Apache Hammers Microsoft Over Do Not Track

[hagjohn]

It's either off or on. I don't honestly what the big issue is. If Microsoft wants to default it on, to protect their users, who cares. Apache's retaliation totally undermines their credibility.

Everyone bitches that Microsoft doesn't do enough to protect their users and then when they do, everyone bitches.

[Growled Member]

I think Apache is doing the right thing. Microsoft screwed the pooch on this one.

[articuno1au]

Are any of you aware that the standard was changed to specify it should be set off by default AFTER Microsoft announced they were going to turn it on by default?

[Shane Nokes]

I think Apache is doing the right thing. Microsoft screwed the pooch on this one.

How so? There is an option to turn it off during install. It's there waiting to be used.

So giving users the choice and users choosing to use it is their fault how? I'd like to see a well thought response on this one.

[BajiRav]

The problem is, Microsoft's non-standard compliance (again) is threatening to derail the entire DNT specification. IE users are at risk of losing the option entirely thanks to Microsoft's showboating.

so which standard Microsoft is non-compliant(again) in your opinion? I am asking for your opinion because facts don't look good for you.

[HawkMan]

The problem is, Microsoft's non-standard compliance (again) is threatening to derail the entire DNT specification. IE users are at risk of losing the option entirely thanks to Microsoft's showboating.

except there is no standard yet. and even if there was it should be either default on or no preference in the standard. default setting has no place in a standard. and MS is pushing for default on in the standard. so both on and off is on the table as it is.

[Shiranui]

What is Apache's market share these days?

[The_Decryptor Veteran]

How so? There is an option to turn it off during install. It's there waiting to be used.

So giving users the choice and users choosing to use it is their fault how? I'd like to see a well thought response on this one.

I thought you said it didn't default to on, but now a user has to turn it off?

This reduces choice because there's no way for a server to actually tell if somebody using IE10 doesn't want to be tracked, or is simply using the default setting. Advertising companies have already said they'll ignore DNT sent by IE10, reducing the actual usefulness of the setting to the point where all it does is bloat the HTTP header.

If somebody using IE10 doesn't want to be tracked, then their only option is to use another browser, since nobody is going to trust the DNT header sent by IE10.

[simplezz]

What is Apache's market share these days?

About 60% of the internet. Perhaps Microsoft will learn from this and follow standards in the future. It's just unfortunate that IE users have to suffer because of Microsoft's arrogance.

[Alwaysonacoffebreak]

LOL! Apache...that says it all already.

[Shane Nokes]

I thought you said it didn't default to on, but now a user has to turn it off?

*Sighs*

I'll explain this in a simple way since it seems apparent everyone enjoys trying to twist what I say lately.

Until the OS is installed nothing is turned on or off.

During the install there are options.

Choosing the Express option turns DNT on.

Choosing the Custom option allows you to decide if you want it or off.

That is what I meant by turn it off. So please don't try to twist what I say to fit what you want to pretend I said.

Thanks. :)

About 60% of the internet. Perhaps Microsoft will learn from this and follow standards in the future. It's just unfortunate that IE users have to suffer because of Microsoft's arrogance.

So giving users the option to turn it on or off during install is arrogance?

[simplezz]

So giving users the option to turn it on or off during install is arrogance?

The specification clearly states that a user must explicitly turn it on. The custom express option, which most people use, automatically turns it on. Therefore, it violates the specification. Microsoft's arrogance is that it thinks it can go it alone and do what ever it likes. That might have worked when IE dominated the browser market, but not any more. In the end, all Microsoft's decision has done is punish IE users because their DNT privacy setting is now ignored by 60% of the market as well as most advertisers.

[BajiRav]

The specification clearly states that a user must explicitly turn it on. The custom express option, which most people use, automatically turns it on. Therefore, it violates the specification. Microsoft's arrogance is that it thinks it can go it alone and do what ever it likes. That might have worked when IE dominated the browser market, but not any more. In the end, all Microsoft's decision has done is punish IE users because their DNT privacy setting is now ignored by 60% of the market as well as most advertisers.

That specification didn't exist until after Microsoft announced turning DNT on in express. It was added afterwards by what I can only imagine as pro-tracking lobby. So try again. And even then, Microsoft is not violating standard as it stands today.

[Shane Nokes]

The specification clearly states that a user must explicitly turn it on. The custom express option, which most people use, automatically turns it on. Therefore, it violates the specification. Microsoft's arrogance is that it thinks it can go it alone and do what ever it likes. That might have worked when IE dominated the browser market, but not any more. In the end, all Microsoft's decision has done is punish IE users because their DNT privacy setting is now ignored by 60% of the market as well as most advertisers.

The user has the option during install. Just because they choose the Express option instead of Custom doesn't change that fact.

You can argue all you want, but reality won't change for you.

That specification didn't exist until after Microsoft announced turning DNT on in express. It was added afterwards by what I can only imagine as pro-tracking lobby. So try again. And even then, Microsoft is not violating standard as it stands today.

Bingo!

