Europe
It will be intresting if they do this in Europe!
Yahoo! has announced that it will ignore the default "Do Not Track" (DNT) signal broadcast by Microsoft Internet Explorer 10, on grounds that it does not accurately reflect user intent. "Recently, Microsoft unilaterally decided to turn on DNT in Internet Explorer 10 by default, rather than at users' direction," a Yahoo! …
"Whether the advertising based companies like it or not, it's an expressed wish by the user to not be tracked"
Actually I think Yahoo's point is that when set automatically, it is NOT the user's expressed wish, merely a default setting of which they are probably not aware.
The problem is that if IE10 sets it as default, and the value is thus (reasonably, perhaps) ignored for that reason, when an IE10 user does make an informed choice, there is no remaining standard mechanism they can use - apart from changing browser.
Actually I think Yahoo's point is that when set automatically, it is NOT the user's expressed wish, merely a default setting of which they are probably not aware.
However, under EU (and Swiss) Data Protection laws, this is the correct default as the user has to opt in to data acquisition, not opt-out because that would expose the user to a game of whack-a-mole to protect their information.
Astonishing as this is, I am finding myself on the side of Microsoft in this. Now, knowing Microsoft, its past behaviour gives rise to the suspicion that there is probably some not so clean motive behind this, but as it stands they are actually doing the right thing for a chance. I'm as astonished as I suspect everyone else is.
In this context I am of the opinion that Roy Fielding of Adobe (who wrote the Apache patch to make it ignore the IE10 DNT flag) is ignorant of both EU privacy laws as well as Human Right no 12 - the RIGHT to privacy. Personally, I think he deserves a Big Brother award for his actions. And maybe a formal complaint to the EU for wilfully violating the privacy of many.
Just because "opt in for data acquisition" is the legally correct default in Switzerland & EU countries does NOT make it the users "expressed wish". That's the point.
There are an awful lot of cases where EU directives don't reflect the wishes of the people they purport to represent. Don't get me started.
(In this case they MAY well reflect their wishes, but, individually and with IE10, there's no way left to tell)
I doubt that you were downvoted for stating facts, more likely the fact that you selectively chose them. You can essentially say the exact same thing reversed for an opt-out situation as below:
-
Just because "opt *out* for data acquisition" is the legally correct default *not* in Switzerland & EU countries does NOT make it the users "expressed wish". That's the point.
There are an awful lot of cases where *NON-EU* directives don't reflect the wishes of the people they purport to represent. Don't get me started.
(In this case they MAY well reflect their wishes, but, individually and with *OTHER BROWSERS*, there's no way left to tell)
-
The only difference is that your interpretation appears to put the interests of advertisers and other data-miners above those of the technically illiterate, who probably are the ones that need protecting in these situations.
"I doubt that you were downvoted for stating facts, more likely the fact that you selectively chose them. You can essentially say the exact same thing reversed for an opt-out situation"
A neat play on words, I grant you, but I don't think your example holds, simply because in your reversed scenario, a user still has the chance to make their individual feeling of wishing to opt-out to be known. With IE10 that won't be possible, as there is no more forceful a "don't track me" value than "default - I haven't really thought about it".
Now whilst a website might honour the default DNT, there is enough ambiguity of user intent with IE10 for them to ignore it - something we don't want to see, but which Yahoo and Apache are doing and facilitating.
Of course I'm being provocative: I want people to think about it. And I don't really care whether I get up-or downvoted, so long as the concepts are thought about a bit more. (Ideally if you work for Microsoft, Yahoo or Apache!)
You seem to be missing the point as it isn't a play words, it is an equally valid example covering the opposite default value and all browsers currently implement a default if they support DNT flags at all and therefore the ambiguity of user intent is no greater with IE10 than any other browser. It is because you seem to be doggedly ignoring these details that your posts are clearly showing your 'pro-tracking' bias.
"Something we don't want to see" - and which organisation does "we" represent in these posts out of curiosity?
