
Twitter abandons 'Do Not Track' privacy protection - CrankyBear
http://www.zdnet.com/article/twitter-abandons-do-not-track-privacy-protection/
======
xg15
Ok, honestly, was DNT ever more than a smoke grenade for muddying the privacy
discussion? The standard always relied on every single shady data collector
out there to act against their core interest, facing not even the risk of
detection (let alone punishment) if they don't comply, all just because you
asked them nicely. You might as well carry a "do not rob me" card in your
wallet.

Was there ever a honest belief by anyone (except the Ayn Rand fanboys) this
could work?

~~~
qb45
What's up with this "Ayn Rand fanboys" meme?

I keep seeing this recently and this time I can't even imagine how it could be
relevant.

~~~
quakeguy
IDK really, but i found this article lately:

[https://www.salon.com/2016/12/14/fountainhead-of-bad-
ideas-a...](https://www.salon.com/2016/12/14/fountainhead-of-bad-ideas-ayn-
rands-fanboys-take-the-reins-of-power/)

Make your own conclusions.

~~~
rbg246
I'm not sure one one can make their 'own' conclusions from reading that
article it was clearly biased towards reaching the conclusion that Ayn Rand
was a writer for 'juveniles' which I don't think is a fair appraisal. I mean I
don't agree with her conclusions on the world but I would say the world she
has created in her novels are at a higher level than juvenile reading.

~~~
qb45
Why, I enjoyed this article, particularly the part about rape and the end:

 _I seriously doubt that Donald Trump is really a fan of Ayn Rand. Her books
may be juvenile and shallow, but they’re way too deep for him._

Make your own conclusions, indeed.

 _Heather Digby Parton, also known as "Digby," is a contributing writer to
Salon. She was the winner of the 2014 Hillman Prize for Opinion and Analysis
Journalism._

Um, I only hope they don't give awards for _that_.

~~~
problems
Salon is a very left-wing site, heavily opinion-based. You get about the same
kind of thing when looking at opinion sites from any part of the political
spectrum.

It's glorified trash talking really.

------
ars
It's interesting how Microsoft killed DNT - by supporting it.

Once they made it the default, it was all over. It was so obvious that doing
so would kill DNT that I have to wonder if they did that on purpose.

It's definitely an interesting way of stopping something you don't like -
support it to such a degree that those who asked for it don't want it anymore.

~~~
dudus
This.

If any Good citizen site ever thought about honoring DNT they got their plans
crushed when Microsoft did this.

It was a silly proposal from the start but a hopeful one. Hopeful that people
would do the right thing. The web was always built on assumptions that the
other side would do the right thing in that context DNT was not so silly.

This one failed. Because Microsoft didn't do the right thing. They decided to
use DNT as a marketing platform instead.

~~~
staticassertion
I think you're putting too much blame on Microsoft here. DNT was always
garbage, the fact that as soon as anyone used it (it becoming default for IE
being the push in this case) it would fall apart just shows that it was always
doomed.

 _Shouldn 't_ not being tracked be the default? Shouldn't we be opting into
targeted ads, not out of them? Seems reasonable, if DNT weren't garbage, to
have it be on by default. But it was garbage and so it was never really any
help to anyone anyway.

Really, everyone should just install an adblocker, and whitelist sites that
are non-invasive, don't track, and that you want to support. Then the
responsibility isn't on advertisers not to track us, it's on citizens to
whitelist sites that they genuinely should be supporting.

~~~
Crespyl
I think you're right that "not being tracked" should be the default, in so
much as having an adblocker and blacklisting known trackers should be
defaults. These are things that my user-agent should be doing automatically to
protect me and improve my experience.

On the other hand, DNT is intended to be an opt-in polite request for _other
agents_ to change their usual behavior. An adblocker or tracking blocker at
the browser/user-agent level does nothing to change how the servers that I
_do_ connect to behave. It just alters the behavior of my browser to _not
contact at all_ unrelated third parties.

With DNT, my user-agent still contacts those third parties, but with a request
to alter _their_ default behavior. "Please, give me adco.com/somead, but
please don't correlate this request with other information you have on me,
etc."

