Apache Hammers Microsoft Over Do Not Track

[Redmak Administrators]

BTW this is more of what I predicted earlier. MS will get hammered regardless of what road they take with security.

I agree with what Microsoft is doing here, I'm just worried about the average user ending up with settings enabled or disabled without knowing what the actual consequences are.

This is always the case with default or express options, but in case of DNT it's a bit more than a simple user preference.

[+Heartripper Subscriber¹]

In the pc word somethind that is turned off by default is, most of the times, turned off forever. What's the point of DNT if it's turned off by default? Only those who know about it would turn it on, and how many does?

[Shane Nokes]

I agree with what Microsoft is doing here, I'm just worried about the average user ending up with settings enabled or disabled without knowing what the actual consequences are.

This is always the case with default or express options, but in case of DNT it's a bit more than a simple user preference.

...and that's what the Custom option is for.

Also if you looked at the screenshot it shows what Express will do for you. It doesn't hide anything. It spells it out pretty clearly. Also the feature is named in a manner that makes it easy to figure out. If I saw a setting called Do Not Track, I would assume it was something to help keep me from being tracked while using Internet Explorer since it states that it was an IE feature.

MS decided to create 2 routes to an install. Custom & Express. Express is a simple click here, no muss, no fuss install...but has a screen telling you what happens when you use it.

If they prompt again, then the user will go wait a minute...I thought I chose Express where it was supposed to just turn on everything for me...so why is it asking this now?

That's what Custom is there for. If we have to start prompting users at every single new feature added in new version of Windows then it goes back to being a non-Express experience again...so why even bother?

[Alwaysonacoffebreak]

http://www.extremete...ss-settings.jpg

3rd point. In plain English!

Geezus. What more do you need? :/ Stop complaining already.

[ichi]

Yes, and it cannot be enforced if it's not a standard... ...by the very definition of what it means to be a standard in normal industry jargon.

Even if/when it becomes a standard, is there any plan to actually enforce it? That is, legally enforce it.

Or are we expecting ad companies complying out of free will?

The fact is that right now DNT is useless, and will be at the very least for quite some time.

[Shane Nokes]

Even if/when it becomes a standard, is there any plan to actually enforce it? That is, legally enforce it.

Or are we expecting ad companies complying out of free will?

The fact is that right now DNT is useless, and will be at the very least for quite some time.

Indeed, for now it is.

There are perks to following a standard. For instance if you don't follow the WiFi standard you actually can't list the WiFi logo on your hardware or any associated boxes or advertising, and cannot call it certified.

As stands the draft is calling for voluntary participation, but I think it should be compulsory.

[Ryoken]

Indeed, for now it is.

There are perks to following a standard. For instance if you don't follow the WiFi standard you actually can't list the WiFi logo on your hardware or any associated boxes or advertising, and cannot call it certified.

As stands the draft is calling for voluntary participation, but I think it should be compulsory.

And how would you enforce that ?

Make every site offer up server access to a 3rd party to check it ? Don't think so.

[Shane Nokes]

And how would you enforce that ?

Make every site offer up server access to a 3rd party to check it ? Don't think so.

Have a system similar to Verisign in place. Send a DNT request and check for the response. It's not hard to figure out...

[Ryoken]

Have a system similar to Verisign in place. Send a DNT request and check for the response. It's not hard to figure out...

Having a secure connection server to user is something you can test.

Proving at a server isn't keeping records of what you do is something you can't without access to the code.

I can track people coming to a site without even using cookies, just by logging the movies of their IP Address server side and no one without access to the code would have a clue.

[Shane Nokes]

Having a secure connection server to user is something you can test.

Proving at a server isn't keeping records of what you do is something you can't without access to the code.

I can track people coming to a site without even using cookies, just by logging the movies of their IP Address server side and no one without access to the code would have a clue.

Right but that's not what this is for. With DNT a flag is sent to the server and a response is given showing whether or not they acknowledge the flag.

That's something that you can easily check.

So a standards body can easily confirm if the flag is being respected or not just by reading the response.

[ichi]

Right but that's not what this is for. With DNT a flag is sent to the server and a response is given showing whether or not they acknowledge the flag.

That's something that you can easily check.

So a standards body can easily confirm if the flag is being respected or not just by reading the response.

You can check a response but not if they are actually tracking you or not.

And then what's exactly tracking anyway? Tracking cookies are obviously considered tracking, but what about sites that get third party webs to load resources from their servers, like Facebook?

[Shane Nokes]

You can check a response but not if they are actually tracking you or not.

Will someone else explain this to him? I keep trying but there must be some way in which I'm not being clear enough...

[Stoffel]

I can't believe people are all over MS again for protecting their average customer.

Like I said before, for some people MS can never win doesn't matter what they do.

And as been posted before, they give you a clear option to turn it on or off during installation.

Add companies are just mad because they were hoping the DNT option would stay hidden away in some obscure menu and now MS is bringing it to the front so more people will have this option on.

Can't believe people agree with what Apache just did, they openly admit they will ignore the choice of all IE users.

And to Shane Nokes, I have the feeling people are just being thick on purpose when they are answering to you, you make total sense to me!

[Ryoken]

Right but that's not what this is for. With DNT a flag is sent to the server and a response is given showing whether or not they acknowledge the flag.

That's something that you can easily check.

So a standards body can easily confirm if the flag is being respected or not just by reading the response.

That doesn't prove the flag is being respected, just that the server says it is..

It really wouldn't be hard to get a server to respond to the dnt saying it's following it, then Not following it.. that's my point.

It's very easy to get a server it lie to anyone..

[Shane Nokes]

I can't believe people are all over MS again for protecting their average customer.