The only way of producing an outcome with a subjectively truer interpretation of user intent would be if a browser (ie, including chrome, firefox, safari, etc) did not allow ANY default value (true or false) to be set and forced the user to explicitly choose whether they wanted to be tracked on install/first use while explaining the pros and cons in an unbiased way for those with limited technical abilities. As I can't see that happening any time soon I don't feel that MS deserve any more criticism or special treatment than any other browser maker for their choice of how to technically implement this flag.
"You seem to be missing the point ... the ambiguity of user intent is no greater with IE10 than any other browser."
The point is the place where the ambiguity is, is between "default - I've not thought about this" and "I have expressly chosen I don't want to be tracked". With the other browsers, the ambiguity is on the other side, where it's less of an issue.
'which organisation does "we" represent in these posts'?
No particular organisation, I'm afraid - by "we" I was referring to the web development and IT communities in general. I am not associated in any way with the advertising / tracking organisations - and, for what it's worth, I don't particularly like the idea of tracking cookies.
Indeed, my concern here is that Microsoft's action with IE10 is giving the trackers an excuse to ignore DNT settings, and I'd rather they didn't have any excuses.
Gosh, you downvoters must be feeling nervous. Is it a guilty-conscience, or simply struggling with the concepts here?
Let me help - the issue isn't about whether DNT is a good idea or not (though for what it's worth, I think it is a good idea). The issue is whether a browser manufacturer should set it to a default value that obscures what the individual users' opinions are, and thus gives websites an excuse to ignore it.
I'd say it works both ways. Defaulting to tracking also obscures what the user might think, especially as most users probably aren't even aware of its existence. at least defaulting to DNT means their data is (or should be) protected, hence the desirability of making these things opt-in. Much stuff only works due to inertia and ignorance because people don't realise the implications or that they can opt out.
Ideally there needs to be a start-up page to explain it (without the 'enhance your user experience' positive spin the marketing industry always use), although even then most people wouldn't bother to read it.
Looking at it from a selfish perspective, Microsoft should pick the default that benefits me the most - I don't want to be tracked (not that I use IE anyway) so if their option cause people to ignore my wishes then they've picked the wrong one.
>Actually I think Yahoo's point is that when set automatically, it is NOT the user's expressed wish, merely a default setting of which they are probably not aware.
.........they'll only have to pay out to EU Windows users who claim they were aware of the setting I guess. Plenty of PPI claimers will be looking for a new milker soon, this could be ideal.
>The problem is that if IE10 sets it as default
This is a problem for consumers how exactly? If Yahoo buy up the Post Office will I have to put, 'please don't read my letters' stickers on the envelopes?
"what does Yahoo! actually do now?"
Purveyors of dropbox email addresses to fraudsters all over the world. How could those fine Nigerian bankers get your reply without Yahoo email?
Yahoo don't give a stuff about abuse of their services if the spam didn't originate via their servers. Not their problem. No, Sir.
I went looking just this past week for some mobile sites to add to my droid tablet as shortcuts. It looks like Yahoo lost its first love - being a web directory. I expected better, although there are some sites out there that have bothered to collect the links for users like myself.
Microsoft fdidn't follow the standards. If you deliberately use a browser which implements CSS wrongly, is it because you want the sites to visit to look like a mess? People spend hours hacking their code to "work" in the browser you chose, completely ignoring your expressed intent for the web not to work properly.
@Craigness
Mind you CSS is client side rendering, a header like do not track would be similar to ignore "expires" header/not sending if-modified-since and just ask the resource each time, not caching it.
I, myself, do not care at all about "Do not track" nonsense since it's unenforceable and relies on the good will of many 3rd parties who put profit before anything else. Ad block is the way to go, it just needs to get to people. The entire idea to push ads into every possible intrusive way is ridiculous over an open standard. A real setting would be - "I do not any ads, thanks"
The thing that makes me laugh is that the ads aren't very effective, not at all. I use AdBlockPlus, so I don't see many ads, but the ones I do see never entice me to actually visit the web site advertised, much less spend money at it.