I do think there's a possible place for something like that, but it has to be
opt-in or nobody will listen to it. Trivial examples of other "please deviate
from your default behavior" requests are things like "show desktop version" on
mobile browsers, Accept/Accept-Language (where supported), etc.

On the gripping hand, it's also yet another bit to differentiate me from
everyone else, and expecting polite and ethical behavior from advertising
corporations probably really is doomed to failure.

~~~
staticassertion
> On the gripping hand, it's also yet another bit to differentiate me from
> everyone else, and expecting polite and ethical behavior from advertising
> corporations probably really is doomed to failure.

Yeah, I considered bringing this up in my original post - DNT is garbage for a
lot of reasons. One of the big ones being that it actually _sucks_ for
privacy, especially if it's not used a ton. It's one more thing that can make
you trackable.

------
malikNF
DNT made sense only in a world where there would be some sort of law to back
it up.

I actually had my adblocker turned off on websites I knew at least tried to
respect DNT (reddit, medium and twitter), guess twitter's getting completely
adblocked now.

~~~
radley
I have no issue adblocking Twitter since they use deceptive ads.

It used to be ads had to be clearly labelled as not to confuse with regular
content. Twitter buries their "promoted" label at the bottom in light grey
text, so you only know it's an ad after you've read it and asked "WTF? Why is
this in here?"

~~~
eric_h
Somehow my brain has figured out how to notice that and ignore them.

Scrolling through my feed I swipe past the ads faster than the other tweets.

------
LeoNatan25
My ad blocker has a DNT they cannot abandon.

~~~
SimeVidas
Even better when used in conjunction with Firefox’s Tracking Protection
(`privacy.trackingprotection.enabled` in about:config).

~~~
dghughes
Well I guess I didn't know that!

I thought 'do not track' was on and I was OK but trackingprotection is a
separate option in Firefox configuration.

~~~
SimeVidas
Websites can ignore DNT, but Tracking Protection eliminates trackers in
Firefox itself. It’s like an ad blocker, but focused on identifying and
removing trackers specifically.

------
lawl
If you take a look at any fingerprinting code in the wild, ALL of them use
your DNT setting as another bit to track you.

It had the exact opposite effect it intended to have.

------
Analemma_
> "DNT seemed like a good idea. By setting DNT on in your web browser,
> websites that supported DNT could neither place nor read advertising cookies
> on your device. Well, that was the idea anyway."

No, DNT seemed like a stupid idea right from the beginning. It's nothing but
an "evil bit" that websites were always free to ignore (and what's more,
ignore silently). I never understood the outrage when Microsoft had IE set DNT
to True as default, all they were doing was making explicit what a useless,
feel-good piece of nonsense it was while everyone else was just ignoring the
elephant in the room out of motivated self-interest.

So, good riddance. DNT was always an attempt by advertisers to distract people
from the fact that the only real solutions to privacy problems are
legislative, and they don't want that. Twitter abandoning it might be one tiny
step closer to broad awareness of that.

~~~
yborg
Another example of the fallacy of suggesting a 'free market' will lead to
desirable outcomes for society at large when those outcomes are counter to the
goal of maximizing profit for individual players. I believe the idea was well-
intentioned, but as noted had no chance from the start without some kind of
regulatory enforcement behind it.

~~~
sambe
Not really. You could easily argue (and I would) that people simply don't
value it highly, on average. You are free not to visit websites that track
you, or use various other technological solutions (Tor, private browsing, ad
blockers). There's not a great deal to learn about the "free market" here.

~~~
nkrisc
> You are free not to visit websites that track you

Let me just check the public registry of what companies track me and what
they're tracking.

~~~
arjie
If people really wanted this, you could easily build this tool for money.

------
shawnee_
_Online privacy remains an issue that upsets people, but at day 's end,
neither companies nor the Trump administration have any real interest in
protecting privacy. _

Does not surprise me at all.

