
Jonathan Mayer Threatens To End “Do Not Track” Talks - shill
http://www.businessinsider.com/jonathan-mayer-threatens-to-end-do-not-track-talks-2013-6
======
handsomeransoms
This is one of the worst pieces of tech/business journalism I have ever had
the misfortune to read. The overwhelming desire to paint Jonathan Mayer as
David to the digital advertising industry's Goliath completely distorts the
reality of the negotiations and misrepresents how decisions about both code
and policy are made at Mozilla. It is insulting to Mozilla, which has been
working in good faith on these negotiations from the beginning, and to Mayer,
who it patronizingly describes as "just a volunteer who hangs around the
offices of Mozilla."

It is also riddled with technical errors that suggest this journalist lacks
even the basic understanding of technology that should be a prerequisite for
working in this space.

This is all especially frustrating because, for some strange reason, these
Business Insider pieces get a lot of traction online. This piece is on the HN
front page at the moment, and their last, similarly asinine, piece about the
proposal to block 3rd Party Cookies in Firefox has over 3,000 comments on
Reddit. [1]

For a more accurate representation of the current state of Mayer's 3rd party
cookie blocking patch, read Brendan Eich's recent post [2].

[1]
[http://www.reddit.com/r/technology/comments/1dy74c/jonathan_...](http://www.reddit.com/r/technology/comments/1dy74c/jonathan_mayer_the_guy_who_just_turned_off_3rd/)
[2] [https://brendaneich.com/2013/05/c-is-for-
cookie/](https://brendaneich.com/2013/05/c-is-for-cookie/)

~~~
AJ007
I would suggest Business Insider is banned from HN, there is no quality
control, it is Demand Media's content farm model applied to news. If this was
my responsibility I would also look very closely at who is upvoting Business
Insider stories.

~~~
flaktrak
Yes and BI would probably not care or notice.

------
rsync
The more alarming piece of the article is this:

"The move might also invite legislation from Congress."

So ... presumably a govt body would define what a web browser is, then define
what tracking is, and then ... what ? Legislate browser code ?

Would wget need defaults built in for the code that comes over ? What if I
'nc' to port 80 and redirect to a file ?

What is a "web browser" anyway ? What constitutes consumption of tracking
codes ? Are there punishments involved ? Is the curl library at fault if it is
misused in this government mandated way ?

Terrible, depressing, and predictable.

~~~
x0x0
Governments already (and appropriately) legislate all sorts of things about
software.

* Some governments require windows to present a choice of web browsers.

* Some governments require websites, operating systems, or programs to provide for accessibility to the disabled.

Some governments also regulate information collection and sharing:

* Some governments (including the US) regulate what information credit card companies must provide to consumers.

* Some governments (including the US) regulate what info credit bureaus can collect, sell, require them to provide free copies on demand to those surveilled, and set up a framework for a dispute process.

It's perfectly reasonable for governments, as an agent of the people, to
create laws and regulations around what can be collected and how. And yes,
code may have to go into browsers to comply.

~~~
handsomeransoms
The long history of the interactions between relatively slow-moving
governments and relatively fast-moving technology suggests that we should only
legislate software as a last resort. One of the nice things about the proposed
Do Not Track standard is that it requires no additional legislation. Once
advertising bodies agree to some meaningful definition of DNT, any violations
could be prosecuted using existing laws that protect consumers from deceptive
advertising.

Online tracking is a difficult problem without a purely technical solution
available. Even with 3rd party cookies blocked, advertisers will still use
first party cookies (Google, Facebook), or more sneaky and difficult to
mititgate mechanisms (browser fingerprinting, evercookies) to track Internet
users.

Legislating is slow, uncertain, full of compromise, and riddled with conflicts
of interest (hold the comparisons to the current DNT negotiations, please).
While it is sometimes appropriate, or required as the only remaining recourse,
it is far from an ideal solution - especially with a problem such as this
where there is such an imbalance of influence between parties in Washington.

------
eggbrain
This can only play out a few ways, right?

A) Firefox holds its ground, Advertisers hold their ground as well.
Advertisers refuse to work with websites that support the version of Firefox
with "Do Not Track", unless the websites add some code to tell their visitors
to use another browser/refuse to load the site. This leads to two scenarios:

Ai) Developers agree and implement advertiser strategy, Firefox becomes an
unreliable browsing experience, market share slips. Firefox possibly reverses
position.

