Hacker News new | comments | show | ask | jobs | submit login
Twitter abandons 'Do Not Track' privacy protection (zdnet.com)
200 points by CrankyBear 11 months ago | hide | past | web | favorite | 145 comments

Ok, honestly, was DNT ever more than a smoke grenade for muddying the privacy discussion? The standard always relied on every single shady data collector out there to act against their core interest, facing not even the risk of detection (let alone punishment) if they don't comply, all just because you asked them nicely. You might as well carry a "do not rob me" card in your wallet.

Was there ever a honest belief by anyone (except the Ayn Rand fanboys) this could work?

I don't think it was ever meant to be a comprehensive solution; it was meant as a start to address the rampant issue of tracking. There wasn't a mechanism short of outright blocking for a user to declare intent. The argument has always spiraled around what is the agreement between a user and a site they visit. Implicit agreements, revenue models, etc, but it's always been a unidirectional communication; the website tells the user, after the fact, what the terms and conditions are.

Do Not Track was an attempt to give users a voice and the overwhelming response to it by the trackers was to ignore it. DoNotTrack wasn't an effective anti-tracking solution, but for every opt-in, it was a clear message from users. It's why Microsoft's auto-opt in, while probably well meaning, really screwed the whole thing. It had to be a choice.

It was a message, and it's still a very strong argument when it comes to the discussion about dishonesty among trackers and advertising networks.

> It's why Microsoft's auto-opt in, while probably well meaning...

I might be overly cynical, but I think that was pure covert corporate warfare on Microsoft's part: it could reduce Google's income and was good PR.

> Was there ever a honest belief by anyone (except the Ayn Rand fanboys) this could work?

On the contrary, it was (generally) those in favor of government-mandated privacy and security who heavily supported the DNT efforts. The "Ayn Rand fanboys" just told people to install uBlock Origin

But... DNT had nothing to do with government

It had: the same kind of people supported it.

At least that's what parent's claim was, which you seem to disagree with but failed to actually argue against.

Am anarchist, can agree

What's up with this "Ayn Rand fanboys" meme?

I keep seeing this recently and this time I can't even imagine how it could be relevant.

Pretty much just Reddit leaking into HN.

Some people live in a political/cultural "tribe", and see the entire world through a prism where everything they dislike is linked to "the other tribe". They often punctuate every paragraph with some meme jab at the other tribe, even if it's seemingly irrelevant for everyone else who doesn't share the same prism.

On Reddit, this results in imaginary Internet points (i.e. upvotes), which reinforces the behavior and the underlying mindset. The HN community is better, but still not immune to this. I'm convinced that the "gamification" of online discussion over the past ten years has pretty deep impacts that future generations will look back on someday.

I don't think this has much to do with Reddit. "Randroid" and similar terms as a derogatory way of describing a certain cluster of ultra-free-market views has been common on every online discussion service I've been on, dating back to Usenet. Although this may be partly because actual, honest-to-god Ayn Rand fans are also surprisingly common on online discussion forums (and were especially common on Usenet).

It predates even usenet, eg FidoNet, BIX, CompuServe.

My gamer and geek friends have been spewing libertarian flavored Randian nonsense since middle school, circa 1983. I never imagined that worldview would prevail. It was just so puerile. Not so different than the tortured coming of age fantasies embraced by the other subcultures (stoners, metalheads, preppies). Though maybe the nerds were more aggrieved, seeing themselves as an oppressed minority.

Of course, none of us knew about the well funded propaganda machine pushing the whole Austrian/Chicago school of economics. Young Republicans, trickle-down economics, John Birch Society, Hertitage Foundation, disaster capitalism, Grover Norquist, etc.

Edit: TL;DR: Mockery is the only appropriate response.

Getting off topic, but while I'm not a fan of any of those philosophies, I'd be wary of conflating too quickly these different varieties of free-market supporters. Rand fans who got into the whole Objectivism thing via her books, parts of the SF scene, etc., vs hereditary billionaires who are attracted to Heritage-Foundation-style free-market economics (whose political expression in the U.S. is mainly as "business Republicans", though sometimes as "corporate Democrats"), are fairly different groups of people. There's the occasional overlap, but it's mostly different people with different motivations.


During the aughts, I attended many of our local political parties. Socialists, Dems, GOP, Libertarians, etc.

All these cliques, for lack of a better word, are mostly defined by what they're not (in opposition to other cliques).

The exception was our local Green Party. Their members were defined affirmatively, by what they stood for, vs in opposition to some other group.

The Libertarians were especially mushy in their supposedly beliefs, and no two agreed on anything other than everyone else was wrong. Kinda like the various Christian sects.

Downvotes for truth, here, I suppose.

You could add in the Mont Pelerin Society,Foundation for Economic Freedom, Atlas Network, and Cato Institute, Mercatus Center, Adam Smith Institute, Mercatus Center.