[The_Decryptor Veteran]

*Sighs*

I'll explain this in a simple way since it seems apparent everyone enjoys trying to twist what I say lately.

Until the OS is installed nothing is turned on or off.

During the install there are options.

Choosing the Express option turns DNT on.

Choosing the Custom option allows you to decide if you want it or off.

That is what I meant by turn it off. So please don't try to twist what I say to fit what you want to pretend I said.

Thanks. :)

...

So the default is to have it enabled, and you have to do a custom install/setup to turn it off?

[Alwaysonacoffebreak]

Yes. You got it right.

I don't get the fuzz about it. It's their god damn OS, their browser, do what the hell you want with it. Browser choice all over again. Don't like the options move to Linux or OS X.

All-in-all stop using Apache, geezus. :/

[Nashy]

Install Do Not Track. Problem solved for everyone.

[BajiRav]

So the default is to have it enabled, and you have to do a custom install/setup to turn it off?

Have you installed Windows 8 yet? The "default" is a screen that tells user that DNT will be turned on (among 4-5 other things) if they choose express. In my opinion, this is much better than not letting users know about DNT.

This whole thing is ironic considering the talk of how average users will find metro difficult to use because of hidden UIs but the same "average users" are now suddenly expected to somehow discover, know and make a choice on DNT in their browsers?

For once, Microsoft is on the right side of history and the guy who submitted the apache patch is acting like a moron (and happens to be "author" of DNT). The language of the patch submission is also melodramatic and reads weird.

[FloatingFatMan]

Apache are way more in the wrong with their decision to just disregard the DNT setting than MS are by setting it on if you use express setup.

Perhaps MS should just say "screw you" to everyone, and enable in-private browsing by default, too. Fully sandbox all websites by default and screw anyone using persistent cookies.

[Alwaysonacoffebreak]

Like stated before. Before pushing the "Express install" button it clearly states that DNT will be enabled by default.

So yeah, MS should say "Screw you" to everyone, specially Apache.

[The_Decryptor Veteran]

Have you installed Windows 8 yet? The "default" is a screen that tells user that DNT will be turned on (among 4-5 other things) if they choose express. In my opinion, this is much better than not letting users know about DNT.

...

I haven't installed 8 and I have no interest in ever doing so.

And it's fine to tell the user DNT is enabled, the issue is them enabling it by default. It should either prompt the user (and not just if you do a custom install), or leave the header out entirely. All MS has succeeding in doing by defaulting it on in IE10, is ensure that advertisers will ignore it for IE10.

[Fourjays Veteran]

Users do have the choice. MS effectively recommend that users switch it on but if a user really does want to have advertising corporations track them online then they can turn DNT off when they first start IE.

Besides, I think you're misrepresenting the role that advertisers play here. They're not saying that they'll only honour DNT if a user switches it on. They're saying that they'll only honour DNT if it remains obscure, poorly supported and doesn't have any impact on their revenue. In other words, it's the advertisers (and Apache in this case) that render DNT useless, not MS who are simply recommending that people use it.

Yes, users have a choice, but it isn't one that the advertisers like. In order for DNT to at least partially work, advertisers need to be onboard. All MS have to do is to default it to off and ask users to turn it on if they wish. That doesn't mean hiding it.

The real story here though is Microsoft falsely advertising this "feature" so they could have an Apple-esque gloat about how much they care about users privacy. At the end of the day the setting is entirely useless.

[Shane Nokes]

So the default is to have it enabled, and you have to do a custom install/setup to turn it off?

Yes and no. During the install you're asked if you want to do Express or Custom. It tells you if you choose Express that DNT will be on. If you choose Custom (which only takes a few extra seconds to confirm what settings you want on and off) then you can choose whether or not to enable it.

So it's not like a super secret installer or something. It's part of the standard OOBE stuff.

[HawkMan]

I haven't installed 8 and I have no interest in ever doing so.

And it's fine to tell the user DNT is enabled, the issue is them enabling it by default. It should either prompt the user (and not just if you do a custom install), or leave the header out entirely. All MS has succeeding in doing by defaulting it on in IE10, is ensure that advertisers will ignore it for IE10.

What world do you live in where you think the advertisers won't ignore it on every other browser that actually has it and has it as default to off.

[Shane Nokes]

I haven't installed 8 and I have no interest in ever doing so.

And it's fine to tell the user DNT is enabled, the issue is them enabling it by default. It should either prompt the user (and not just if you do a custom install), or leave the header out entirely. All MS has succeeding in doing by defaulting it on in IE10, is ensure that advertisers will ignore it for IE10.

So they should prompt users twice regarding custom settings? That makes 0 sense. At that point why not do away with Express altogether and force prompt for every possible option.

There's no way to win for MS.

Don't implement DNT as part of Express people will ask why such an important security setting is so obscure and requires digging to find.

Enable as part of Express, people will cry about how you force the nice friendly altruistic advertisers to ignore this feature that is obviously flawed so why did MS bother?

Give the choice as part of Custom and it's back to more of the, why is it so hard to turn on & off garbage.

It sickens me that people are crying over something they can easily enable or disable during install.