

How's Mozilla Doing with Do Not Track? Not So Good  - fafssaf
http://www.readwriteweb.com/hack/2011/09/hows-mozilla-doing-with-do-not.php

======
endtwist
The DNT initiative always reminded me of the "Evil Bit" joke:
<http://www.ietf.org/rfc/rfc3514.txt>

~~~
gwern
Somewhat surprisingly, some 'evil bits' like the .xxx TLD, seem to be getting
traction.

~~~
dsl
It is only gaining traction from people who want the bit explicitly turned
off. People are lining up to pay $100 and change to prevent coca-cola.xxx and
nike.xxx from being registered. Not a single person I've talked to in adult is
seriously considering a move to .xxx

------
Xuzz
Most of us on Hacker News, from what I can tell, are generally against
legislating the Internet. But, that's exactly what DNT requires to be
effective, since it provides no technical barrier against tracking: either
websites are legislated into being required to honor it, or it has essentially
no value to users. As much as privacy is important, I'm actually glad that
Chrome doesn't support DNT. Hopefully that will give reason for a better
technical solution to be developed.

~~~
tomelders
I don't see that this would require legislating the internet. Instead,
amendments to things such as data-protection, privacy or human rights
legislation should be able to cover it.

~~~
justinschuh
This doesn't strike me as a legitimate difference (even just semantically). It
doesn't matter if it's amended to existing legislation or passed as new law;
both are the same from the perspective of "legislating the Internet."

------
bmuon
Working as a developer in an ad network I'm very interested in implementing
this. However, said ad network doesn't currently provide an opt-out mechanism
and Mozilla isn't doing a good job of providing me with arguments to take to
management and convince them that a DNT opt-out is something they want. What
do you think?

------
gst
Why should people turn it on - when most people just don't care?

That's the same problem we have in the EU right now. The correct way to deal
with cookies would be for people to enable or disable them in their browser,
according to their personal preferences. Instead, the EU forces their cookie
legislation on everybody, because most people are too lazy to fix their
preferences.

~~~
SoftwareMaven
Most people have _no idea_ what a "cookie" is, nor how or why they should
manage them. Calling people lazy for not managing them is the epitome of
engineering arrogance. Browsers need better, more clear, interfaces for
managing cookies and websites need to provide easily parses info on what each
cookie is for before people will even be able to manage them.

~~~
gst
If you're using a car it's taken for granted that you learn how this thing
works. If you're using it without learning how it works, it's your own fault,
if you have an accident.

Why should this be any different with computers? The risk that you pose to
others is pretty low, so there shouldn't be any requirement to have a
"license". But I wouldn't call it arrogance, if I'll assume that someone using
the network has a minimum knowledge about how things work.

~~~
blahedo
> _If you're using a car it's taken for granted that you learn how this thing
> works._

Only to a point. I own a car and am perfectly competent to use it, but I have
only the vaguest of understanding as to what things like spark plugs and
catalytic converters do. I know what a manifold is in mathematics, and I
suppose it's a bit similar in a car engine. I deem myself knowledgeable to
open the bonnet and add windshield wiper fluid when that's low, but anything
more complicated I'll take to a mechanic.

> _If you're using it without learning how it works, it's your own fault, if
> you have an accident._

It's my fault if I drive without, say, learning how to operate the brake
pedal, or learning how to turn on the turn signal. But if the accident is due
to something wrong with the internals that I know very little about? I don't
think any reasonable person believes that getting licensed to drive should
require one to have the knowledge of an automobile mechanic.

~~~
thwarted
This isn't the equivalent of spark plugs. It's the equivalent knowing how the
windows work. If you drive around with the windows down while yelling at the
person in the passenger, seat, don't be surprised if other people can hear
you. And you can't use as a defense that you didn't know that you needed to
have the windows up.

------
nikcub
since DNT is opt-in for ad networks it is about as useful as robots.txt. the
good guys will honor it, but the bad guys - who users are really concerned
about, will ignore it.

a better solution is to integrate tools to allow users to block third-party
scripts, to fix bugs and improve cache handling headers that can be used to
track users, and to not let any third-party scripts store any information on
the client.

~~~
icebraining
The thing is that as usual, there's no good or bad guys. The ones doing the
tracking - which is in this case embedded in the websites - are not criminals
who run botnets and crack servers, they're big, amoral companies like Google,
Facebook, Twitter and some specialized firms.

These can be pressured (by public opinion, for example) into complying with
DNT even if it's not their 'first instinct' to do so.

------
pluies
"This might be a bit low because the tracking for DNT is by IP address."

Tracking people using DNT? This is quite ironic.

------
hexis
DNT is like putting a note atop your plain text file asking unintended
recipients to ignore the contents. What browsers need is something akin to
encryption, where you're not asking for compliance, you're denying access.

~~~
azakai
> DNT is like putting a note atop your plain text file asking unintended
> recipients to ignore the contents.

Well, robots.txt is a simple text file that politely asks robots to not spider
parts of your website.

It is completely voluntary and unenforceable, but works very well.

~~~
sbierwagen

      It is completely voluntary and unenforceable, but works very well.
    

_Ha!_ It works very well: for Google, and Yahoo. They use informative user-
agents, and respect robots.txt directives. They have to, they're large
corporations, with shareholders.

Everybody else ignores it. Why would they listen?

Live example:

    
    
      216.55.185.45 - - [11/Sep/2011:06:50:56 -0400] "GET / HTTP/1.0" 200 4835 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"
      216.55.185.45 - - [11/Sep/2011:06:50:57 -0400] "GET / HTTP/1.0" 200 4835 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"
      216.55.185.45 - - [11/Sep/2011:06:50:57 -0400] "GET /blog/ HTTP/1.0" 200 114535 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"
      216.55.185.45 - - [11/Sep/2011:06:51:01 -0400] "GET /blog/archives/2010/01/12/creating_an_account_on_the_scp_wiki_is_like_pissing_glass/ HTTP/1.0" 200 10490 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"
    

This is all the traffic from this IP, with no lines skipped. You might notice
that it doesn't request CSS, or any of the linked images, or favicon.ico. Nor
does it populate the referral header fields, which of course it would be doing
if it was actually Firefox, and there was actually a human clicking on these
links. It doesn't even _bother_ requesting a robots.txt, which I don't have
anyway.[1] Do a whois check on the IP, and we get:

    
    
      Codero CODERO1999A (NET-216-55-176-0-1) 216.55.176.0 - 216.55.187.255
    

Codero's a dedicated server host. This is a spambot, looking for email
addresses. Visit the IP in a browser, and you see a site selling fake Tiffany
jewelry.

1: <http://www.archiveteam.org/index.php?title=Robots.txt>

~~~
icebraining
Maybe, but most tracking services are large corporations, most websites
wouldn't embed analytics scripts from spammers-r-us.com.

------
Wilya
It would be more interesting to know the adoption of this among website
developers. And some use cases where it is beneficial for them (as I don't see
any). As it is, it is quite useless. If the feature doesn't do anything, the
numbers are just a consequence of the buzz done around it, nothing more.

~~~
robryan
There either needs to be user demands or laws to push it I think. Given that
the average user doesn't really care in most cases though I think they are a
long way from succeeding with it. Good to see them at least offering up
something though.