And personnel: Ludwig von Mises, Leonard Read, Murray Rothbard, Friedrich Hayek, the Kochs (Fred, Charles, David), for completeness.

Mark Ames has an excellent general summary: http://www.alternet.org/visions/true-history-libertarianism-...







See, e.g., Philip Mirowski's The Road From Mont Pelerin:


Thanks for Mark Ames link. TL;DR: They were always hucksters for hire.

I recently read a magazine article that covers same history as Mirowski's book. Hayek's motivations and strategy for pushing his ideas (take over economics depts in higher ed) are fascinating, instructive. Sadly, I can't imagine how the left could replicate that effort for reality-based polcies.

On mobile, sorry no link handy. I'll edit if I can find it.

There's the related Lewis Powell Memorandum:


I'm not immediately recalling or coming up with a Hayek reference, though it wouldn't surprise me in the least, and I'd very much like to see what you're thinking of if you can find it.

Ah, good.

At least someone on the Internet recognizes the Mercatus Center for the Koch propaganda machine that they are. It's unfortunate, the influence they have on the GMU graduates.

The Atlas Network's own validation that the whole snake pit is in fact an octopus (a connected and unified entity, not simply a set of disjoint units) is ... surprisingly useful.

I really don't think this is a new / Internet phenomenon, by any means.

I've been re-reading John Henry Newman's Apologia pro Vita Sua, published in 1864, describing the author's conversion from the Church of England (where he was one of the most visible clergymen of the time) to Roman Catholicism. It was written in response to another clergyman making accusations that, not only was Newman being dishonest, that dishonesty was an inherent characteristic of Catholics, and that (based on an uncharitable reading of Alphonsus Liguori) it was Catholic doctrine that Catholics could lie about anything to preserve their faith, and therefore Newman had been a Catholic sleeper agent his whole life, tricking his fellow conservative Anglicans into adopting papist positions until he was ready to reveal himself as a Catholic to convince others to jump ship.

He sets out his response in the introduction, and in it he introduces the term "poisoning the well" to name a logical fallacy: he asserts that his ideological opponent has made it impossible for him to say anything in self-defense, and hopes his readers will recognize it.

This all strikes me as extremely reminiscent of Internet arguments. The uncharitable clergyman is very tribal, and defecting from the Anglican tribe to the Roman Catholic one is an unforgivable offense. And Newman responds by saying, look, you have used a logical fallacy against me. They'd fit so well on Slashdot! But it was over 100 years before the Internet.

(On a side note, the phrase "imaginary Internet points" to describe upvotes strikes me as a thought-killing meme jab itself. The descriptor "imaginary" makes no sense: what would real Internet points look like?)

Real internet points? Amazon gift cards, Google gift cards, anything similar easily convertible into recognized value.

And entirely off topic, but a hundred and fifty years after introducing that phrase, one of my favourite post-hardcore bands of all times used it as their name (Poison The Well). It's funny how that happens!

Poisoning the well is older than either. It has been an antisemitic stereotype with one notable early hayday in central Europe 1350 or something to blame the Jews for the plague.

> I keep seeing this recently and this time I can't even imagine how it could be relevant.

In this case, it sounds like it's mocking the idea that the market-based voluntary agreements could solve this problem. Lots of people seem to think you can solve any problem by just "letting the market work."

The market is working very well on advertisements. They grow increasingly obnoxious, and the adblockers keep getting better and more prevalent in response. The end result is either reasonable ads (probably too late for this) or the death of this particular flavor of the ad-driven revenue model.

I fully expect we'll look back on Internet advertising as a bootstrapper for the early Internet economy as opposed to a lasting model.

I'd love to believe that, but I felt much the same way in the double-dickities, when popups and popunders were rampant, and popup blockers started becoming common place. Eventually, only the oldest and least tech literate of people still had browsers that allowed popups, and they started to go away. It seemed like advertising like that was going away, but it didn't, it just changed, and instead of opening in a new window, it just opens as a DIV in the same one. Only this time it's controlled by the same javascript that is required to make the site even work, so it probably won't ever go away.

Cue the rise of ad-blocker-blockers where you're faced with a) allow a possible vector of malware or b) don 't consume the site et all.

Of course at some point there might be ad-blocker-blocker-blockers which will postpone the problem to another round. But do we really want an economy based on an arms race?

> ad-blocker-blocker-blockers

An ad-blocker-blocker-blocker is just an ad-blocker.

Not quite.

An ad-blocker removes ads.

An ad-blocker-blocker detects ad-blockers and refuses to serve content if one is detected. (Instead a "disable your ad-blocker if you want to use this site" message is shown)

An ad-blocker-blocker-blocker masks the ad-blocker against detection, so content can still be consumed.


I think that's optimistic. As thesuitonym says, when bad internet advertising is blocked, it evolves into even worse (and less blockable) advertising. We're already seeing the rise of "native advertising," i.e. "pay websites to run ads masquerading as their own content."

IDK really, but i found this article lately:


Make your own conclusions.

