "bad apples" (which I imagine to be something like 99% of the online ad businesses) spoil it for the one percent that does value your privacy, with no way for anyone to improve. Using ad blocking for privacy reasons is not completely effective (false negatives) and worse, it's punishing individuals for the behaviour of the flock.
Edit: Found the perfect example of the false-positive and false-negative I'm talking about above: http://www.gentoo.org . Harmless ads — just images inside html <a> anchors, loaded from the domain in the site URL. Not leaking anything. The ads help an organization I support.
So what does AdblockPlus do (default settings)? It blocks them. What does RequestPolicy do? It lets them through.
It is very difficult to get somebody to understand something when they have some amount of income depending on not understanding it. Of course site owners are always going to stand behind the ad-supported model of the web, even though it creates all the wrong incentives for content creators and massively degrades the user experience. And generally, degrades the very value proposition of the web.
(disclaimer: I run a 5k DAU social network with no ads).
I use web less and less. It just does not have that good experience, compared to dedicated devices and apps. Also it requires constant connection, way too much hassle while traveling.
For video I use dedicated apps with off-line caching. For email I have IMAP. I get news via RSS. Anything longer than 1 page, I save and read on Kindle latter (including HN discussions). I have off-line version of Wikipedia.
I recently switched from Adblock Plus to HTTP Switchboard[0]. I find it gives you much better control over what gets blocked, and it properly blocks what you have told it to, not just hide them.
I have it set up in quite a restrictive way so by default a site level scope is created and only image/css is allowed. It means I have to take anywhere from a couple of seconds to a few minutes to enable things a site needs to function, but I much prefer that to having tracking cookies, social media buttons, obnoxious adverts etc.
Also the Adblock site claims you can also block a few annoyances specific to Facebook[0]. Is that actually the case? I thought Adblock just used element hiding.
Initial ad blocking extensions for Chrome used element hiding due to addon limitations in Chrome. But for at least the last few years Chrome allows extensions to block requests.
Last week-end I introduced µBlock (or uBlock) [1] for users who do not like to deal with the more complicated HTTP Switchboard. It does rather well against other popular blockers [2], which shows that ABP does indeed block requests, not just hide HTML elements. Compare the numbers of domains reached with when no blocker is used.
To minimise the tracking without plugins: always login to facebook and anything that has your personal details in a "private" session or a browser you don't normally use with flash turned off (or not installed in the first place). Not perfect, but good enough for me.
Of course everyone in my other browser sessions is tracking me between sites, but it isn't linked to my social profiles and such.
TBH I don't really care about the tracking of me. The thing that I find annoys is the combined tracking of me and my contacts: I don't like the idea of them trying to track other people through me.
This is a very shallow way of "escaping"; your browsing activity is definitely being linked to your social media identities via your IP(s) and browser fingerprint.
For instance Google does maintain such non-cookie-based user identities. I'd be highly surprised if Facebook didn't as well; your data is just too valuable to pass on such easy fixes.
I sandbox Facebook inside Firefox, its the only thing I do with that browser. Makes me feel warm and fuzzy for continuing to use the browser too, I like Mozilla.
I'd also be curious to know this. Ghostery was quite an eye-opener when I first tried it. Everytime you go to a site, it lists all the items that it blocked on that page.
I feel that Adblock is a serious threat to Facebook. If it gets the viral traction, imagine half of the Facebook users using Adblock. The result would be disastrous.
I use Adblock and love it dearly. I don't have to watch annoying ads on youtube or deal with intrusive banner ads suggesting I a guide on how to make $5000/day at home in an instant.
I do sometimes want to see ads, and that's when I google something and I want to actually see the advertisements. This is a good sign for google although overall, adblock will slowly cannibalize their ads
The entire movement is pissing against the wind. Tracking is how these companies make money. This is their motivation system. A "low" of current online physics is "tracking makes money".
As such, it's a waste of energy. Change physics first.
By the way, many people make valuable content and support their work by ads. Ads are online currency. I am not using adblock because it is like stealing their work without paying.