I spend a fair amount of money on online purchases, but not because of advertising. I've used Google to find sites that sell the kind of thing I usually look for and simply bookmark those. Looking for a specific item, say 1/2" diameter eyelets for my earlobes made of white jade, always requires investigating one such site after another, by hand. (Some sites make the search very easy, others a pain in the ass.)
Google is hopeless when it comes to exhaustively searching for such a specific item because (a) websites are inconsistent about how they present the information and (b) Google works word by word and isn't very good at finding loose groupings of descriptive words.
stanimir
> "Do not track" nonsense since it's unenforceable... Ad block is the way to go, it just needs to get to people. "
I agree with the first bit... but if more people use Adblock, content websites will change so that the legitimate content is only available to people who turn off Adblock -ie, the sites will make their own content look like advertisements to one's browser.
Its a bit like pop-up blocking... there are plug-ins that do a better job at blocking pop-ups than your stock browser, but as a side effect they block content on a good number of sites. One ends up using as many mouse clicks to enable legitimate content as one would killing annoying pop-ups.
I don't use Adblock on the Reg, btw. I don't pay a subscription to it, so how else will they make ends meet? I don't often actually buy the things their advertisers are hawking, but that's their loss, not El Reg's. I'm not quite sure how I would go about purchasing some Norwegian Gas (the advert currently to right of my cursor) anyhows. I'm sure it's perfectly good gas, confident it will get hot if ignited, I appreciate the way its advert just sits there and doesn't make my CPU jump to 30%, and I like the way proceeds from the selling of it not only help support El Reg but also go towards breeding a disproportionate number of UN negotiators... but I'm not buying it.
>A real setting would be - "I do not any ads, thanks"
So how can free, high quality websites like the Register, expect to keep going?
Remember, if adblock in on as default, 99% of Joe Public will not bother to switch it off on trusted sites. Most won't even realise it's on in the first place.
BZZZZZZZZZZZZZT! Sorry but you are WRONG it did follow the standards, however when the w3c realised that someone was actually going to follow the standard that allowed it to be on by default they changed the standard to not allow it to be a default setting (change was made less than a month ago and after one of the board members changed Apache to ignore IE10's DNT). The thing is it still does technically follow the standard since your told in big letters about DNT on the install screen and given a chance to change the setting.
How would turning it off by default be a better way to "accurately reflect user intent".
You would have to ask users if they want to be tracked the first time the run the browser for it to "accurately reflect user intent".
What percentage of people do you think will click "please track me"?
Advertisers only hope is to have it off by default.
WTF, According Yahoo! and the new Mom (now MILF?) the user has a perverse pleasure of being stalked tracked. I can't imagine a single person who'd know about the setting (header) and keeping it disabled. Of course, the latter may be a simple result of my poor imagination, yet the stupidity of 'will-break-internet' is also imaginably high.
Yahoo is doing the right thing for the wrong reasons. Microsoft has really abused DNT by turning it on by default. If other browsers follow suit, then advertisers won't obey DNT and everything goes back to status quo free-for-all. I know this is not what most people want to hear, but pragmatically advertisers' needs have to be taken into account if their cooperation is to be secured. This means letting tracking be on by default so that people who don't care whether they are being tracked provide some statistical feedback, leaving every one who doesn't wish to be tracked out of it.
Alternatively, we're looking at an arms race, where advertisers develop more and more sophisticated tracking technologies and users develop ways to bypass them. This is of no benefit to any one and would make it harder for non-tech-savvy people to avoid tracking.
In the EU, advertisers are not allowed to track people unless they give their explicit informed consent to tracking. So it would appear to me that having DNT on by default is exactly what the EU requires.
If people want to be tracked, they can go into settings and select the "please stalk me and record my web browsing activity" option. Very few people will do that because very few people want to be tracked.