I'm not sure one one can make their 'own' conclusions from reading that article it was clearly biased towards reaching the conclusion that Ayn Rand was a writer for 'juveniles' which I don't think is a fair appraisal. I mean I don't agree with her conclusions on the world but I would say the world she has created in her novels are at a higher level than juvenile reading.

Why, I enjoyed this article, particularly the part about rape and the end:

I seriously doubt that Donald Trump is really a fan of Ayn Rand. Her books may be juvenile and shallow, but they’re way too deep for him.

Make your own conclusions, indeed.

Heather Digby Parton, also known as "Digby," is a contributing writer to Salon. She was the winner of the 2014 Hillman Prize for Opinion and Analysis Journalism.

Um, I only hope they don't give awards for that.

Salon is a very left-wing site, heavily opinion-based. You get about the same kind of thing when looking at opinion sites from any part of the political spectrum.

It's glorified trash talking really.

Hey, thanks for this link and sorry it got you downvoted by losers who can't take a rant like a man :p

This was probably the best response of all because it provides a plausible explanation why this started only recently. I mean, I swear I have never seen Rand mentioned on HN by anyone in any way until lots of people suddenly started making fun of her few weeks ago.

> I mean, I swear I have never seen Rand mentioned on HN by anyone in any way until people suddenly started making fun of her few weeks ago.

No, a group of people have been posting about Rand for years. Here's a thread from 8 years ago people on both sides of the like/dislike divide. https://news.ycombinator.com/item?id=427292

Here's a post with over 40 points that's just a quote from Atlas Shrugged: https://news.ycombinator.com/item?id=5860250#5860696

But I haven't seen these posts before so your argument is obviously invalid :p

I'm not saying that it never happened but that it wasn't the case that she was mentioned in every other flamewar about politics.

From hn.algolia.com, excerpts from all "Ayn Rand" posts in the last 10 days, except replies to these posts:

Was there ever a honest belief by anyone (except the Ayn Rand fanboys) this could work?

Yeah, that would be great in the Ayn Rand's fantasy land

I had a coworker who was a hardcore Ayn Rand type who had a real harsh point of view like this, until his infant was born with a congenital heart defect that resulted in hospitalization for 3-4 months. [this one actually isn't dumb]

HN is nothing but startup bros, armchair economists, and card-carrying Ayn Rand fan club members.

For an entire generation community-oriented principles, egalitarianism, collectivist ideas, and far-left leaders were demonized as Soviet sympathizers, replaced with rah rah unregulated capitalism, Ayn Rand-ian individualist, and military might. [tl;dr, might be reasonable]

Nobody cares about your Ayn Rand pablum anymore. Argue on morals that have any grounding at all in the real world.

They do all sound harsh!

I don't even care about harsh, fwiw I've barely suffered through maybe some 40% of The Fountainhead when I tried. What caught my attention was that most of these posts look like mindlessly repeated viral meme. Not that it's anything particularly unusual of course, but boring.

I'm very conscious of tracking and I've never bothered to check that box. It doesn't do what it's supposed to and adds another data point for fingerprinting. This and that cookie notification thing should just go away.

It's a data point for fingerprinting wether you have it on or not. The only way to avoid that would be to randomize it's value.

I know that :) I was saying there's now a new standard who's only useful functionality is to increase finger printing data points.

Since more people have it off than on, the information content of leaving it off is much less than turning it on.

Ever seen those "here we'll be setting cookies because we're going to track you if you agree (agree/fuck off)" in Europe? A EU directive or something of the best intent mandates that when you're tracking someone beyond technical needs this boilerplate is required before setting a cookie. Guess what if you disagree there's no way to store the user's answer, so the box keeps popping up, forever nagging the privacy conscious. DNT would have solved that so nicely! Header set, no box, easy peasy. Except the difference between theory and practice is that they're the same (in theory). So boxes keep popping up even from good actors.

The problem is that most of these websites offer no "fuck off" option besides GTFO and usually "agree" is the only button provided and they are probably tracking you from the get go before you even click anything.

If you now mandated them to respect some special HTTP header instead, most of them would simply 403 all browsers with this header set and you would have to disable it to access these sites. So same thing as with JavaScript and cookies - either tolerate crap or stop using a dozen websites or install yet another extension for management of per-site exceptions.

This law is silly and completely detached from reality. They should either prohibit tracking by law or do nothing.

The best solution would be to remove the real problem which is the useless law.

As far as I recall, the EU cookie law is a bit more global than that: a website needs to get permission/consent whenever it wants to store/retrieve information from the visitor's browser---this isn't just limited to tracking. This means that every single website hosted in Europe/targeted at a European audience need to request the authorisation to use the user's browser storage.

A number of websites formulate this as "By continuing to use this website, you agree that we will access your cookies," accompanied with a "Dismiss" button, but that's not really what the spirit of the law is.