As a very early adopter of Twitter, I have to say I thought this platform had
a lot of promise at one time. Unfortunately, it's becoming a textbook case of
how massive ego corrupts and destroys a product, a company, and now even a
country. It started with the lockout of developers' ability to write
frameworks around the APIs and is ending, naturally, with these massive
political bots owning 10K+ followers, spam that always ends up on the top
layer of search.

My disenchantment had been growing for a long while. Finally shut down my
accounts earlier this week after they refused to offer "verification" my
ecosteader account. Ten years I've been waiting it out, promoting this company
for free, adding Twitter links to websites I build for customers and
clients... and they do not even grant a courtesy gesture to show people that
yes, the owner of these Twitter accounts is indeed associated with these
websites.

Instead, like everything else on the Internet these days, it's all about
popularity and ego and bribery.

Apparently, the rumor that the best way for a small company or org to get
verified is to cash-bribe somebody who works there is true? If that's what you
wanna do, go for it... but at least document your corrupt dollars needed and
standards for bribery somewhere, so people can have some reference before they
waste their time. The echo chamber and circlejerk thing has gone on for far
too long.

~~~
zAy0LfpBZLC8mAC
> As a very early adopter of Twitter, I have to say I thought this platform
> had a lot of promise at one time.

Given that is was a centralized, proprietary service from day one, so it
necessarily would follow the interests of the owners, and that also has a
strong network effect that locks people in ... how did you come to that wild
conclusion?

~~~
shawnee_
There was a (brief) period of time many years ago when Twitter was more
friendly to developers; that is what I was referring to.

What followed was a series of terribly bad decisions to turn it into a
marketing platform, rather than what it what it was organically becoming,
which was a real-time market research tool + analytics API.

As a result of bad direction and big ego, today it is just an extremely noisy,
mostly irrelevant, echo chamber.

------
politician
(Kicking around an idea to build this:)

Would anybody be interested in a local DNS server that automatically updated
its list of black-holed domains through a mechanism that preserved your
privacy? (Assuming, of course, a decentralized representation of the block
lists.)

Would anybody be willing to sell their attention by accepting payment (BTC),
perhaps through a dutch auction, to re-enable a black-holed domain for a time-
limited period? (Hand-waving the mechanism for ensuring that the domain was
actually whitelisted.)

I'd personally be interested in the former, and would likely use the latter -
even though I find it hilariously unlikely that Ad Networks or Web Sites would
participate in bidding for my attention directly.

~~~
shuntress
If you don't already know about it, definitely check out [https://pi-
hole.net/](https://pi-hole.net/)

I'm not totally clear on where their blacklist comes from but their mainpage
claims "Known ad-serving domains are pulled from third party sources and
compiled into one list"

This is pretty much exactly your first suggestion and seems like it would be
an excellent platform on which to launch your second suggestion.

~~~
stordoff
Default block lists appear to be: [https://github.com/pi-hole/pi-
hole/wiki/Customising-sources-...](https://github.com/pi-hole/pi-
hole/wiki/Customising-sources-for-ad-lists)

The most comprehensive of the lists appears to be
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts) ,
which is the same list I use for DNS filtering on my DD-WRT router. Seems to
work pretty well.

------
awinter-py
what if instead of using ad blockers we use ad amplifiers that downloaded 10
or 100 copies of video ads to make sure we got the data correct?

Serving video is pretty expensive. How big are the ad networks' margins? Let's
see who blinks first.

~~~
pjc50
Ironically if you make this look like "click fraud" you can probably ensure
that the site doesn't get paid for serving ads - but the ad network was still
paid by their clients.

~~~
awinter-py
If an ad network marks a click as fraudulent but still charges the advertiser,
aren't they guilty of fraud as well? That seems like risky behavior for a
company.

------
djrogers
What a shock - the voluntary and arbitrarily interpreted 'feature' designed by
advertising companies failed to protect anyone's privacy...

------
shmerl
Well, ad blockers are still here.

------
10165
Commenters are confusing ads versus tracking.

Remember that it is possible to track users without the use of ads.

A browser written by an organization that profits from ad revenue or
collecting user information (hereafter "well-known browser") will load
elements, e.g., images, in a web page automatically.