[+] [-] spindritf|11 years ago|reply
Am I the only one bothered by the silliness of "Do Not Track"? Or even worse, the EU cookie law?
You have a browser that leaks all kinds of info[1] about itself, tells everyone where you came from (sends referral), takes cookies from strangers like an untrained dog, making you uniquely identifiable and instead of fixing that, you ask everyone on the web to please disregard that info your browser just volunteered. How is that not completely backwards?
AdBlock, RefControl, and Disconnect, or their equivalents should be built into modern browsers. And maybe do something about the user agent, fonts, etc, too?
Don't educate users. Fix it.
[1] https://panopticlick.eff.org/
[+] [-] ben0x539|11 years ago|reply
Sure, there's some technical steps that can be taken but there's also a social or cultural dimension to what behavior is popularly accepted fro companies.
[+] [-] pjc50|11 years ago|reply
[+] [-] x1798DE|11 years ago|reply
In the end, I think the way forward should be to do our best to prevent our browsers from leaking such information, but also to punish people who, against our explicit wishes, take advantage of any small mistakes we make when we protect ourselves.
By analogy, it's probably not smart to go into a bad neighborhood at night alone with no protection, a large amount of cash and a flashy suit, but that doesn't mean that it's a silly thing to try and deter robberies and assaults on a societal level (either with social strategies like shaming and shunning or with violent strategies like law enforcement or retributive violence) - to the extent that it's cost-effective to do so.
[+] [-] daemonk|11 years ago|reply
[+] [-] zvrba|11 years ago|reply
[+] [-] Omniusaspirer|11 years ago|reply
[+] [-] surreal|11 years ago|reply
[+] [-] ska|11 years ago|reply
[+] [-] nikcub|11 years ago|reply
The voluntary standards were never going to work since the interests of the parties involved are diametrically opposed. The voluntary systems only work for the ad companies if a very small number of users take up the option and if privacy remains a niche issue. As soon as developers looked to apply DNT broadly, they baulked.
Trust is also an issue. Facebook previously said that although their share buttons are hosted on the same domain as facebook.com, meaning cookies are sent - that they are not storing or tracking user web browsing data. They now are using that data, and very little was made of the reversal.
The same reversal or business changes could turn on DNT in the same way. With DNT the sites still receive the cookies and can still store the data. They are able to comply with DNT for a period and then later reverse their position and still use the old data for targeting (and a DNT header is one more data bit that says a lot about a user).
There are now a number of competing opt out standards. None of them really work and they each have problems, but companies need to be able to say they let users opt out whenever they announce a new tech that encroaches further into our lives (Facebook use aboutads, the NAI has their own, Google has its own, most of the aggregators have their own, there are other efforts to sync opt-out).
The solution is to cut the problem off at the head and solve it with software. Browsers and that are easy to use in terms of specifying who you trust (like installing an app) and that don't ever make third-party requests by default. Now that the pretense of negotiating a solution has been dropped, effort can go into developing better software control for users and tech solutions - since none of the current offerings are perfect (which is excusable).
[+] [-] r0h1n|11 years ago|reply
[0] http://www.theverge.com/2013/7/5/4496852/adblock-plus-eye-go...
[+] [-] Ardren|11 years ago|reply
There is a single checkbox in the options to toggle the whitelist, as well as a link to filter list being used and documentation.
Source: https://adblockplus.org/en/acceptable-ads
[+] [-] tech-no-logical|11 years ago|reply
https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/
[+] [-] mp3geek|11 years ago|reply
[+] [-] tech-no-logical|11 years ago|reply
[+] [-] Wicher|11 years ago|reply
They're the wrong tool for the job. They're for blocking ads. So they'll block ads that are not leaking your info (for your use case, a false positive) and will not (not necessarily) block other means by which you're being tracked (for your use case, a false negative).
Use something like RequestPolicy (https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...) or PrivacyBadger (https://www.eff.org/privacybadger) instead. That way, you're not blocking ads per sé — though a side effect of using RequestPolicy is that you won't see much ads — you're blocking the leakage of information to third parties instead.