DNT didn't change anything to this, as it was meant for a completely different use. I'd even say using DNT for this is a complete hack, which sort of misses the point of both the cookie law and DNT. You are, however, completely right that it is stupid beyond ridicule that you technically can't store the fact that a user doesn't want cookies on the browser.

Edit: paragraph formatting.

> You are, however, completely right that it is stupid beyond ridicule that you technically can't store the fact that a user doesn't want cookies on the browser.

Yes you can, it's pretty simple to do. Add a timestamped entry into your database to not show that notification to the IP address the user comes from, then run a script every minute that clears out entries older than an hour. Granted, if you go back to the website an hour later, it would still pop up the request to access cookies but it certainly beats having it pop up on every page load.

Not all information, only those that are not strictly necessary to provide the service (so e.g. a basic session cookie created once a user logs in or starts using the shopping cart, ... should not require consent)

Interesting, wasn't aware of that distinction. As it turns out, there's quite a few exceptions[1]. Thanks for correcting me!

[1]: http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm#se...

Guess what if you disagree there's no way to store the user's answer, so the box keeps popping up, forever nagging the privacy conscious.

How about a browser extension that hides any overlay divs with the string 'cookies' and input buttons?

Yes. Those exist.

It certainly isn't a complete solution, but it probably did reduce the number of ad networks that tracked you. So yes, I guess you could say it works?

"probably" doesn't lead to "yes, it works". What's the tradeoff? How many good actors does "probably" imply?

Ok, say you are tracked by google, facebook, adzerk, and twitter. If you set DNT, you are now only tracked by google, facebook, and twitter. Yeah, it was pretty much pointless, but you are being tracked by one less network, so it worked to some extent.

It is trash, but at least it is something.

>"...pointless", "it's trash..."

Compelling arguments in favor.

Chemotherapy will probably cure your cancer but since it isn't 100% effective you'd decline?

well, that's not what I said either, so bad on you for the false analogy. Staying in line with my actual argument and using your analogy; what is the success rate of chemo? This is absolutely a main driver in the treatment decision making process.

5%? Nah, I'll pass; I don't want to spend my last six months in agony, so it's not worth it (i.e., bad trade-off). 95%? Hell yes, sign me up. Your own analogy supports what I said earlier.

On a side note, the statement "Chemotherapy will probably cure your cancer" is also not true and shows a bit of ignorance re cancer therapies in general.

Anyone that would check that box would have a tracking blocker installed anyway.

I don't think anyone here is saying it is a great solution. There are plenty of people without Ad blockers that have it checked though, see Internet Explorer users.

I think most companies make an honest effort to abide by their own Privacy Policies.

Google might listen to DNT, or it might ignore DNT, but I don't think they'd ever pretend to listen to DNT and then do something different. They'd get sued for sure.

I work in advertising,and we do respect dnt

So if I set the DNT flag on my browser, your advertising network will neither set any cookies nor serve me any beacons or tracking pixels nor collect any other analytics data from me whatsoever?

Can I or a neutral third party audit your internal database to verify that my browsing history is not being recorded by you? Do you provide a list of all third parties with which you share information with so I can attempt to audit them as well?

What dispute resolution procedures do you support if I have reason to believe that you do, in fact, hold some of my personal information despite my express request? How would you respond to a request to purge an individual's records from your logs?


I don't mean to put you, personally, on the spot. I'm sure your firm is perfectly ethical, and that you do listen for and take some action to honor DNT requests as far as you see fit. I'm also sure that were I at an advertising firm I wouldn't have any better policies. It's not your fault this is a stupid feature.

That said, to almost anyone outside the webdev community "Do Not Track" doesn't mean, "Track, but Anonymize" or "Track, but Don't Personalize", it means "Don't Create A Record I Was Here". I've yet to run across a single company, advertising or otherwise, that interprets it that way, though.

You can pretty much check it yourself. Enable dnt, visit a site, and see if tracking pixels fire (in ghostery). Disable dnt and do the same.

I'd bet nobody respects dnt like that, but you can still check. Obviously if they want to be shady they can get around this too.

blekko did interpret DNT that way, because I made it do so. I'm sure we weren't/aren't the only example.

Kudos to you. (Though I'd like to ask, do you respect it in the common sense way by not storing any information about a DNT user or in the DAA sense - i.e. "we understand 'do not track' as 'do track but only show untargeted advertising'"?)

However, I'm more concerned about the hundreds of other services that might not. My point was that DNT requires cooperation from a huge number of actors to be effective, with the actors having no incentive to play along and nothing to fear if they don't.

Oh well in that case I'm no longer concerned /s

Posted 1 minute ago and already downvoted. I think it's a valid remark (even if it's sarcastic/cynical): the parent could have given some more information about why it is so, rather than just stating what any representative of such a company would say as well.

It's hardly a valid point because (a) nobody in their right mind would take his word for it and (b) even if what he said were demonstrably true, that would just mean he doesn't work for a scummy company.

His comment in no way responds to the main argument, here, which is that there exist many scummy companies who ignore DNT.