Like I said before, for some people MS can never win doesn't matter what they do.

And as been posted before, they give you a clear option to turn it on or off during installation.

Add companies are just mad because they were hoping the DNT option would stay hidden away in some obscure menu and now MS is bringing it to the front so more people will have this option on.

Can't believe people agree with what Apache just did, they openly admit they will ignore the choice of all IE users.

And to Shane Nokes, I have the feeling people are just being thick on purpose when they are answering to you, you make total sense to me!

Thank you. I try to be a clear & effective communicator. I don't think a lot of people realize that if this becomes a standard and violations occur that there are consequences that ensue.

That's why I pointed out Verisign. Usually when a standard comes along there are groups who verify it is being followed.

That doesn't prove the flag is being respected, just that the server says it is..

It really wouldn't be hard to get a server to respond to the dnt saying it's following it, then Not following it.. that's my point.

It's very easy to get a server it lie to anyone..

Indeed and do you know how hard companies get slammed if they lie? Any company that stated they complied with DNT and didn't would get dropped for contracts quickly if it went public.

Have you worked for one of the big tech companies before? I ask because if you had you'd know what a huge deal breaking standards is for most. Look how badly MS was taken to task?

[Colin McGregor]

I'm with Apache on this. If the browsers default behavior is do not track then web services will simply ignore the flag entirely. It has to be a choice that the users make instead of a default if it has any hope of working.

This should force Microsoft to change their stance but we all know it won't they are too stubborn.

didn't ms have to include crappy browsers in a ballot box because google and mozilla assumed the user didn't know too much. Now MS does something that helps users stay more secure and its a bad thing??

[Vice]

didn't ms have to include crappy browsers in a ballot box because google and mozilla assumed the user didn't know too much. Now MS does something that helps users stay more secure and its a bad thing??

Yes this is bad because if this browser automatically defaults 25% of the web fairing public to "do not track" advertisers and other websites will just ignore the do not track system entirely. That is one of the major ways they make money, heck whole businesses are built on tracking. The only reason they are embracing it currently is for good PR and knowing that very few people will go in to the settings of their browser and turn on "do no track".

I applaud Microsoft for wanting to do the right thing but as usual their execution fails them and puts the whole do not track system in jeopardy from being ignored by the people we don't want to track us.

[Shane Nokes]

Yes this is bad because if this browser automatically defaults 25% of the web fairing public to "do not track" advertisers and other websites will just ignore the do not track system entirely. That is one of the major ways they make money, heck whole businesses are built on tracking. The only reason they are embracing it currently is for good PR and knowing that very few people will go in to the settings of their browser and turn on "do no track".

I applaud Microsoft for wanting to do the right thing but as usual their execution fails them and puts the whole do not track system in jeopardy from being ignored by the people we don't want to track us.

Again it doesn't 'automatically default' anything. You are given a very clear choice during the setup of Windows to either enable or disable DNT.

The user has to make this choice. It isn't just automatically done without them having been given an option, so will you please stop trying to spread this FUD!

I'm starting to agree with Stoffel when they say that some of you are being thick on purpose. It's not amusing...

[Vice]

Again it doesn't 'automatically default' anything. You are given a very clear choice during the setup of Windows to either enable or disable DNT.

The user has to make this choice. It isn't just automatically done without them having been given an option, so will you please stop trying to spread this FUD!

I'm starting to agree with Stoffel when they say that some of you are being thick on purpose. It's not amusing...

And what happens if you just click this box away without choosing anything?

Also notice in my post I said "if this browser" I never said "this browser does".

[hagjohn]

And what happens if you just click this box away without choosing anything?

Then that's the choice you made.

[Vice]

Then that's the choice you made.

I want to know what happens if the user doesn't read the box and just clicks the x. What is the default behavior if the user doesn't choose an option at all.

[hagjohn]

I want to know what happens if the user doesn't read the box and just clicks the x. What is the default behavior if the user doesn't choose an option at all.

Isn't that also a choice?

Microsoft just can't win with some people. They don't do anything, people bitch. The do something proactive to protect people and people bitch. Frankly, this really isn't the place to hit Microsoft on. If you ask people if they want to be tracked online and most people will say no.

[Vice]

Isn't that also a choice?

Microsoft just can't win with some people. They don't do anything, people bitch. The do something proactive to protect people and people bitch. Frankly, this really isn't the place to hit Microsoft on. If you ask people if they want to be tracked online and most people will say no.

So do you not know the answer to my question because I don't which is why I asked.

[Ryoken]

Indeed and do you know how hard companies get slammed if they lie? Any company that stated they complied with DNT and didn't would get dropped for contracts quickly if it went public.

Have you worked for one of the big tech companies before? I ask because if you had you'd know what a huge deal breaking standards is for most. Look how badly MS was taken to task?

I know that most companies will try to get away with what they can.

Would they get fined big time if they were caught ? Ya.. of course.. but how are you gonna catch them.

Short of employees turning in their company, there is really no way..

Look at all the stuff Google has done, ignoring privacy, and when they get caught they pay a fine they can afford, but say they are sorry, didn't mean too, and then move along.. in a few months no one cared anymore..

[rfirth]

And what happens if you just click this box away without choosing anything?

Also notice in my post I said "if this browser" I never said "this browser does".

I want to know what happens if the user doesn't read the box and just clicks the x. What is the default behavior if the user doesn't choose an option at all.

It's part of the install process. You can't just click an X to make it go away. You aren't in Windows when that box appears... there is nowhere to go but forward...

What is the default behavior if the user doesn't choose an option at all? To stay stuck on that screen forever.