No user interactivity is required. The user need not "click" anything. The
user may not even be able to see the element loaded.

Email clients supporting HTML email can do the same thing, loading images
automatically, hence suporting a method of tracking.

This is a very old method but still widely used.

What if the user is not using a "well-known browser"? What if those elements
will not be loaded automatically? Will these methods of tracking still work?

All methods of tracking, other than IP addresses in access logs, rely on
assumptions. Many rely on assumptions about usage of a "well-known browser".

The assumption re: automatically loaded elements, "beacons" or whatever one
wants to call them, is that the user is using a "well-known browser" that will
load elements automatically. If the user is not using a "well-known browser",
all bets are off?

Another example is the HTTP header "fingerprint". HTTP headers are tied to
"well-known browsers". What if suddenly all users decided to only send the
same minimal headers? In the way that some server software might try to hide
its version (e.g., BIND) imagine that users decided to hide their client
software version.

Aside from IP addresses, many methods of web tracking are heavily reliant on
assumptions about use of "well-known browsers" and the behavior of those
browsers. Could these assumptions ever fail to be true? Can users think for
themselves?

The www as a medium for exchanging information or even doing commerce does not
necessarily require the use of any particular browser. That "requirement" is
only imposed by certain sites on the www, for reasons that may ultimatley
benefit the site owner more than its users. No such "requirement" is imposed
by the www itself.

Thinking of this in terms of "a carrot and a stick", as far as I have seen
using the www since 1993 there is only a carrot in the form of a "well-known
browser". _There is no stick._ Users are free to make HTTP requests using _any
client_ they choose, including ones that do not expose them to advertising or
tracking. Such clients may not require an "adblocker" because _they do not
requests elements automatically_.

There used to be and perhaps there still is a never-ending battle between
commercial entities over which is the "default browser" in a graphical OS.
Certain companies tried to coax users into using certain "well-known
browsers". There was even a large antitrust case in the US over this issue.

The implication seemed to be that if not set _by default_ users might
otherwise choose some other HTTP client to interact with the www. In those
days one company wanted to sell a browser as enterprise software. Today that
browser is owned by a "non-profit" organization of salaried employees. Other
well-known browsers are owned by "for profit" (subject to taxation) commercial
entities with thousands of employees.

Today, these well-known browsers are "free". And yet these browsers are
written by salaried employees, not open-source project volunteers. These
entities continue to market their "free" browsers aggressively to users.

As a user, ask yourself why.

Ads? Tracking?

------
awinter-py
upvote != endorsement

------
theprop
I always suspected Mozilla pushed Do Not Track to undermine online privacy. It
was a doomed idea from the start -- all DNT does is politely ask a website not
to track you. Setting their browser to DNT on did give tens of millions of
Firefox users the illusion they were getting a high level of privacy (so they
presumably would stick to Firefox) even though it didn't actually do very
much.

~~~
Chaebixi
> I always suspected Mozilla pushed Do Not Track to undermine online privacy.

What motivation does Mozilla have to want to "undermine online privacy?" Of
all the major browser vendors, they seem the _least_ coupled to the privacy-
invading ad ecosystem.

~~~
theprop
The Mozilla that was using your browsing history to target new tab page ads to
you? That's "least" coupled to the privacy-invading ecosystem?

That gets hundreds of millions of dollars a year from Google & Yahoo/Microsoft
in search revenues without pushing them to provide a genuine private search?

~~~
Chaebixi
> The Mozilla that was using your browsing history to target new tab page ads
> to you? That's "least" coupled to the privacy-invading ecosystem?

Yeah it's the least coupled, because the major alternatives (e.g. Google)
_literally run the privacy-invading ad networks_.

Mozilla walked back from the tab-page ads more than a year ago.

> without pushing them to provide a genuine private search?

How much leverage do you think Mozilla has with the search engines? Google
canceled their deal with them because they are so dominant and Chrome has been
so successful. Mozilla needs revenue to keep the lights on, and the search
engines are the source of it.