It's interesting how Microsoft killed DNT - by supporting it.

Once they made it the default, it was all over. It was so obvious that doing so would kill DNT that I have to wonder if they did that on purpose.

It's definitely an interesting way of stopping something you don't like - support it to such a degree that those who asked for it don't want it anymore.


If any Good citizen site ever thought about honoring DNT they got their plans crushed when Microsoft did this.

It was a silly proposal from the start but a hopeful one. Hopeful that people would do the right thing. The web was always built on assumptions that the other side would do the right thing in that context DNT was not so silly.

This one failed. Because Microsoft didn't do the right thing. They decided to use DNT as a marketing platform instead.

I think you're putting too much blame on Microsoft here. DNT was always garbage, the fact that as soon as anyone used it (it becoming default for IE being the push in this case) it would fall apart just shows that it was always doomed.

Shouldn't not being tracked be the default? Shouldn't we be opting into targeted ads, not out of them? Seems reasonable, if DNT weren't garbage, to have it be on by default. But it was garbage and so it was never really any help to anyone anyway.

Really, everyone should just install an adblocker, and whitelist sites that are non-invasive, don't track, and that you want to support. Then the responsibility isn't on advertisers not to track us, it's on citizens to whitelist sites that they genuinely should be supporting.

I think you're right that "not being tracked" should be the default, in so much as having an adblocker and blacklisting known trackers should be defaults. These are things that my user-agent should be doing automatically to protect me and improve my experience.

On the other hand, DNT is intended to be an opt-in polite request for other agents to change their usual behavior. An adblocker or tracking blocker at the browser/user-agent level does nothing to change how the servers that I do connect to behave. It just alters the behavior of my browser to not contact at all unrelated third parties.

With DNT, my user-agent still contacts those third parties, but with a request to alter their default behavior. "Please, give me adco.com/somead, but please don't correlate this request with other information you have on me, etc."

I do think there's a possible place for something like that, but it has to be opt-in or nobody will listen to it. Trivial examples of other "please deviate from your default behavior" requests are things like "show desktop version" on mobile browsers, Accept/Accept-Language (where supported), etc.

On the gripping hand, it's also yet another bit to differentiate me from everyone else, and expecting polite and ethical behavior from advertising corporations probably really is doomed to failure.

> On the gripping hand, it's also yet another bit to differentiate me from everyone else, and expecting polite and ethical behavior from advertising corporations probably really is doomed to failure.

Yeah, I considered bringing this up in my original post - DNT is garbage for a lot of reasons. One of the big ones being that it actually sucks for privacy, especially if it's not used a ton. It's one more thing that can make you trackable.

There's no way to overblame Microsoft: There was an industry agreement that involved the compromise of DNT not being the default. Microsoft destroyed the entire agreement, which doesn't benefit consumers at all. Worked out great for the advertising and data-collection industries, though.

There was no 'Industry agreement' or compromise - the whole DNT thing was a slice of cake thrown to us by the advertising industry to keep us quiet for a while.

I don't know how relevant/important they were, but there were some advertisers who agreed to respect DNT provided it's set by the user.


What a nonsense apologetic approach. Define "the right thing"? Blocking tracking by default sounds like the "right thing" to me. I'm not sure how "being a good citizen on the internet" became synonymous with "bending over to advertising moguls" or "thinking about the poor starving blogger who must partake in that advertisement tracking ad tech nonsense and blocking that is taking food from his kids". Advertising and tracking blocking has become a gatekeeper of democracy on the internet these days. Unfortunately, with the idiotic political direction in USA (and USSC), I wouldn't be surprised if politicians are not bribed to introduce legislation against blocking advertisement ("it infringes on first amendment of Coca Cola!"), followed swiftly by "America's interests" - much of Europe.

"Blocking ads" is typically justified because the data is being sent to your computer, which is then rejecting parts of the data.

The other side of this coin is that when you voluntarily send data to the server, what they do with it is generally their business (complying with local laws etc).

If you want to "block tracking" you should prevent your computer from sending trackable data to the server. Complaining that theyre keeping data about you is tilting at windmills: good luck preventing it.

Microsoft did the right thing. DNT just pretended to work before. Once Microsoft made it to be used, all pretension had stop.

Privacy standard thay works as long as people are not using it and fails the moment they start to, is just a lie.

'so obvious' is the reasoning technique beloved of tinfoil hatters everywhere.

Sounds like a classic MS EEE[1] tactic. Except it went from embrace to extinguish right away.

1. https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish

DNT made sense only in a world where there would be some sort of law to back it up.

I actually had my adblocker turned off on websites I knew at least tried to respect DNT (reddit, medium and twitter), guess twitter's getting completely adblocked now.

I have no issue adblocking Twitter since they use deceptive ads.

It used to be ads had to be clearly labelled as not to confuse with regular content. Twitter buries their "promoted" label at the bottom in light grey text, so you only know it's an ad after you've read it and asked "WTF? Why is this in here?"

