
What is Do Not Track (DNT)? An illustrated guide  - rjim86
http://whatisdnt.com/
======
city41
I was hoping for DDG to go into the technical side of DNT at least a little
bit, even at a very high and simple level. But really this is just an ad for
DDG that's mostly based on instilling fear. I didn't find it very effective.

EDIT: to be fair, the sister site: <http://donttrack.us/>, is closer to what I
was expecting. But still vague and still feels like it's just trying to
instill fear.

~~~
yegg
We struggled with this actually, but the technical reality is that it
currently means nothing to the point that it might as well do nothing
technically. And that's the point of the site -- not to scare, but to say this
setting that is now in your browser doesn't do anything, and even when and if
it does, it isn't likely to do what you think it does, i.e. not track you.

Here's the current state:
[http://www.nytimes.com/2012/11/29/technology/mediator-
appoin...](http://www.nytimes.com/2012/11/29/technology/mediator-appointed-in-
do-not-track-efforts.html?_r=0)

Basically, the talks have completely broken down to the point the advertisers
are delegitimizing the W3C proposals, which are incidentally not finalized
either.

And you have the big sites waiting on the sidelines and explicitly telling
people they're doing nothing:
[https://support.google.com/chrome/bin/answer.py?hl=en&an...](https://support.google.com/chrome/bin/answer.py?hl=en&answer=2790761&p=settings_do_not_track)

Twitter is the exception: <https://support.twitter.com/articles/20169453#>

So you have this setting out there in the wild in all the major browsers that
literally does close to nothing.

------
asadotzler
Do Not Track was on a much better track when Mozilla, privacy advocates, and
major industry advertising groups (and major websites like Twitter) were
working together to build a system that would help users express their wishes
and advertisers respect those wishes.

Things were looking pretty good for the industry embracing self regulation
where advertisers would agree to respect the user's wishes and the user's
wishes would be expressed by users making an explicit request through the DNT
setting in their browsers.

Then Microsoft negated all that industry self-regulation progress by flipping
the switch without user intervention. This undermined the beginnings of an
agreement that would have advertisers respect the wishes of users voluntarily.

I don't understand their motivation -- maybe MS was counting on legislation to
require advertisers to respect DNT, or maybe they saw this as a way to scuttle
the talks between Mozilla, other privacy advocates, and the ad industry.
Microsoft does, after all, have similar interests to Google in tracking users
for advertising purposes. Maybe they just thought the PR win from telling
people who didn't understand the DNT conversation that they were "private by
default" was going to help them take back users from Firefox and Chrome (even
though their move to do that undermined the whole effort.)

Those are just guesses at their motivation, but I cannot come up with any
better explanations. Can you?

~~~
AnthonyMouse
>Those are just guesses at their motivation, but I cannot come up with any
better explanations. Can you?

Think about it from a game theoretical perspective. How can they lose?

1) They get to pretend they're protecting users. Look at us we turned on Do
Not Track by default (because you're too stupid to do it yourself, naturally
-- wait, sorry, you're not stupid, come back)!

2) It makes their competitors look like they're not protecting users as much
as Microsoft claims they are. Look how sinister Google is, they don't even
turn on Do Not Track by default in their web browser. And Mozilla is therefore
just as evil (notwithstanding that they're a nonprofit with a far less clear
incentive than Microsoft to want to track you and pretty unambiguously have it
turned off by default as a result of realism rather than malice), so doesn't
that just make you want to come back to Windows and Internet Explorer?

3) If they manage to scuttle Do Not Track, yay! Now they get to keep tracking
the people who use Bing, etc.

4) When having it turned on by default becomes the obvious deal breaker
everyone expected it to be when taking part in a voluntary consensus-based
process with advertisers, the subsequent falling apart of talks makes the
advertisers look like dirtbags, which falls right into Microsoft's narrative
of trying to make any of their ad-funded competitors (but especially Google)
look like they're constantly doing something sinister.

5) If they don't manage to scuttle Do Not Track, yay! It's on by default in
Internet Explorer. This hurts Microsoft's online services, but it likely hurts
their competitors more, and Microsoft has historically been very successful
with a strategy based on destroying competitors.

