[liberationtech] Do Not Track Dangerous and Ineffective

Wed Feb 13 14:26:09 PST 2013

Glad to see that this thread is bringing up a lot of the points we address
in our microsite: http://whatisdnt.com/

A large part of the issue stems, simply, from the wording. Although the
wording has been standardized and referenced a million times over, it would
do a lot of service to simply change it to, "Do Not Target" or something
less misleading. Do Not Target is a little more opaque which prompts users
to do a bit more investigating as to what's really behind it.

I'm not sure how accurate it is that, "most people with DNT:1 set also have
other client-side mechanisms to control information flows outwards." It
might be true for most users who are hyper-privacy conscious (and privacy
educated) or technically savvy but, for the average user, a setting called,
"Do Not Track" is explicitly misleading. Meaning, they're probably not
taking many steps beyond that, if they feel secure.

In the least, it should be best-practice to add a flag next to the browser
setting that users may still be tracked (optimally, with a link to a
resource like http://fixtracking.com/ ). The same issue is present when
users attempt to privately browse with, "Incognito Mode." There's a false
sense of security there as well but, in the case of most browsers, they
explicitly say that it's only preventing data from being stored locally.
(The wording could be even more explicit but it's a step in the right
direction). I'd like to see the same policy for any Do Not Track browser
setting.

For browser fingerprinting, EFF's Panopticlick project has some interesting
data in the PDF at the bottom of the page here:
https://panopticlick.eff.org/   (blocking JS, using TorButton, and various
mobile browsers help fight browser fingerprinting). It may be difficult to
develop 100% protection against browser fingerprinting but that doesn't
mean the onus should fall back to the user. For example, that information
could be handled as personally identifiable and subject to certain data
deletion policies. Or, it could not be stored at all.

-Zac

http://cyberlaw.stanford.edu/node/6694

From: Joseph Lorenzo Hall <joe at cdt.org>
> Date: Wed, Feb 13, 2013 at 2:35 PM
> Subject: Re: [liberationtech] Do Not Track Dangerous and Ineffective
> To: "liberationtech <liberationtech at lists.stanford.edu>" <
> liberationtech at lists.stanford.edu>
>
>> Heya Nadim,
>>
>> A couple points: DNT is meant to be a voluntary mechanism, as you
>> describe, that we hope will see wide adoption by the big players with
>> presences on many, many web pages. I don't think anyone sees it as a
>> substitute for control mechanisms, and I bet most people with DNT:1 set
>> also have other client-side mechanisms to control information flows
>> outwards (IE being a weird exception where DNT is on by default).
>>
>> A knit-pick: while the technical mechanism has been mostly stable for a
>> while, the compliance standard (how websites that claim to be compliant
>> must behave) is still looking like early 2014 for the final w3c last
>> call.
>>
>> At a w3c workshop in November, there were a couple great tech papers
>> from Mike Perry and Nick Weaver [1][2] describing how browsers could be
>> made more privacy perservative, but there is a lot of very hard work to
>> be done there.
>>
>> At CDT we're wary of having an arms race between trackers and
>> self-defense, because it's not one we're sure users will win. Browser
>> fingerprinting, for example, seems to be a very hard if not
>> insurmountable hurdle on the user side of that arms race.
>>
>> best, Joe
>>
>> [1] http://www.w3.org/2012/dnt-ws/position-papers/21.pdf
>> [2] http://www.w3.org/2012/dnt-ws/position-papers/22.pdf
>>
>> On Wed Feb 13 13:57:57 2013, Nadim Kobeissi wrote:
>> > Dear LibTech,
>> > I've written a blog post about a problem with web privacy practice
>> > that's been bothering me for a long time. I think there needs to be a
>> > discussion about Do Not Track — there are many problems with this
>> > privacy standard and some of its implications may in fact be
>> > substantially dangerous.
>> >
>> > My blog post is accessible here: http://log.nadim.cc/?p=112
>> >
>> > ------------
>> >
>> > "Do Not Track" Dangerous and Ineffective
>> >
>> > In 2009, before I became seriously involved in web security, a
>> > standard called Do Not Track was proposed, standardized by the W3C in
>> > 2011, and implemented in Internet Explorer, followed by Mozilla
>> > Firefox and Google Chrome.
>> >
>> > Do Not Track is supposed to prevent websites from tracking your
>> > activity online, probably for advertising purposes. It works by making
>> > your browser politely ask every website you visit to not set tracking
>> > cookies and so on.
>> >
>> > There are real, dangerous problems with this approach and I really
>> > cannot believe it was ever taken seriously. Now that it’s implemented
>> > and standardized so widely, it’s become a serious threat to how
>> > Internet privacy is perceived.
>> >
>> > The main problem with Do Not Track is that it lulls users into a
>> > completely false sense of privacy. Do Not Track works by simply asking
>> > the websites you’re visiting not to track you — the websites are
>> > completely free to ignore this request, and in most cases it’s
>> > impossible for the user to find out that their Do Not Track request
>> > was in fact discarded. When the user therefore enables Do Not Track on
>> > their browser, they are lulled into a false belief that they are no
>> > longer being tracked, even though from a security perspective, the
>> > tracking prevention that Do Not Track presents is useless.
>> >
>> > In fact, Google’s search engine, as well as Microsoft’s (Bing), both
>> > ignore the Do Not Track header even though both companies helped
>> > implement this feature into their web browsers. Yahoo Search also
>> > ignored Do Not Track requests. Some websites will politely inform you,
>> > however, of the fact that your Do Not Track request has been ignored,
>> > and explain that this has been done in order to preserve their
>> > advertising revenue. But not all websites, by a long shot, do this.
>> >
>> > Do Not Track is not only ineffective: it’s dangerous, both to the
>> > users it lulls into a false belief of privacy, and towards the
>> > implementation of proper privacy engineering practice. Privacy isn’t
>> > achieved by asking those who have the power to violate your privacy to
>> > politely not do so — and thus sacrifice advertising revenue — it’s
>> > achieved by implementing client-side preventative measures. For
>> > browsers, these are available in examples such as EFF’s HTTPS
>> > Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper
>> > measures from an engineering perspective, since they attempt to guard
>> > your privacy whether the website you’re visiting likes it or not.
>> >
>> > Do Not Track needs serious revision, replacement or simply removal. As
>> > it is right now, its only discernible function is to promise users
>> > with little to moderate computer knowledge (most of the world) that
>> > they’re browsing in privacy, while in reality discouraging them from
>> > adopting real privacy solutions that work. Web privacy and security
>> > engineers need to have a discussion about this.
>> >
>> > NK
>> >
>> >
>> > --
>> > Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> --
>> Joseph Lorenzo Hall
>> Senior Staff Technologist
>> Center for Democracy & Technology
>> 1634 I ST NW STE 1100
>> Washington DC 20006-4011
>> (p) 202-407-8825
>> (f) 202-637-0968
>> joe at cdt.org
>> PGP: https://josephhall.org/gpg-key
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130213/9f971bce/attachment.html>