Somehow my brain has figured out how to notice that and ignore them.

Scrolling through my feed I swipe past the ads faster than the other tweets.

There is a law that backs up DNT -- if a website's privacy policy says they respect DNT, and they don't, and it's discovered, it's the same as any other privacy policy problem. You can read in the news about fines, consent decrees, etc related to privacy policy violations.

Maybe. I think in practice that would have eventually led to "disable DNT in order to access Facebook, etc."

I wonder if the major adblockers should have whitelisted the DNT-respecting sites by default.

They haven't for most cases but to be fair, even if the publisher would respect DNT, it doesn't mean that the ad-server at the end of the line or any of the other partners will.

Also keep in mind that while this would be an incentive to respect DNT for some time, there's no guarantee that this would stick - they might at some point just get back to evil behavior when they get whitelisted.

Was the initial hope that the tech would come first and the legislation would follow?

My ad blocker has a DNT they cannot abandon.

Which is exactly how DNT should work, because client-side defeating of tracking is the only way to be sure you aren't actually being tracked.

There is pretty much no practical way to be sure you aren't actually being tracked. The amount of metadata we spew is crazy.

> The amount of metadata we spew is crazy.

Could someone build a privacy-respecting browser that "spews" super-generic metadata that doesn't vary from installation to installation? It's probably have fewer "features," but I'd honestly kinda welcome a simpler browser experience.

I think there are plugins (or extensions? never understood the difference) that will alter outgoing headers.

Even better when used in conjunction with Firefox’s Tracking Protection (`privacy.trackingprotection.enabled` in about:config).

Well I guess I didn't know that!

I thought 'do not track' was on and I was OK but trackingprotection is a separate option in Firefox configuration.

Websites can ignore DNT, but Tracking Protection eliminates trackers in Firefox itself. It’s like an ad blocker, but focused on identifying and removing trackers specifically.

Is there a way to have Tracking Protection without the DNT header nonsense?

Also works on mobile Firefox


You may be blocking ads, but your ad blocker can't prevent the site from tracking you.

My solution is to change the DNS settings in my router to set all domains for Facebook to So,

I'm sure the same could be done with Twitter. This ensures that they cannot track you on e.g. a news site or any other site with a "share" feature.

But... This only works if you're willing to entirely live without Facebook/Twitter. Probably not the best choice for the majority of people.

That assumes that all facebook ad traffic starts with a DNS request for *.facebook.com. It may be that all facebook ad traffic is served in this way _today_, but that doesn't stop them from changing it tomorrow. What about other ad networks? What about other ad networks where you like to use part of their services (eg google.com)? What about ad networks that serve their content from a cloud provider?

Blocking domains at the DNS level is a partial solution at best.

> That assumes that all facebook ad traffic starts with a DNS request for *.facebook.com

This is true, which is why you need a better list. Like one of these:


(There are lots of others out there if one of those doesn't suit your fancy.)

These things will never be perfectly inclusive, but they whack the vast bulk of the commercial surveillance shops, and have the great benefit of not being prone to bypass from browser/extension exploits.

They also cut the flood of garbage down to a point where it is possible to individually see what bugs are getting through and do something about them.

You're right that they're a partial solution, but they are a massively helpful one.

If you're going to use one, do glance over the list to make sure you understand what you're blocking.

Yeah, I went down this path with my router. Found some list, wrote a script to keep it up to date, and blocked it at my DNS server. I found that it was ~80% effective, and broke about ~5% of the websites I used. Its super good for targeting a specific ad network, if you dont need anything else from those domains.

Some interesting examples where it didn't work: 1. wowhead.com: this site hides the source of all of its assets behind its own proxy, so the content you want, and the ads you dont want come from the same place. A traditional ad blocker works fine here. 2. Google: it is really hard to block google's ad domain, but still use google's services if you are doing it at the DNS level.

There is an argument to be made for DNS blocking though. If you want to take the moral high ground, then it is a good method. IE, if you don't like google spying on you, why do you use their services at all?

If you have a raspberry pi lying around (probably other *nix machines would work too), you can setup https://pi-hole.net

I run it at home and it blocks the ads on my entire network. Work exactly like your method.

In case you genuinely want to block Facebook via DNS, check this discussion nearly a year ago:


There are many ways to track you, ad-blocking prevents just a tiny little thing. There are things like pixel tracking that is not very easy to detect/block.

I use umatrix with 3rd party images turned off by default for this reason.

What browser do you use? Chrome?


If you take a look at any fingerprinting code in the wild, ALL of them use your DNT setting as another bit to track you.

It had the exact opposite effect it intended to have.

> "DNT seemed like a good idea. By setting DNT on in your web browser, websites that supported DNT could neither place nor read advertising cookies on your device. Well, that was the idea anyway."