Aii) Developers refuse to implement advertiser strategy (by using either
another ad partner or moving to a different monetization strategy), and
advertisers finally reverse position.

B) Firefox holds its ground, advertisers cave: websites start seeing less
revenue from ads as targeting isn't as effective anymore, websites that get
most of their money from ad revenue either start panicking and blocking
Firefox users, or start putting up paywalls.

C) Firefox yields, advertisers get their way: pretty much the status quo.

D) Firefox yields, advertisers yield: some sort of compromise between the two
camps.

~~~
s3r3nity
B is what I'm worried about and I'm worried that this has a 90% chance of
happening. I have about 2 years of experience working in online ads in some
way shape or form, and it frustrates me how much the implications here aren't
really being considered.

Currently, whenever I hear "I see too many ads for shit that is too related to
my interests" (paraphrased), I consider it the ultimate 21st century 1st world
problem. Because this is how sites make their money, and how Google got to
where it is today. You want to cut off online ads? Fine:

\- Any sites that are free will undergo a paywall, as people don't work for
free. \- More apps in the app stores increase their prices, as ad revenue is
no longer there for the apps they create \- More paywalls and higher prices
mean that lower income people and people in developing countries can't access
free and distributable content.

And don't give me this BS about how "If X site were pay-per-use with no ads, I
would totally pay for it" because <i>power users don't power websites</i> ...
as soon as you charge for something then 90% of the users drop off. [See:
Google Reader, any social network, etc.]

~~~
tomjen3
Most sites that are free won't suddenly turn paysites, people will continue to
make blogposts for fame and the ability to _sell_ their own products (which
isn't ads in the traditional internet sense), plenty of newspapers may have to
close their news sites but the best of the them will make enough money the old
fashioned way: charging a few bucks a month.

And that is basically what I want: an internet of people who are writing
because they want to, about what they want, not demand media writing crap. I
want the rest to be paid for, or run on donations (see Wikipedia). I would
love the best webmail client to be one I had to pay 3 usd/month for but which
integrated PGP, instead of gmail.

Adds create monopolies, paying for services creates oppertunism for
competition.

~~~
s3r3nity
"Adds create monopolies, paying for services creates oppertunism for
competition."

I REALLY disagree with this statement, namely because the data shows otherwise
when it comes to the online space -- for example, Waze became a legitimate
contender by <i>remaining free</i> and instead doing location based
advertising. Bing and other search engines are allowed to be decent
competitors to Google because advertising drives search.

Second, donations is not a scalable model for the internet, as it definitely
doesn't allow for competition in any meaningful way at large scale. Why does
it work for Wikipedia? Because of its mission to remain free for anyone in the
world (also because of a desire to be unbiased, but let's table that for now,
because as politics tells us donations don't always lead to unbiased
decisions.)

And honestly, that should be the crux here: the idea of a paywall for
Wikipedia or any site that advocates for free and open information dispersal
would immediately devalue its mission -- a rando in Uganda should have the
same access to information as me in my cushy western Tech job.

------
nostromo
I love the intention here -- but it seems obvious that this will just push
advertisers to set up a subdomain that points to advertisers -- and
advertisers will use ip address and/or browser fingerprinting to track across
domains.

... and we'll end up right where we are today.

~~~
throwaway125
Giving another company the ability to serve content (javascript) on a
subdomain would make ad companies prime targets for all kinds of hacking
campaigns. Their ability to serve javascript and probably access session
cookies on a large number of domains would turn them in some kind of skeleton
key. This is bad for both the advertisers, the websites serving their ads and
the visitors of those websites.

I certainly hope people would think twice about actually implementing
something like that.

~~~
nodata
"Well we either run the ads with subdomains, or say goodbye to funding and our
jobs."

------
rosser
The irony of this article appearing on Business Insider, a site which won't
work if you try to load it with Ghostery or AdBlock enabled, is rather
piquant.

EDIT: Maybe I'm doing something wrong, but the only way I can get an article
to show up on this site is to disable all plugins, and load it in an incognito
window. Up-to-date Chrome on up-to-date Lion.