Realistically, the response to Microsoft turning it on by default should have
been extremely simple: Make the spec say that the browser _must_ have it
turned off by default, and then allow websites to ignore the flag whenever the
browser implementation doesn't comply with the spec. Then Microsoft can do
whatever they want, but if they do the thing that breaks the consensus then
the flag is no longer respected, but just for Internet Explorer users.
Everyone else gets the same Do Not Track that everyone else agreed was a good
idea, and Microsoft's strategy backfires because now their browser is the
least privacy-protecting one since even the users who actually want to turn it
on can't when all advertisers are ignoring the flag just with Internet
Explorer.

~~~
jordo37
Microsoft has substantial investment in advertising solutions and advertising
companies of their own so 4) doesn't really work. Appnexus is just one example
of an advertising startup that has taken considerable investment from MS in
recent years and having DNT on by default would be very bad for their
business.

~~~
AnthonyMouse
4) is about image rather than reality. Microsoft likes to portray themselves
as the people who demand your money instead of your privacy (even though they
really take both). And people continue to think of Microsoft as a software
company rather than an ad broker notwithstanding their nontrivial advertising
interests as you point out.

This leaves them in a position that allows them to paint advertisers as
unscrupulous and have the taint stick more to their competitors than to
themselves, which they've clearly been taking advantage of.

Moreover, if Microsoft could somehow eliminate all of internet advertising for
everyone, I expect they would do it. Because as much as it would hurt
Microsoft, it would destroy their most viable competitors. And it's more
profitable (at least in the short to medium term) to have a monopoly on a
market a fraction of the size than to have your margins and market share
continually eroded by vigorous competition.

------
jmillikin
Sending servers a "Do-Not-Track" header is like putting a "please don't look
at my house!" sign on your porch. It's a request to forbid a fairly harmless
behavior (cross-site cookies) which is potentially a prelude to malicious
behavior (robbing your house / mapping a visitor's browser to a person).

There's also the problem of how vague the spec is. For example, it states "A
first party is a functional entity with which the user reasonably expects to
exchange data", and then says that DNT should block non-first-parties from
storing data about the user. So should YouTube be forbidden from logging in
the user based on their Google cookie? After all, most users don't know that
they're the same company, and wouldn't expect visiting YouTube to use
information from Google. Same applies to any other "big company / acquisition"
pair, such as Facebook/Instagram.

It would be much better to forbid the malicious behavior itself, such as by
writing privacy laws that require companies to obtain explicit consent before
distributing data collected from or about users. That would have stopped
events like "I visited some random website and they knew my address!"

~~~
azakai
> Sending servers a "Do-Not-Track" header is like putting a "please don't look
> at my house!" sign on your porch

If we must make an analogy, it might be more like, "please don't sell photos
of my house without my approval." But even that isn't a good analogy because
houses aren't people vising websites.

~~~
jmillikin
There are many uses of cross-site cookies that do not involve selling users'
personal data. The most obvious one is customized ads (as used by Google et
al), but shared logins and hosted commenting systems are also common.

~~~
azakai
Arguably customized ads is still selling user's personal data, but the other
examples are valid, yeah.

~~~
jmillikin

      > Arguably customized ads is still selling user's personal data
    

I think this is not true, and that it's an important distinction to make.

Selling a user's data means that a site has taken information the user gave
them, and sent that data to a third party in some non-anonymous format. It's
an unconscionable breach of trust. When there's some service that tells any
site a user visits what that visitor's home address is, that's horrifying.
It's like having a friend who forwards your private facebook posts to 4chan.

In contrast, when a service uses personal data to change what ads are shown,
the data is never sent to a third party. If you tell Google my address so map
search gives local results, then they might use that to filter out ads for
stores in a different state, but they won't tell those stores where you live.

~~~
azakai
I definitely see the difference. However, even in the second case, the user's
data is being used to make a profit; the company collecting the data and
showing the ads is making the ads more valuable - i.e. making more money off
of them - with the user's data.

Again, I totally agree that selling the data to a third party is much worse.

------
glenjamin
Where did do-no-track even come from?

If I were to create a browser extension which added a "Do-Not-Charge-Me"
header, without input from retailers, would I then be able to get annoyed that
I still had to pay for my goods, despite having ticked a little box in the
browser settings?

~~~
betterunix
"Where did do-no-track even come from?"

Well, the argument from the advertisers is this: they have no idea whether or
not people want to be tracked, so they don't know when it is not OK to do so
(i.e. they are claiming to be autistic). Maybe some people really do want to
be tracked and given advertisements that are more relevant to their interests,
according to the advertisers, and so having browsers block tracking systems
would hurt those users; also, they like to remind us, invasive advertising
funds the web (but I have my doubts about that point). DNT is supposed to give
users a way to opt out of invasive advertising that does not involve simply
blocking ads; we are supposed to accept this compromise, because otherwise
we'll just be in another arms race (which I suspect we will win, given how
effective ABP is at blocking ads).

