Steelie Neelie: Settle your Do-No-Track squabbles or else Regulators may impose a Do-Not-Track standard on squabbling tech vendors and web businesses after they missed a deadline to develop their own proposal. EU member states are looking at how to enforce DNT under ePrivacy rules, the vice president responsible for the Digital Agenda Neelie Kroes said Wednesday. Kroes also hinted …
Good on her I say, I don't like the idea of ploititions resolving this but with petty reactions like Roy Fielding's this is just turning into a playground fight.
Sort the kids out, privacy should be on by default in my book why do the marketeers and advertisers belive that information is their right to have. While they silently enable the option but never tell the users it is there.
Less technical people would never know about it unless they were told as in IE10 (well done MS), everyone I have talked to has said they would turn the privacy on if they knew about it which none of them did before I talked to them.
"She also spoke of the ad-hoc code change by Apache daddy Roy Fielding to make Apache web servers disable DNT setting in IE10, "
That one item there shows an arrogant tech industry that is out of control and needs bringing sharply to heel.
Surely altering a setting in that manner is illegal in many territories? If not it should be.
Its MY machine. I will set it as I want it, not how some Ad man requires. Ad men are welcome to bid for MY web data direct from me - Im not saying I would sell, but they can ask.
Coat - without the cookies in the pocket - they get dropped at the door
...and guess which lobbyist group usually win that battle....
It would be nice if the solution is:
"If the flag is not present or if it is set to false, then Do-Not-Track that person/session, if it is present and set to true, you may add them to your uber-database", but I can't see that happening
"If the flag is not present or if it is set to false, then Do-Not-Track that person/session, if it is present and set to true, you may add them to your uber-database"
It's a DoNotTrack flag/header not DoTrack. Did you mean:
"If the flag is not present or if it is set to true, then Do-Not-Track that person/session, if it is present and set to false, you may add them to your uber-database"?
According to a post on GitHub 3 days ago, the change my Roy was commented out
Post:
https://github.com/apache/httpd/commit/a381ff35fa4d50a5f7b9f64300dfd98859dee8d0
Newer change from 19 days ago:
https://github.com/apache/httpd/commit/3dd6fb6882ae2b453c90d51e777e88bc420a0cb1
Even though commented out the comment is still really arrogant. Misusing DNT? A specification they have not sorted out yet.
How do you misuse something that is not a standard as yet?
Especially when the users has to click on the accept button etc. Just because it is enabled if they set the defaults they still have to look at and agree. So therefore the user has set do not track.
As I said before stop trying to bury the setting somewhere where normal everyday computer users will never know about it and set it on by default.
> How do you misuse something that is not a standard as yet?
If it's ready for implementation, it's standardized enough.
But I still don't see why he went all postal on this.
I don't see where the problems are either. IMHO, the "cookie" debacle is just political grandstanding that muddies the issues. "Do not track" means that you are telling a reputable service to throw away data ASAP (i.e. once the session closes or a small timeout has been reached) and to not communicate said data to 3rd party services while held. What could be simpler?
If you are connecting to a disreputable service, DNT will do bugger all, but then you still have "private browsing".
If this was only about collecting profiles for on-line advertising, something like do-not-track might be good enough. However, the underlying general issue is privacy in a world where collecting, combining and looking up information on an individual has been - and continues to be - completely transformed by technology, hence something along the lines of a blanket ban on collecting and using information that *might* be personally identifiable is needed. This would then have narrow exceptions, most importantly allowing collection and use with consent (= opt-in) with the provision for opt-out later (= the right to be forgotten i.e. having the data relating to you deleted, or, failing that due to technical or legal reasons, only used as strictly necessary for those technical or legal reasons).
Very few sites implement the cookie thing properly. (i.e allow you to disallow the cookies from 3rd parties (i.e ad networks) separate from the ones required for the site.)
I am pretty sure a useless popup saying we use cookies is against the spirit of the law (And hopefully the letter of the law).
I agree its probably against the spirit, but the ICO specifically OK'd it so that's what people have been doing. At least those that have done anything.
I don't believe you're required to allow the user to disallow though. Its more you can't set without permission so an accept button is all that'd be required. Sorta like a paywall but with payment in privacy.
@h3, I think that you may be conf[(lat)|u]sing two related, but separate concepts.
The downloading and storage of third-party cookies, script, graphics, frames, etc. can be controlled by the browser (perhaps with the aid of extensions/plug-ins).
To block data from the second party (primary web-site) would somewhat defeat the purpose of a web browser. Information in the request header from th browser cannot be controlled by the user once it is sent, and is under the control of the recipient web-ite.
The intention (but not necessarily the actualité) of the EU legislation seems to be to prevent both second and third parties from collecting, collating and sharing data that would infringe the user's expectation of privacy without the user's explicit informed consent.
The use of "Do Not Track" makes the intentions of the subject clear, and firmly places the onus on the web-site to comply. Failure to respect the "Do Not Track"s could be construed as wilful, and
invite legal action against the data harvester.
Companies that seek to profit from collecting and selling personal data (really just an extension of the credit-rating and employment blacklist agencies) would rather use covert methods for fear of their product source drying up.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