~~~
josephg
Business Insider works fine with 3rd party cookies disabled.

(Edit: Chrome on a mac, no plugins. I've enabled 'Block 3rd party cookies and
site data' and Click to play for flash)

~~~
prg318
Every time I click the "Continue to business insider" link I am redirected to
the same page with the "Continue to business insider" link. I'm using Firefox
and Ghostery on XP.

Weirdly enough after four of five clicks it finally directed me to the
article.

~~~
rosser
Exactly the behavior I see, except that I've never gone more than three clicks
before giving up and trying in an incognito window (where I have all plugins
disabled). Since that tends to work, first try, it's become my default.

------
ChuckMcM
There has been some talk that the reason Chrome stopped gaining share against
IE and Firefox was because of the do-not-track situation. IE9 had it and then
turned it back off by default, Firefox was the first to implement it and it is
considering making it the default.

This is what I predict will happen, should Mozilla begin shipping with it
turned on by default.

Advertisers will modify their contracts such that they pay $x if tracking is
enabled on the browser and $y if it is not. $y will be much less than $x,
perhaps 1/10th the amount because the Advertiser will argue it is harder to
detect and prevent fraud without the tracking cookies.

Web sites will then these do not track (DNT) sessions as "low value" sessions
and will either refuse to display content, or force some difficult to subvert
captcha movie watching thing with survey in order to establish the low fraud
barrier and get the 'good' price for ads.

The result will be that 'free' web sites will become even more obnoxious and
subscription sites where they actually reduce or eliminate the advertisements
altogether will become more practical.

------
lifeisstillgood
I have just never realised there are people like johnathon on our side out
there. Thank you.

I also just realised that there are sites in the US, UK, Europe to watch and
follow debates on each parliament, but the debates on the important workings
of these groups seem to be sporadically reported, even here on HN.

Anyone want to help me setup a "theyworkforyou" for w3c working groups?

(I mean if congress rules how a browser should behave in the US, does it
affect me here? If not then frankly these groups overrule each individual
parliament in fairly significant ways )

------
hammerzeit
I do think there's something to the argument that any reasonable
implementation of "Do Not Track" would just further entrench the companies who
already have large consumer traffic (Google, Facebook, et al), by virtue of
the substantial privileging of first-party cookies over third-party cookies at
that point.

Now, you could argue, this is desirable -- after all, companies with large
consumer brands have much more at risk in terms of doing unethical things with
data (yes, I'm aware of the irony of saying that after the PRISM issue, but I
think that only affirms my point). At the same time, does Google/FB/etc need
any more help in dominating advertising than they already do?

------
nthitz
Wikipedia says 85% of Mozilla's revenue is from Google. Mayer's moves are sure
to ruffle some feathers at the search giant if they go through with it in
Firefox.

~~~
jonursenbach
Aren't Google's ads already served via a first-party cookie?

~~~
handsomeransoms
Indeed - in fact, one little-discussed concern over 3rd-party cookie blocking
is whether it would consolidate the power to track users into the hands of a
few already powerful online companies (Google, Facebook, anybody that serves
cookies on the domain that you also visit...)

------
thezilch
Jonathan and Firefox have yet to explain how embedded modules like Disqus,
Stripe, or similar are meant to go about their business and without resorting
to the EverCookie-like tactics? Facebook or similar apps requiring stateful
sessions? I guess we'll all just setup 2nd party sub-domains for advertisers,
or serve our ads off a Google domain (or <insert entrenched advertiser>).

------
tehwalrus
As long as I'm still allowed to block 3rd party cookies with a few exceptions
(like Disqus), I don't really care.

If we (e.g. Mozilla, others, open web supporters) want to educate users about
3rd party cookies can't we just create a new startup wizard or something, like
the windows "choose a browser" popup?

------
fredsanford
I would suggest that advertisers and their cronies stop acting like scumbags
unless they want to be treated like scumbags.

------
chris_mahan
Just block the cookies already, and allow the users to turn them back on on a
per-site basis.

------
steveklabnik
Doesn't Apache not support DNT, so it's my this lately moot anyway?

------
bokglobule
It's made me consider going back to Firefox from Chrome.