I can't imagine there are many people out there who what to be stalked by advertisers but don't know how to enable it.
The letter of the EU directive is not the same thing as the law. In the case of the UK, the Information Commissioner changed their guidelines, a year after the law was supposed to have come into force, to the effect that their new idea of 'explicit consent' would be anyone else's 'assumed consent', following a unexpectedly productive set of discussions with Google and the like, after which 'analytical' cookies were deemed exempt, even when set by an advertising network, and the aim turned from protecting individuals from the intrusions of 'legitimate business' to a valiant fight on behalf of an ignorant and vulnerable population against the burgeoning menace of spyware. It was creative solution to a tricky legal problem, and I expect they got a nice lunch out of it.
But, before you start wondering whether there's any point to democracy, or having any laws given that the wealthy can have them so swiftly bent to any shape they desire, it's worth remembering that cookies were a bit rubbish in any case and, whether you consent to them or not (assuming they're hosted in the EU), there's no shortage of direct and indirect tracking mechanisms that remain gratifyingly saleable even if their accuracy might be questioned (happily, there are plenty of media agencies devoted to not questioning it. Or, for that matter, making any distinction between statistical analysis and gouging optimism). Especially given the rapidity with which shared authentication has taken off with publishers, who just happen to rely on certain networks to deliver their ads and/or content. The upshot is that, even if you behave with appropriate paranoia toward the cookie menace, you'd be hard pushed to limit your behavioural spillage, especially if you've fallen for the tricksy charms of mobile devices.
Admittedly, the risks are fairly small. You are, after all, a tiny and nearly worthless fraction of humanity. There are bots earning more than you do, with probably better prospects and almost certainly a better quality of life. The only thing about you that matters is your money and that, if you haven't discovered it already, won't stay yours for long. So, on balance, there's no reason not to look on the bright side.
That's just relying on less skilled people to be able to know about and find that settings - thereby leaving it disabled to let advertiser earns snooping their data. It's just like selling cars without brake fluid and let people discover they have to add it themselves before leaving the car shop. Sure, advertising company could ignore it unless it is properly enforced by privacy laws. Many other kind of data transmission - be it mail, voice, or data, are protected - why web navigation shuould not? Let's see what happens in county, like mine, where personal data can be used for commercial reasons only after *explicit* consent. And if a browser has DNT off by default, that is not *explicit* consent.
Microsoft haven't "abused DNT" at all. Their implementation is entirely compliant with the specification *and* it's highlighting the option that most people will want, i.e. not to be tracked online, as part of the install process (which the standard *explicitly* allows).
The real truth here is that the advertising industry wants the option to exist, but be so buried in the UI that basically nobody uses it. Then they can claim in places like the EU that all their tracking is entirely legitimate, because users aren't opting out. If every browser had a prominent message when you first used it asking for you to set a DNT preference, they'd be just as keen to find an excuse to ignore that too.
This "pretty please do not track me" was never going anywhere, these are advertising companies, they lie for a living.
Use the Ghostery plugin (for all major browsers) and show the trackers who's the boss.
http://www.ghostery.com
I'd like to see a browser with the balls to include this as default.
^ What he said.
Ghostery + Adblock = Not caring whether the buggers honour DNT settings or not.
Incidentally:
"...this degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them..."
Did anyone else get the instinctive feeling they could never tire of punching the face of someone with the mere capability to think up such a vomit-inducing lump of business verbiage —never mind actually utter it aloud?
Dear Yahoo!
Re: your "value proposition"
Your increasingly irrelevant web services offer me no value whatsoever. Therefore I decline your proposition.
Yours
The Internet.
or Do not track plus from Abine. The good thing about DNT+ is that it just makes cookies up with the opt out set, so the ad companies like google can see that you don't want to be tracked.
The other good thing is that it works with Chrome or chrome clones, where Ghostery as good as it is on Firefox is not so good.
Abine is http://www.abine.com/dntdetail.php