
The Slow Death of ‘Do Not Track’ - r0h1n
http://nytimes.com/2014/12/27/opinion/the-slow-death-of-do-not-track.html
======
rgro
The worst part about the DNT header was the requirement for the tracking
companies to regulate themselves. Initially, the header was opt-in, but with
the introduction of IE10, Microsoft decided that the option was going to be
opt-out. Once the the DNT header was gaining traction and a not-so-small
percentage of people began sending the header, the companies had no reason to
comply, and the initiative sorta fell out of favor.

For blocking tracking, the most effective tools are browser extensions made to
block ads. Ghostery provides comparisons on an non-biased website between the
methods of blocking tracking through browser modifications [1]. According to
the site, the Do Not Track header actually has an effect with a difference of
18% in cookie size when the header is set. AdBlock Edge and disabling third-
party cookies results in a 59% and 40% decrease in cookie size respectively.
It seems that the easiest thing you can do to lessen your internet footprint
would be to disable third-party cookies and enable the DNT header, and the
majority of tracking can be eliminated through the use of a browser extension.
(But with the recent revelations [2], using a browser extension may actually
reduce your browsing experience if you don't have the RAM to spare.)

[1] [http://www.areweprivateyet.com/](http://www.areweprivateyet.com/) [2]
[https://news.ycombinator.com/item?id=8802424](https://news.ycombinator.com/item?id=8802424)

~~~
IdeaSunday
Wont you always be trackable by an heuristic approach?

I would expect that a fuzzy hash of your ip,location,language
settings,resolution, browsertype, average mousespeed, your computers speed to
draw a circle, calc a prime etc etc etc will always identify you.

~~~
eterm
So we ought to start considering whether those things should be permissible by
default in browsers.

It used to be that sites could inspect the clipboard until we realised how bad
for security that was. Perhaps mouse movement and/or timing information should
be something that isn't allowed by default without granting the site
additional permissions. Perhaps browsers could be set to stop sending many of
the headers they currently send by default, or send approximations to reduce
the uniqueness of the headers.

~~~
oneeyedpigeon
Two of the worst offenders are overly-specific user agents (a setting which
should definitely be configurable) and list of plugins (which I see no reason
for being available).

~~~
rvern
In Mozilla Firefox, you can create the setting general.useragent.override (it
doesn’t exist by default) and set its value to “Firefox” to get a very generic
user agent string that websites will still recognize as Firefox and not block
as a bot.

Regarding plugins, the best solution I have found is to have none enabled.
Firefox still sends them in the list when using click-to-play, so it is
necessary to disable them completely.

~~~
ryan-c
As I said in my other comment, changing your user agent string affords you no
privacy protection against those who care about knowing, and makes you more
trackable.

------
thomasfoster96
DNT was essentially dead quite a while ago.

If we are goign to get something like Do Not Track, then it should have been
drafted out of the public eye, had a nice short period for public comment and
then recieved some sort of backing in law. Speculative implementations didn't
really help.

I'm not too familiar with the laws surrounding things like 'do not call' lists
and anti-spam measures, but some sort of system from that area of law could
surely have been a part of DNT.

~~~
tfgg
And the EU, rather than doing this, enacted their dumb 'cookie law' which, as
far as I can tell, has just meant every UK website now has unnecessary
cluttery popups telling you that they're using cookies.

~~~
rb12345
That was around before DNT (just). Given that the popups were required in any
case and are site-specific acceptance, why bother with DNT? It was more work
to implement for zero benefit. Admittedly that also applies to the popups, but
those were less optional.

------
username223
It never made sense in the first place. It was an opt-in, voluntary
restriction that destroys all of advertisers' supposed value with no legal
consequences if they ignore it.

The only real solution is client-side, and we have that technology now: hosts-
blocking, Ghostery, AdBlock, etc. If enough people cared, it could be enabled
by default on new browser installs.

------
eli
It was a weak idea from the start. If you trust advertising companies to do
what they say, then there's already an opt-out tracking system:
[http://www.networkadvertising.org/choices/](http://www.networkadvertising.org/choices/)
The bad actors (particularly ones not based in the US) were going to ignore
DNT anyway.

Now, granted, it's technically far inferior to a DNT header (it sets a cookie
on each ad network domain) but as far as I can tell it works and has worked
for years.

------
carlosrg
This is one thing that could have been done better in Europe.

~~~
ryan-c
Can you elaborate? That cookie thing seems to have only resulted in web pages
having annoying popovers about cookies.

------
atoponce
DNT is the product of "technology by committee". It was a disaster out the
gate from the start.

------
davidgerard
This is part of why regular web users need and use adblockers.

------
MichaelCrawford
I don't trust anyone to respect my Do Not Track settings.

Rather what I do is to blackhole the analytics servers with my /etc/hosts:

    
    
       127.0.0.1 www.googleanalytics.com
       127.0.0.1 www.heapanalytics.com
    

Unfortunately one must jailbreak mobile devices to get at their hosts files. I
understand that Windows no longer uses it at all.

Better would be to block the analytics services at the router, or preload a
caching DNS server with them.

I also avoid "Log In With Facebook" &c. I don't register at a site unless it
offers its own login facility.

~~~
Methusalah
Windows still uses the hosts file in windows 8. I did a little looking around
and it looks like Windows Defender automatically removes some hosts from the
file.

~~~
MichaelCrawford
Thanks for looking into it. I have Windows but don't use it a whole lot.

Strictly speaking DNS is a protocol and not an API. Applications aren't
required to perform name lookups by using any particular software, it's just
common to use what the OS supplies.