The theory is that the industry can self-regulate, because we are holding the
Sword of Damocles over their heads: we already showed them that we can block
pop-ups, pop-unders, hover ads, Flash ads, Java ads, and the numerous other
things they came up with. We also showed them that we can win an arms race, by
making spam filters so effective that the volume of spam actually began to
decrease.

Of course, for DNT to work, the number of ABP installations would have to
spike whenever the advertisers prove that they are not acting in good faith.
Which is what they did when they tried to claim that DNT meant users don't
want to _see_ targeted ads, but that it was still OK to collect tracking data.
To me, that suggests that DNT is already over and that we need to finish the
game by making ABP a standard feature.

~~~
jordo37
I am a little confused about your doubt that advertising funds the web,
especially the published web (vs web-apps). Can you expand on this point?

To be transparent, I am the CTO of Perfect Audience, an advertising startup
that does retargeting, which does use tracking to show users ads for sites /
products they have previously looked for. These ads are worth more than non-
data driven ads and make more money for publishers than non-data driven ads
bought via bidding, which is where most advertising is moving today.

~~~
betterunix
Well, I won't deny that _some_ websites are funded by advertising (Google
comes to mind). On the other hand, there are a large number of websites that
are ad-free, ranging from small personal blogs (which have low hosting fees; I
know people who pay a tiny amount for EC2 to host their blog) to websites with
millions of pageviews per day (e.g. Wikipedia). We had a world wide web before
we had web advertising; somehow, people were able to pay for things back then.

Really though, my word choice was poor. What I should have said is that I
doubt the _necessity_ of advertising to fund the web, citing the examples
above.

Also, sorry if I am attacking your company. It's nothing personal.

------
dguido
It seems odd that DNT is a controlled at the browser-level and turning it on
instructs every site to "not track me" (whatever that means). There are some
sites that I want to be tracked by and DNT is an all-or-nothing control. This
seems really poorly thought out.

There's a tenuous relationship between DNT and DuckDuckGo too. On one hand
you've got a small group of unknowns who profess not to keep logs (but who
knows, right?) and on the other you have a slapdash attempt to regulate the ad
industry. Use DuckDuckGo because it's a good search engine.

~~~
tytso
I'm not convinced DuckDuckGo is such a great search engine. If I do a search
for "Newtown", the first returned item was for the Newtown in New South Wales.

A search engine which knows that I live in the US and am interested in things
in the US can more easily figure out that the Newtown that I'm interested in
is the one in Connecticut in the United States.

Everyone tends to talk about the "filter bubble" as if it were always a bad
thing, but editorial decisions are a good thing. To say that you always have
to "teach the controversy" means that you fall into the trap that newspapers
in the US have fallen into, where they feel obliged to give equal time to
people who deny global warming, or people who try to argue that you need
automatic weapons to hunt deer, or people who claimed that tobacco doesn't
cause cancel, as people who have the backing of science behind them.

More positively, is the fact that newspapers to refuse to print stories about
the moon landing being faked, evidence of the "media bubble"? If so give me
more of it. I want more editorial filtering by the media, not less.

~~~
Millennium
The things you discuss, though, are things you would apply over the mass of
people based on (ostensibly) observer-independent factors. That's not the sort
of bubbling to which DDG and its ilk object, because it is not based on
individualized preferences, nor is the data gathered by tracking people.

It could be argued that it's a sort of bubbling nonetheless, based on the
preferences of some unspecified authority rather than each individual. But
that's outside the scope of what DDG tries to address anyway.

------
azakai
> so you're still being tracked all over the net — you're just not seeing
> targeted ads some of the time.

Eh? If the servers comply with the header, they won't actually track you. Not
sure what the article is implying - that everyone will lie?

------
prisonblues
I set out my take on this 'what is DNT' question in an article I wrote -
[http://www.kemplittle.com/publications/item.aspx?ListName=KL...](http://www.kemplittle.com/publications/item.aspx?ListName=KL%20Bytes&ID=100)

It's a bit heavier going that the DDG approach, and more euro-centric, but
hopefully gives a decent understanding.

Any feedback or comments encouraged.

------
thisthisthis
What is DNT? Can we differentiate between the idea and the implementation?

As an idea I think DNT is quite strong. Do you agree?

Of course the implementation is incredibly weak, but isn't that a separate
issue?

------
pi18n
What is DNT? A way for advertisers to get another bit of information about
you.