No, DNT seemed like a stupid idea right from the beginning. It's nothing but an "evil bit" that websites were always free to ignore (and what's more, ignore silently). I never understood the outrage when Microsoft had IE set DNT to True as default, all they were doing was making explicit what a useless, feel-good piece of nonsense it was while everyone else was just ignoring the elephant in the room out of motivated self-interest.

So, good riddance. DNT was always an attempt by advertisers to distract people from the fact that the only real solutions to privacy problems are legislative, and they don't want that. Twitter abandoning it might be one tiny step closer to broad awareness of that.

Another example of the fallacy of suggesting a 'free market' will lead to desirable outcomes for society at large when those outcomes are counter to the goal of maximizing profit for individual players. I believe the idea was well-intentioned, but as noted had no chance from the start without some kind of regulatory enforcement behind it.

Not really. You could easily argue (and I would) that people simply don't value it highly, on average. You are free not to visit websites that track you, or use various other technological solutions (Tor, private browsing, ad blockers). There's not a great deal to learn about the "free market" here.

> You are free not to visit websites that track you

Let me just check the public registry of what companies track me and what they're tracking.

If people really wanted this, you could easily build this tool for money.

Quite the opposite, that is the reason why websites like Twitter should honour DNT.

> Quite the opposite

What do you mean by this? The "opposite" of what you're replying to isn't really obvious to me. :)

I understood that DNT is pointless because no one is respecting the setting, if sites like Twitter would do it reliable, it would be better for others to do the same.

(Kicking around an idea to build this:)

Would anybody be interested in a local DNS server that automatically updated its list of black-holed domains through a mechanism that preserved your privacy? (Assuming, of course, a decentralized representation of the block lists.)

Would anybody be willing to sell their attention by accepting payment (BTC), perhaps through a dutch auction, to re-enable a black-holed domain for a time-limited period? (Hand-waving the mechanism for ensuring that the domain was actually whitelisted.)

I'd personally be interested in the former, and would likely use the latter - even though I find it hilariously unlikely that Ad Networks or Web Sites would participate in bidding for my attention directly.

The problem with the hosts file is that some sites have onclick-handlers in their download-buttons etc. that first call out to google analytics etc. to register the event before allowing it. Blocking on the host level makes these sites fail and temporarily disabling hosts is cumbersome.

Ghostery has a nice little library of stubs for e.g. ga that are injected in each page. I think any good solution will need to have such shims. Doing it on the network level (like redirecting to a stub hosting webserver) has problems with SSL

If you don't already know about it, definitely check out https://pi-hole.net/

I'm not totally clear on where their blacklist comes from but their mainpage claims "Known ad-serving domains are pulled from third party sources and compiled into one list"

This is pretty much exactly your first suggestion and seems like it would be an excellent platform on which to launch your second suggestion.

Default block lists appear to be: https://github.com/pi-hole/pi-hole/wiki/Customising-sources-...

The most comprehensive of the lists appears to be https://github.com/StevenBlack/hosts , which is the same list I use for DNS filtering on my DD-WRT router. Seems to work pretty well.

Large ad publishers such as Google and Facebook are already doing the equivalent of auctioning users' attention by proxy of views, clicks, and conversions through their existing ad delivery methods.

Wouldn't you rather be in control?

what if instead of using ad blockers we use ad amplifiers that downloaded 10 or 100 copies of video ads to make sure we got the data correct?

Serving video is pretty expensive. How big are the ad networks' margins? Let's see who blinks first.

Ironically if you make this look like "click fraud" you can probably ensure that the site doesn't get paid for serving ads - but the ad network was still paid by their clients.

If an ad network marks a click as fraudulent but still charges the advertiser, aren't they guilty of fraud as well? That seems like risky behavior for a company.

Ok, this seems like click fraud. I'm just proposing downloading videos multiple times to ensure a good copy.

I think the internet is bad (and metered) in a lot of places in North America, so this would be counterproductive. However, it might work in Europe.

Very little of the internet in North America is 'bad', and in the US very little is metered beyond mobile. There are ISPs who technically have data caps, but very few people ever come close to them.

What a shock - the voluntary and arbitrarily interpreted 'feature' designed by advertising companies failed to protect anyone's privacy...

Well, ad blockers are still here.

Commenters are confusing ads versus tracking.

Remember that it is possible to track users without the use of ads.

A browser written by an organization that profits from ad revenue or collecting user information (hereafter "well-known browser") will load elements, e.g., images, in a web page automatically.

No user interactivity is required. The user need not "click" anything. The user may not even be able to see the element loaded.

Email clients supporting HTML email can do the same thing, loading images automatically, hence suporting a method of tracking.

This is a very old method but still widely used.

What if the user is not using a "well-known browser"? What if those elements will not be loaded automatically? Will these methods of tracking still work?

All methods of tracking, other than IP addresses in access logs, rely on assumptions. Many rely on assumptions about usage of a "well-known browser".

The assumption re: automatically loaded elements, "beacons" or whatever one wants to call them, is that the user is using a "well-known browser" that will load elements automatically. If the user is not using a "well-known browser", all bets are off?