Using blanket ad blocking sends the wrong signal to site owners, and creates little incentive to do the 'right thing' — it lets the "bad apples" (which I imagine to be something like 99% of the online ad businesses) spoil it for the one percent that does value your privacy, with no way for anyone to improve. Using ad blocking for privacy reasons is not completely effective (false negatives) and worse, it's punishing individuals for the behaviour of the flock.
=========================================================
Edit: Found the perfect example of the false-positive and false-negative I'm talking about above: http://www.gentoo.org . Harmless ads — just images inside html <a> anchors, loaded from the domain in the site URL. Not leaking anything. The ads help an organization I support.
So what does AdblockPlus do (default settings)? It blocks them. What does RequestPolicy do? It lets them through.
[+] [-] fchollet|11 years ago|reply
(disclaimer: I run a 5k DAU social network with no ads).
[+] [-] qwerta|11 years ago|reply
For video I use dedicated apps with off-line caching. For email I have IMAP. I get news via RSS. Anything longer than 1 page, I save and read on Kindle latter (including HN discussions). I have off-line version of Wikipedia.
[+] [-] Bassetts|11 years ago|reply
I have it set up in quite a restrictive way so by default a site level scope is created and only image/css is allowed. It means I have to take anywhere from a couple of seconds to a few minutes to enable things a site needs to function, but I much prefer that to having tracking cookies, social media buttons, obnoxious adverts etc.
Also the Adblock site claims you can also block a few annoyances specific to Facebook[0]. Is that actually the case? I thought Adblock just used element hiding.
[0] https://github.com/gorhill/httpswitchboard/ [1] https://facebook.adblockplus.me/en/
[+] [-] Ardren|11 years ago|reply
I think Firefox has always been able to do this.
[+] [-] gorhill|11 years ago|reply
[1] https://github.com/gorhill/uBlock#benchmarks
[2] https://github.com/gorhill/uBlock#benchmarks
[+] [-] mkesper|11 years ago|reply
[+] [-] Angostura|11 years ago|reply
[+] [-] dspillett|11 years ago|reply
Of course everyone in my other browser sessions is tracking me between sites, but it isn't linked to my social profiles and such.
TBH I don't really care about the tracking of me. The thing that I find annoys is the combined tracking of me and my contacts: I don't like the idea of them trying to track other people through me.
[+] [-] fchollet|11 years ago|reply
For instance Google does maintain such non-cookie-based user identities. I'd be highly surprised if Facebook didn't as well; your data is just too valuable to pass on such easy fixes.
[+] [-] gleenn|11 years ago|reply
[+] [-] teamhappy|11 years ago|reply
[+] [-] zo1|11 years ago|reply
[+] [-] bmcd87|11 years ago|reply
This doesn't seem like anything new, just a reaction to the news that Facebook is going to expand what they do with the data they collect.
(I'm a Ghostery developer)
[+] [-] mp3geek|11 years ago|reply
[+] [-] mp3geek|11 years ago|reply
[+] [-] TallboyOne|11 years ago|reply
Go to ad block settings. Add a custom one, give it any title you want. Put this in for the URL:
https://easylist-downloads.adblockplus.org/fanboy-social.txt
[+] [-] freakyterrorist|11 years ago|reply
[+] [-] xkarga00|11 years ago|reply
[+] [-] zhng|11 years ago|reply
[+] [-] BillFranklin|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] notastartup|11 years ago|reply
I use Adblock and love it dearly. I don't have to watch annoying ads on youtube or deal with intrusive banner ads suggesting I a guide on how to make $5000/day at home in an instant.
I do sometimes want to see ads, and that's when I google something and I want to actually see the advertisements. This is a good sign for google although overall, adblock will slowly cannibalize their ads
[+] [-] zupa-hu|11 years ago|reply
The entire movement is pissing against the wind. Tracking is how these companies make money. This is their motivation system. A "low" of current online physics is "tracking makes money".
As such, it's a waste of energy. Change physics first.
[+] [-] sp332|11 years ago|reply
That's what this fixes. By pushing back against tracking, we will force websites to use other ways to make money.
[+] [-] zupa-hu|11 years ago|reply