[liberationtech] Do Not Track Dangerous and Ineffective

Joseph Lorenzo Hall joe at cdt.org
Wed Feb 13 11:35:39 PST 2013 

Heya Nadim,

A couple points: DNT is meant to be a voluntary mechanism, as you 
describe, that we hope will see wide adoption by the big players with 
presences on many, many web pages. I don't think anyone sees it as a 
substitute for control mechanisms, and I bet most people with DNT:1 set 
also have other client-side mechanisms to control information flows 
outwards (IE being a weird exception where DNT is on by default).

A knit-pick: while the technical mechanism has been mostly stable for a 
while, the compliance standard (how websites that claim to be compliant 
must behave) is still looking like early 2014 for the final w3c last 
call.

At a w3c workshop in November, there were a couple great tech papers 
from Mike Perry and Nick Weaver [1][2] describing how browsers could be 
made more privacy perservative, but there is a lot of very hard work to 
be done there.

At CDT we're wary of having an arms race between trackers and 
self-defense, because it's not one we're sure users will win. Browser 
fingerprinting, for example, seems to be a very hard if not 
insurmountable hurdle on the user side of that arms race.

best, Joe

[1] http://www.w3.org/2012/dnt-ws/position-papers/21.pdf
[2] http://www.w3.org/2012/dnt-ws/position-papers/22.pdf

On Wed Feb 13 13:57:57 2013, Nadim Kobeissi wrote:
> Dear LibTech,
> I've written a blog post about a problem with web privacy practice
> that's been bothering me for a long time. I think there needs to be a
> discussion about Do Not Track — there are many problems with this
> privacy standard and some of its implications may in fact be
> substantially dangerous.
>
> My blog post is accessible here: http://log.nadim.cc/?p=112
>
> ------------
>
> "Do Not Track" Dangerous and Ineffective
>
> In 2009, before I became seriously involved in web security, a
> standard called Do Not Track was proposed, standardized by the W3C in
> 2011, and implemented in Internet Explorer, followed by Mozilla
> Firefox and Google Chrome.
>
> Do Not Track is supposed to prevent websites from tracking your
> activity online, probably for advertising purposes. It works by making
> your browser politely ask every website you visit to not set tracking
> cookies and so on.
>
> There are real, dangerous problems with this approach and I really
> cannot believe it was ever taken seriously. Now that it’s implemented
> and standardized so widely, it’s become a serious threat to how
> Internet privacy is perceived.
>
> The main problem with Do Not Track is that it lulls users into a
> completely false sense of privacy. Do Not Track works by simply asking
> the websites you’re visiting not to track you — the websites are
> completely free to ignore this request, and in most cases it’s
> impossible for the user to find out that their Do Not Track request
> was in fact discarded. When the user therefore enables Do Not Track on
> their browser, they are lulled into a false belief that they are no
> longer being tracked, even though from a security perspective, the
> tracking prevention that Do Not Track presents is useless.
>
> In fact, Google’s search engine, as well as Microsoft’s (Bing), both
> ignore the Do Not Track header even though both companies helped
> implement this feature into their web browsers. Yahoo Search also
> ignored Do Not Track requests. Some websites will politely inform you,
> however, of the fact that your Do Not Track request has been ignored,
> and explain that this has been done in order to preserve their
> advertising revenue. But not all websites, by a long shot, do this.
>
> Do Not Track is not only ineffective: it’s dangerous, both to the
> users it lulls into a false belief of privacy, and towards the
> implementation of proper privacy engineering practice. Privacy isn’t
> achieved by asking those who have the power to violate your privacy to
> politely not do so — and thus sacrifice advertising revenue — it’s
> achieved by implementing client-side preventative measures. For
> browsers, these are available in examples such as EFF’s HTTPS
> Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper
> measures from an engineering perspective, since they attempt to guard
> your privacy whether the website you’re visiting likes it or not.
>
> Do Not Track needs serious revision, replacement or simply removal. As
> it is right now, its only discernible function is to promise users
> with little to moderate computer knowledge (most of the world) that
> they’re browsing in privacy, while in reality discouraging them from
> adopting real privacy solutions that work. Web privacy and security
> engineers need to have a discussion about this.
>
> NK
>
>
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

--
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe at cdt.org
PGP: https://josephhall.org/gpg-key

More information about the liberationtech mailing list