Another example is the HTTP header "fingerprint". HTTP headers are tied to "well-known browsers". What if suddenly all users decided to only send the same minimal headers? In the way that some server software might try to hide its version (e.g., BIND) imagine that users decided to hide their client software version.

Aside from IP addresses, many methods of web tracking are heavily reliant on assumptions about use of "well-known browsers" and the behavior of those browsers. Could these assumptions ever fail to be true? Can users think for themselves?

The www as a medium for exchanging information or even doing commerce does not necessarily require the use of any particular browser. That "requirement" is only imposed by certain sites on the www, for reasons that may ultimatley benefit the site owner more than its users. No such "requirement" is imposed by the www itself.

Thinking of this in terms of "a carrot and a stick", as far as I have seen using the www since 1993 there is only a carrot in the form of a "well-known browser". There is no stick. Users are free to make HTTP requests using any client they choose, including ones that do not expose them to advertising or tracking. Such clients may not require an "adblocker" because they do not requests elements automatically.

There used to be and perhaps there still is a never-ending battle between commercial entities over which is the "default browser" in a graphical OS. Certain companies tried to coax users into using certain "well-known browsers". There was even a large antitrust case in the US over this issue.

The implication seemed to be that if not set by default users might otherwise choose some other HTTP client to interact with the www. In those days one company wanted to sell a browser as enterprise software. Today that browser is owned by a "non-profit" organization of salaried employees. Other well-known browsers are owned by "for profit" (subject to taxation) commercial entities with thousands of employees.

Today, these well-known browsers are "free". And yet these browsers are written by salaried employees, not open-source project volunteers. These entities continue to market their "free" browsers aggressively to users.

As a user, ask yourself why.

Ads? Tracking?

upvote != endorsement

I always suspected Mozilla pushed Do Not Track to undermine online privacy. It was a doomed idea from the start -- all DNT does is politely ask a website not to track you. Setting their browser to DNT on did give tens of millions of Firefox users the illusion they were getting a high level of privacy (so they presumably would stick to Firefox) even though it didn't actually do very much.

> I always suspected Mozilla pushed Do Not Track to undermine online privacy.

What motivation does Mozilla have to want to "undermine online privacy?" Of all the major browser vendors, they seem the least coupled to the privacy-invading ad ecosystem.

The Mozilla that was using your browsing history to target new tab page ads to you? That's "least" coupled to the privacy-invading ecosystem?

That gets hundreds of millions of dollars a year from Google & Yahoo/Microsoft in search revenues without pushing them to provide a genuine private search?

> The Mozilla that was using your browsing history to target new tab page ads to you? That's "least" coupled to the privacy-invading ecosystem?

Yeah it's the least coupled, because the major alternatives (e.g. Google) literally run the privacy-invading ad networks.

Mozilla walked back from the tab-page ads more than a year ago.

> without pushing them to provide a genuine private search?

How much leverage do you think Mozilla has with the search engines? Google canceled their deal with them because they are so dominant and Chrome has been so successful. Mozilla needs revenue to keep the lights on, and the search engines are the source of it.

Online privacy remains an issue that upsets people, but at day's end, neither companies nor the Trump administration have any real interest in protecting privacy.

Does not surprise me at all.

As a very early adopter of Twitter, I have to say I thought this platform had a lot of promise at one time. Unfortunately, it's becoming a textbook case of how massive ego corrupts and destroys a product, a company, and now even a country. It started with the lockout of developers' ability to write frameworks around the APIs and is ending, naturally, with these massive political bots owning 10K+ followers, spam that always ends up on the top layer of search.

My disenchantment had been growing for a long while. Finally shut down my accounts earlier this week after they refused to offer "verification" my ecosteader account. Ten years I've been waiting it out, promoting this company for free, adding Twitter links to websites I build for customers and clients... and they do not even grant a courtesy gesture to show people that yes, the owner of these Twitter accounts is indeed associated with these websites.

Instead, like everything else on the Internet these days, it's all about popularity and ego and bribery.

Apparently, the rumor that the best way for a small company or org to get verified is to cash-bribe somebody who works there is true? If that's what you wanna do, go for it... but at least document your corrupt dollars needed and standards for bribery somewhere, so people can have some reference before they waste their time. The echo chamber and circlejerk thing has gone on for far too long.

> As a very early adopter of Twitter, I have to say I thought this platform had a lot of promise at one time.

Given that is was a centralized, proprietary service from day one, so it necessarily would follow the interests of the owners, and that also has a strong network effect that locks people in ... how did you come to that wild conclusion?

There was a (brief) period of time many years ago when Twitter was more friendly to developers; that is what I was referring to.

What followed was a series of terribly bad decisions to turn it into a marketing platform, rather than what it what it was organically becoming, which was a real-time market research tool + analytics API.

As a result of bad direction and big ego, today it is just an extremely noisy, mostly irrelevant, echo chamber.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact