Maybe there should be a standard to go the other way: a scheme to let web sites communicate monetary requests to browsers in an "official" protocol.
A lot of this tracking only seems to exist for advertising schemes, which only exist to monetize the page. We are years past the point where we should have figured out how to make it easy to pay who you're looking at.
For instance, when you visit the page for Article X on news site Y, maybe Y's response includes a header that says it requests a donation, with some suggested value like "10 cents". And then, in some standard interface, the browser would show this request (e.g. a small icon in the corner with a price, including some given link on how to pay it). The request would require certain things for security; e.g. use of HTTPS and being on the same domain as the majority of the content.
And since blatant copy/paste stealing and re-posting to blogs, etc. is a money-making scheme in itself, the browser might "protect" monetized pages in some way; e.g. disable the copy/paste and printing functions unless the donation interface is used to pay, to at least make it more difficult to outright rip off web sites.
And then you're right back into the great micropayments hole. No one has "figured this out", in part because of the real-world payment logistics, and and I'll pose another part: because it's a bad idea from a UX standpoint.
Having to make a decision about whether to tip/donate to what would rapidly become nearly every site on the Internet would be a terrible user experience. "Decision energy" (aka willpower) is a scarce human resource; this would be an unparalleled waste of it.
I wish there were a great alternative to ads as well, but I believe action-required micropayments will always be a non-starter. The best we've got so far are tools like Patreon and Bountysource's similar system. These can be viewed as a kind of "preaggregated micropayments", which eliminate per-click decision making via a user-configurable subscription.
> the browser might "protect" monetized pages in some way
It's already possible to disable copy on web pages. Some blog themes do this, and I wish browsers would just unimplement it entirely. This is right up there with lame DRM schemes, in that view source (or else curl) are still going to work. Likewise, bots will be completely unaffected. Such an approach merely annoys users with legitimate needs (e.g. who must to look up a word or phrase), but will have zero impact on content piracy.
That's what I always enjoyed about the concept of flattr. Having to decide "Do I want to donate 10c to this page?" all the time is annoying. Specifying a fixed monthly amount, then dividing it between every site I liked reduces the incremental cost of liking something to 0, which reduces the needed decision energy (for me at least).
Of course, the downside is centralised tracking of what content you like, which is icky.
We've had "$0.99" buttons in iTunes and app stores for years so there's nothing foreign about pressing a button to pay for something. I'm usually pretty quick to gamble on small amounts. My "decision energy" will be reserved for things like the Mac App Store when the software is asking $79.99.
Similarly, App Stores have decided that a good way to handle payment logistics is to take a cut of the sell price. In theory, Mozilla and others could offer a service that essentially says "let us deal with Visa and Mastercard; register your blog with us and we'll give you 70% of the revenue from people visiting your site". Like a lot of security solutions, someone has to be trusted eventually; we obviously have to assume browser makers are on our side and being honest. That's already implied anyway; for instance, we assume browsers aren't secretly retransmitting web pages after authentication and decryption have opened up the data.
As far as piracy, I'm not saying that disabling Copy to the clipboard, etc. is sufficient by itself. Heck, to extend the App Store example, entire apps are still being ripped off and resold by 3rd parties for real money today. I'm only saying that a payment solution can't ignore the authenticity problem. Even so, at some point it's up to consumers on the web, just as it is for other merchandise. Does your web site look shady? Does the guy on the street selling you a "genuine" fancy watch seem trustworthy?
Actually the $0.99 hasn't been a successful business model. Consider that a majority of paid apps and songs cost less than a cup of shitty coffee, yet free apps filled with ads or free games that are pay-to-win are way more popular. You can't tell me that those people don't have the average price of an app or song to spare. Or that there aren't paid apps or songs that don't deserve the price that's being asked for the value provided.
Back to music, this is why subscription services are taking off. I personally don't like it, as I like to own my DRM-free purchased music forever, but you can't deny the increasing popularity of Spotify, Rhapsody, Google Play, Apple Music, etc. It's because you stop thinking about dimes and nickels, you just pay a fixed monthly sum and after that it's an all you can eat buffet.
A standard "tip" button on the browser may be an excellent feature. No willpower or cognitive load added, you just know the button is there, and use it when you decide to.
Not sure if it would generate any reasonable revenue, nor if it's actually viable in the presence of our current financial institutions. But I can't see any real downside.
> A standard "tip" button on the browser may be an excellent feature.
But that's my point entirely: this requires an action, a decision on the part of the user, to press it. For the most part, I expect that people will nearly unconsciously, instinctively avoid pressing it. Part of this will be to avoid the "decision cost", part of it is the huge extra psychological weight imposed on actions that are (perceived as) free vs. non-free. (cf. app store free vs IAP mechanics, etc.) The very fact that the button requires an explicit user action and "costs something" dooms it.
This problem isn't a technological one. It's not "add button". It's "devise and bootstrap a distributed culture that agrees with human psychology and that aligns user and producer needs better than what we have today (i.e. ads, subscriptions, etc.)"
That might be tricky because you'd have to determine how much "one tip" (/click,submit) is. Even if a small amount was decided upon, I wonder if there would be too much added stress along the lines of "is reading this worth the X of a tip?" Which, also, is hard to know until you've actually consumed the whole item, at which point a lot of people have probably linked somewhere else, flowing their way across the web.
I think that this might be helped if it acted like playlists, or bookmarks, where clicking the button would add the site to a list. Later you can opt to donate to items on the list (or provide a single donation split evenly among everything on the list).
Of course, I doubt many would actually use such a feature either.
It doesn't even have to be used by many people. Most people rarely click on ads, and yet a lot of websites are doing just fine with ad revenue. You just have to ensure that the small percentage of people who do click generate enough money to compensate for hundreds of others who don't.
However, I was replying to a comment about a "donate" button on the browser, and trying to keep within the problem that it is trying to solve, which is (at least as far as I can tell) paying for the vast number of far smaller sites that make up the internet.
Yeah, totally. I had not previously read about flattr, but it appears to be exactly what I proposed! That's excellent, and I think that I'll read more about it, and likely sign up. I certainly hope that it doesn't also live up to the bleak outlook that I had.
Usually what I want is to render the content in accordance with the suggestions given in the document, but not always, and that doesn't only apply to advertising.
I know where you are coming from, and I myself would prefer something of this sort rather than the ad-choked pages _or_ the paywalls of today.
That said, paying _anything_ at all - even a fraction of a cent, is a problem for a very large portion of humanity.
* Poverty is one part of it. In India, the ARPU - Average Revenue Per User - of mobile providers is less than 2 USD/month. There are literally hundreds of millions of people who do have some sort of data access on their cheap android phones but cannot afford to spend even 10s of cents over and above their data charges. Its taking all our effort to get information services to them as cheaply as possible.
* Payment method - billions of people around the world do not have a method of making a payment online. No credit cards, no (usable) bank accounts. India is trying to get every adult a basic bank account, theres been some success there, but these are people who do not even have the equivalent of 2 USD to deposit in their govt provided free bank accounts.
* Regulatory hurdles - for the longest time, making a dollar payment from India involved running to the "foreign exchange branch" of your bank in the closest large city, filling out forms in triplicate, explaining why you needed the dollars, getting approvals, and then being issued a cashiers cheque for the exact amount already made out in the name of the recipient. This is no longer the case, but currency controls are part of most economies even today, and become tighter during economic crises. Any kind of mandatory payment would function way better than the Great Firewall in keeping people out. Such payments would also result in a massive privacy violation, because payment processors will want to keep a log of each transaction (sender, receiver, amount) pretty much forever, instantly killing any privacy benefits of TOR, VPNs, etc.
Yes, its possible to offer both, in theory. What would happen is either the micropayments would work or they won't. If they do, a very large number of sites will prefer going pay-only (like the WSJ) rather than deal with the nastiness of ads. If they don't, we are anyway back to where we started.
For some sites, it works I suppose - I know some forums offer a "subscriber mode" with benefits including ad-free versions. That is reasonable to an extent. But for a very large proportion of sites its not reasonable to go that way.
This seems like a very good use case for BTC, or some other cryptocurrency. One of the reasons micropayments are so hard to do is you need a payment processor to transfer the money, and authorizing the payment and coordinating it is a big pain in the ass. But with BTC, you could, in theory, press a "tip" button and immediately authorize a small transfer.
There was at least one company (tidbit.co.in) developing a JS Bitcoin mining client that websites can covertly run in readers' browsers as an alternative to ads.
As someone who used to run a site that made money from tracking people by showing them ads (and we tried really hard to make those ads unintrusive and relevant), I have mixed feelings on this.
On one hand I totally get why people don't want to be tracked (I don't). On the other hand, for many of these sites, this is their only source of revenue.
Whenever I ask, "is it ok for those sites to block you if you are running adblock" usually people say "no, they need to find a different business model!". But my question back is always: until they do find a new business model, if they can survive by blocking people who use adblock, why shouldn't they?
> But my question back is always: until they do find a new business model, if they can survive by blocking people who use adblock, why shouldn't they?
In this day and age, Adblock is a necessity for nontechnical users. I installed it on my parents' machines to protect them against drive-by-downloads, malware, etc.
Someone may say, "I know my ad networks would never do anything of the sort". But the fact is, ad networks get compromised, and even ad networks that have strict policies for acceptable ads sometimes have bad actors slip through. Even if it's not often, it's enough of a risk that it's simply not worth it.
FWIW, Reddit may be in a different situation, since I believe Reddit's ads are self-hosted. In that sense, I'd view it more as analogous to sponsored user-generated content, which I have other philosophical issues with, but don't suffer from this problem.
This was it for me. I don't really care about the stupid "hit the monkey and win" blinking animated .gifs, and lived with them for years without really worrying, but in 2015 ad blockers aren't sunglasses, they're condoms.
Furthermore, I installed uBlock in Firefox for Android because ads were getting so bad that it was essentially impossible to view some sites. It was a last-ditch effort to offer the content one last chance to survive. If publishers would prefer I not see their content at all, that's fine... I was almost already there, anyway.
In response to jedberg's question: I personally don't mind but I don't believe I'm as petulant and entitled as the typical loud mouthed redditor, but reddit made that bed, and now they get to lay in it.
> Furthermore, I installed uBlock in Firefox for Android because ads were getting so bad that it was essentially impossible to view some sites.
This in itself is enough of a reason for me to use Firefox on Android and recommend it to everyone who uses Android.
There are a lot of other great things about it, but the fact that it allows installation of extensions (and therefore allows adblocking for non-rooted devices) is huge.
I'm not sure where it is at now, but we had a mixed situation when I was there. We self hosted some, but one of the things we "self hosted" was an iframe to an ad network.
We had to be really careful because everything you said was (and probably still is) true. Bad actors slip through, networks get compromised, etc. This is spot on: "Even if it's not often, it's enough of a risk that it's simply not worth it.". That was exactly the conclusion we came to.
I totally get why people don't want to be tracked (I
don't). On the other hand, for many of these sites, this
is their only source of revenue.
There was an interesting article on here the other day [1] that points out the distinction between advertising and tracking, in terms of the interests of content producers.
In particular, if you have a valuable audience it's actually a bad thing if you let them be tagged as such, then retargeted on lower quality sites.
For example, let's say I run www.really-good-original-car-journalism.com - it's prime advertising space because loads of my readers are in the market for new high-end cars. I make $x per ad click.
But if I let ad networks tag my readers as 'shopping for a new high-end car' and retarget later, my readers get the same adverts on www.bobs-domain-parking.com but at a fraction of the cost per click - and with that much-reduced payment going to Bob, not me.
It's one thing to run adverts on a website. Letting ad networks track your readers is a different matter - especially if you're producing high quality content.
I find it really depressing that the only business model that seems to work online is ads. Paying for things by ads is so convoluted and distorting.
There should really be a open micro-payments systems. I absolutely don't mind paying $0.10 to read an article, I'm already investing much more, in a dollars/minute sense by reading the article anyway. I guess the trick is to do this in a very automatic and anonymous way.
Notice how there is no way to pay google for using gmail, maps, etc., even if you wanted to (maybe if you sign up as a business?). I'd much rather just pay Google $100 per year, than introduce all the problems associated with monetizing my data.
"Tracking" generally refers to third parties identifying you across websites.
Pointing out that Reddit "tracks" you with its authentication system as you browse Reddit just dilutes the term and the gravity of concern when organizations are able to connect your browsing history to you.
Put another way, a "has_gold" boolean field in the users table doesn't seem to be the issue that the EFF is attempting to address here.
That's sort of the point, though. Is there anything in the "do not track" policies that prevents the data owner (Reddit in this scenario) from just selling its own scraped data on the end-user to an ad network? Ad tracking is functionally equivalent; the tracking scripts just automate and simplify the process.
"Do not track" is a bit of a toothless concept when the very nature of the medium is to make auditable connections to remote servers.
I don't know whether they do it, but they could set a http-only cookie "gold=true" when you purchase a gold account. You could then logout and they would not habe to track you personally to check your gold status.
Sure, it's absolutely your choice to block who you want from your site. IMO, once you have decided that you need to track users, then it is better that you put a block up for people who have set DNT rather than willfully ignore the setting.
> Whenever I ask, "is it ok for those sites to block you if you are running adblock" usually people say "no, they need to find a different business model!".
Of course it's OK for sites to block visitors running AdBlock. It's also OK for AdBlock to circumvent such blocks. No laws or contracts are being violated.
"just run an ad blocker" is the new "just run a firewall". You need to check if you got something with real tracking protection (Adblock Plus doesn't, out of the box). http://blog.aloodo.org/posts/adblockers-myths-facts/
The question is not if its an acceptable tradeoff for the user, but if the developer can accept having a large group of people perceiving the site as broken/unusable.
This is still asking a dishonourable industry to honour a polite request, and as such I don't see that it has any value.
I'm not sure why this voluntary code of practice stuff is still under discussion. Defensive measures are the only thing that's ever going to work because advertisers are actively hostile and forever trying to push boundaries in their continuous attempts to grab your attention.
I propose a move in the other direction, I propose that tools like adblock and noscript start to broadcast their presence in request headers. I would perfectly happy to let a site owner know up-front that I will not be rendering any of their advertising content, I will not be keeping and propagating any tracking cookies (or cache entries or whatever) and they can choose whether or not they still wish to serve my request. They could even present me with the choice of disabling my blockers to see their site.
That way everyone knows what's going on, nobody feels either ripped off by blockers or under attack from advertisers, job done.
Ads are the only micropayment solution that has worked so far.
There are a few ideas out there to make things better (I'm currently working on one) but it's a very long road that requires massive reach and coordination between lots of major companies to work effectively at scale (as in the internet and not just 5 sites). Biggest issue is that people just don't like paying for content, or dealing with transactions (at the pace of website access).
Also, I think people tend to forget but payments aren't really that much more private than ads. In fact most ad networks don't know that much or it's very confused (just go look up any of the info registries to see). Payments however usually mean a central service + credit cards = name, age, address, purchase history, etc.
> Biggest issue is that people just don't like paying for content
I don't think people are ever going to be willing to pay for content in terms of giving their money to the writer/publisher/etc, even if it's 1c. Look at the app store as an example, if people aren't even willing to pay 99c for a game that they dump 20+ hours of their life into (which can be done friction-free in 2 taps), why would they pay to read an article with poor journalism about something that doesn't really matter to them?
Giving up your privacy or agreeing to be shown big adverts for things corporations want you to buy seems to be perfectly accepted outside of our paranoid tech world. Next time you go to the supermarket look at how many products you see placed strategically at the end of aisles, or how many people have loyalty cards which give them discounts.
>> Giving up your privacy or agreeing to be shown big adverts for things corporations want you to buy seems to be perfectly accepted outside of our paranoid tech world.
No, I really don't think it is.
More and more non-tech people I know are running ad blockers these days. And for tracking I think there are probably three groups of people, those that know and object, those that know and don't care and those that don't know. The last group being by far the largest, so it's difficult to predict what they might think if they knew they were constantly being recorded and profiled.
> More and more non-tech people I know are running ad blockers these days
As others have pointed out in this thread, an ad-blocker is like a condom in 2015 to protect you from malware, it's not just to claim back your privacy. Whenever I setup / fix a non-technical person's computer I always install it - even fairly legitimate sites have the "Download this to make your PC faster!" ads.
The point about people not knowing is a good one. Rather than focussing on building better ad-blocking technology, maybe we should focusing on educating people and getting DNT and such written into law?
Why is this still allowed? What analytics are even useful when DNT is being honored? Could there be a google analytics style service that could honor DNT then?
I trust that it is honoring DNT, but I can't see what use it can be if that is so. What more can it be doing over & above the weblogs that my original request would have created?
Nothing, it ignores your request. It doesn't ignore it when DNT is disabled. As Piwik ignores DNT requests by itself, I guess nobody bothered to disable the snippet on server side when DNT is detected.
That's a shame. Although I guess it is difficult to avoid the request if you have lots of static pages with the script link in them.
Perhaps we could have something like a <link> or <img> track flag, so my browser could decide whether or not to fetch the link based upon DNT settings?
They know that someone accessed resource X from IP address Y from browser Z with language preferences A, encoding preferences B, SSL cipher suites C (when https is used), DNT preferences D, sometimes also protocol support E (when upgrading to SPDY or HTTP/2.0), having a TCP/IP fingerprint of OS F. I guess I still haven't covered it all.
Exactly, that's the sole purpose and that's how DNT works. It's nothing more than a voice "I don't wish to be tracked" and an expectation to be listened to.
Most sites, almost all, would break if browsers suddenly disallowed third party scripts.
If you're asking why it is "allowed" by their policy, I'd argue that it really boils down to if a script is tracking or not tracking. For example a CDN is a third party, but often aren't designed for tracking.
> Most sites, almost all, would break if browsers suddenly disallowed third party scripts
You would be surprised how many sites still render fine with blocking 3rd-party scripts. For instance, the OP article on "threatpost.com" rendered just fine with all 3rd-party scripts blocked. Actually, the page rendered even better this way, because the links on the page worked just fine, which is not the case if allowing 3rd-party scripts from "netdna-ssl.com".
Also, "break" can be defined many ways here, depending on whether you want a page to just render fine, or whether you want all features on a page to work properly[1].
And even without blocking all 3rd-party scripts, it is very beneficial to at least block 3rd-party scripts from ubiquitous sources[2], if only for page load speed.
[1] "all features" as in "all features which enhance a page arguably to the benefit of the user".
> Most sites, almost all, would break if browsers suddenly disallowed third party scripts.
I don't find that to be so. I use Firefox with AdBlock, NoScript, RefControl and Disable WebRTC. In NoScript, I've flagged third-party ad servers and trackers as untrusted. In RefControl, I block third-party referer by default. I use private browsing mode, and accept third-party cookies from visited sites, but all cookies are deleted when Firefox closes.
I do allow useful content from third-party scripts. But that doesn't include crap from Facebook etc. And it's very rare that I need to enable other third-party scripts to get what I want from sites. If there's something truly evil that I want to read, I fire up a LiveCD VM.
> I do allow useful content from third-party scripts.
And that's why they work. You allowed things like Google's and Jquery's CDN. If they blocked third-party absolutely then tons of sites would break.
You cannot use a bunch of addons which whitelist/blacklist content and assume that is remotely ballpark the same as outright blocking third party scripts. Those lists are heavily curated to make sure that stuff doesn't break.
I use RequestPolicy which is a plugin that allows you to control which third-party scripts are allowed to be loaded per domain. It is very lightly curated; they have a small set of default rules that allow sites to load "third party" sites that they control (e.g. their own CDN).
I have found that most sites work (including the one hosting the article being discussed) well enough to read, or even completely true to the author's intent (depends on if CSS is self-hosted or on a CDN that I haven't whitelisted). I even find that often it is actually more pleasant to have a basic experience when CSS doesn't load.
Sites that require me to allow a lot of third-party scripts and content to work force me to weigh the expected usefulness of the content vs the scumminess of the site. The creepier and more plentiful the third parties are, the more likely I am to press the X...
I very rarely have to allow Google and JQuery in my day to day browsing.
I appreciate the effort but DNT will remain an opt-in for me, not a weak opt-out based on purely on trust. That means Adblock, Ghostery, Noscript, and whatever is required to ensure that websites don't collect data about me when I don't want to. I want to choose to whom I give my data; because I also may want to do that when I trust or want to support a website.
This is all about principles. When I say "no" it means no. Especially in this times of guerilla wars against privacy. We have to win this fight, because privacy is one of the fundamental human rights.
Honest question: Would you be ok if a website blocked your access because you were running those, since they interpret it as stealing, by denying them the data that makes them money?
Only if they achieve the blocking by not sending me the data in the first place. If you send me a multi-megabyte page that relies on Javascript to prevent a redirect to an "enable cookies" page or to remove an overlay, you're an asshole.
Honest answer: it's already happening in a way since I do run an Adblocker and Noscript and a custom hosts file etc. like many others do. This leads to minor inconveniences already. But it's an acceptable trade off.
I don't consider it "stealing" because there is no explicit agreement that I benefit from contents in exchange of my data. Yeah, it's somewhat hypocritical, but both sides are.
If YouTube for instance blocks me tomorrow because I block its ads? I think I would consider a subscription if offered and if it lets me to keep using my blocking devices.
Sure, no problem. But I'm typically testing various VPN services, using pfSense VPN-client VMs. So I would just fire one up, and route a LiveCD VM through it. The site could collect whatever data it wanted. But it would mostly be noise.
So your "no problem" isn't really "no problem, I'll respect that", it's "no problem, I'll just work around it".
IMO - it goes both ways - if I want to use blocking software, it's not reasonable to disregard the wishes of sites who won't show me content if you do. They didn't publish that content in anticipation of getting no return from it, so if they state [via site policy to block blockers] that it's not ok to do so, then how could I justify ignoring that wish?
To me, crossing that line means crossing from a principled stand against trackers over to consuming content that's not mine to consume.
On the web, fine print policies don't matter in the end. You can fuss about them in court, but ultimately what matters is whether you send the data the other party requests.
If you as a user let your user agent send identifying information to sites that request it, you bear some responsibility for that. If you as a server operator configure your server to send content without first requiring identification and authentication, then you're putting it out there for the public to consume.
Any trusting of the other party (client trusting the server to not abuse information collected, server trusting client to also fetch and display ads from third-parties) is going to be imperfect. The servers have largely proven themselves to be untrustworthy in general, but they still mostly trust the client. As users wise up and start exercising their power over their own computers, the server operators will have to compensate by first squeezing the most value they can out of the users who are too trusting, but then by actually charging money. There's simply no other end-game possible unless someone figures out how to prevent servers from being untrustworthy in the first place.
If anyone is on shaky moral ground here, it's sites that are tracking visitors and selling information about them to unknown third parties with unknown goals. That's awfully near CFAA territory, as I see it. Also, dishonest contracts are invalid and unenforceable.
Sure. Honestly I wish I could allow more reasonable ads, and just block e.g. animated ads (there was a time when you could do this by blocking flash, but html5 seems to have taken over that space). I don't want to block everything. But there are too many sites that I only visit once, and it's not worth my time to see which ones are decent about their ads and which ones aren't.
Many websites already do this (sorry, I can't think of them off the top of my head). For me, it hasn't affected my browsing. If anything, it serves as a warning that those people are shady about privacy and respect for their users.
The major(?) new(ish) tech news network in Norway (https://tek.no, formerly hw.no, also have gamer.no) is a funny example. Their writers are crap compared to something like Anadtech, and they mostly aggregate/regurgitate tech news, like most aggreagation sites -- adding little value (well, to anyone that reads English, which is pretty much anyone interested in the subject matter in Norway, with the possible exception of very young gamers).
They used to be one of the few sites I'd occasionally click through on ads -- hw.no (a hardware reviews site, reviews in their only "original" content -- and while not as good as dpreview/anadtech etc -- sometimes worth reading) had very well targeted ads: your read about hardware, Norwegian companies advertise hw for sale. Obvious match.
Then, due to the web being the web, I started using an ad-blocker -- partly to get rid of ads (gets in the way of reading, ie: gets in the way of the value the web provides me) -- and mostly as an anti-virus/malware thing.
Then tek.no launched a "premium" service, and started blocking access to those using adblock -- showing a "please enable ads or subscribe to read without ads" pop-up. Perfectly fine. I now rarely read tek.no -- their product isn't good enough that it's worth anything to me. That might change if there was a viable micro-payment solution -- but just the effort of subscribing (ignoring the actual cost) is too high a price for me to pay for their content.
The real question, is would I pay for other content? There are a couple of newspapers I might consider subscribing to -- some Norwegian, and eg: The Washington Post, The New York Times, The Guardian -- but generally I'm not convinced any of them have a good (enough) digital product.
I'd want a) no ads, b) no tracking, c) no pdf/rich-media crap, d) no drm, decent RSS support and off-line reading (epub might be a great choice of format, or "least worst") c) decent typography (hello: CSS3: p { hyphens: auto }).
Does anyone know of anyone that provides this? LWN is probably the closest I know of -- and at the top of my list of "subscription todos". If they had more content, and more stuff along the lines of Dr. Dobbs and Byte, I'd probably have already subscribed -- but I assume that'd demand at least a doubling in price (which would be fine by me).
[ed: as for tracking -- it makes no sense to have an opt-out standard. An opt-in standard might make sense -- but that'd probably just mean the end of (legal) tracking -- who'd really want to opt-in?]
Which is completely fair - I do however. In theory one could make pretty PDFs that allow for decent cut and paste, work across all screensizes, work both in single-and-two column view, allow for full-screen viewing of images -- but I think it's much easier to pull that of as an epub (essentially html+css).
It's nice to see they're taking another try at this. But I don't expect anything server-side to realistically work. If you outlaw online tracking, then only outlaws will track people online. And we know many outlaws download videos, music, and games, so what's to stop many outlaws from continuing to track?
I don't see an end to the browser-side escalation of Adblock/uBlock, Ghostery, HTTPS Everywhere, uMatrix, etc.
Edit: there's not even a law! It's just a voluntary agreement. How many of them will just ignore the agreement and keep doing business as usual? Why wouldn't they?
Far fewer. And it will make it more difficult for them to sell their analytics data on to legitimate companies when it is easily shown that they are breaking the law.
I don't get your objection. Are you really complaining that if a law/agreement isn't 100% effective then it is worthless?
My objection is that I don't understand how it will work this time. I don't expect tracking companies to voluntarily obey a setting that loses them money; I don't expect people to act economically illogical.
And why would other industry members voluntarily lose money by ignoring DNT results? Do you really think advertisers care what their products think?
The only way we've got this attention is with widespread use of adblocking software.
Oh, I agree with you, I doubt that analytics companies will voluntarily sign up to this new code of practice.
Your talk of 'outlaws' meant, to my eyes, a more hypothetical situation where some form of DNT was passed in to law. At the moment, companies that ignore DNT are not outlaws.
To encourage adoption and enforce DNT ad-blockers like AdBlock could agree to relax ad blocking by default on sites which genuinely honor DNT. This way sites have an incentive to do the right thing.
Of course for tracker-blocker add ons nothing should change since a DNT respecting site shouldn't fall foul of a tracker block.
Is this just like P3P? Because that was a failure of a standard if I ever saw one. Web devs blindly copypasting random P3P headers just to get third party widgets to load properly. Or even setting headers like "not a P3P policy" with less than honest side effects. Like Google does: https://support.google.com/accounts/answer/151657?hl=en
P3P was a train wreck because no-one actually set their own policies and the UI to do so was hidden and ridiculously complex, so the only reason anyone ever used it was by accident due to using IE, and it broke stuff like single-sign-on with the default policies unless sites actively worked around it.
Still voluntary compliance = still toothless.
How about the agreement between users and site to the tune of "you honor DNT or I block every little bit of your ads"?
What I want is adblock/ublock/ghostery for my phone... I swear it's worse than the popover/under ads in the 90's if you happen to click on the wrong clickbait article from your phone.
For that matter, just make browsers not allow an iframe within another iframe... that should reduce a lot of the problems with ad/tracking networks. What's really annoying are the ads that block content, but have the weird /A logo that you can click to report that the ad is used to block content...WTH.
The problem is the funding for the biggest browser is from an ad company, and a lot of the funding from one of the other largest is as well.
> What I want is adblock/ublock/ghostery for my phone.
Doesn't Firefox on Android give you exactly that? I never used the Android version but at least with its Maemo predecessor the ability to use Adblock Plus et al. was a given and really good to have.
"Do not track" is completely useless. Somewhat ironically, it actually has the opposite effect: The "Do not track" boolean contributes to your digital fingerprint.
I feel that the methodology of that site reports your browser as more unique than it really is. For one, it doesn't take into account that plugins/browsers are constantly getting updated. This causes the user-agent string and the plugin names to constantly change, causing the site to report more entropy than there really is. For instance, I'm using firefox on windows 8.1. Based on the market share of windows 8.1 (13%) and firefox (11%), the chance that another browser has the same user-agent should be 1 in 70. However panopticlick reports 1 in 943.29. Similarly, panopticlick reports that 1 in 7596.81 uses the latest version of the NPAPI flash plugin.
It's a proof of concept. The numbers are dependent upon people visiting that page. As they say in their FAQ:
> The quality of data that we get from this project is definitely decreased as a result of the fact that the design of the website encourages people to play with their browser configurations. A lot of people are doing things like turning off javascript, entering private browsing mode, or deleting cookies just to see what effects those actions have on uniqueness.
> We'd have gotten better data by putting these tests in an invisible corner of a high-traffic website, but that simply isn't the EFF way when it comes to running an experiment like this
Yeah, the numbers seem very suspect. It says, for example, that 1 in 1.34 (ie, only about 75%) of all browsers have cookies enabled. Considering that these days, you basically need that for things to work:
1) They're probably getting a very skewed sample, and
2) They're probably counting bots that hit the site.
You could take a look at the cookies / local storage used by each profile. If I understand the situation right, profile 1 would keep cookies forever, so if you saw countless cookies by multiple tracking companies, you'd know that you forgot to switch profiles at some point.
A large advertising company would have enough resources to code up browser profiling tool that can almost uniquely identify you from various performance characteristics such as canvas render. Those separate profiles only serves the illusion of privacy IMHO.
Are they announcing the launch of the not quite finalized W3C Tracking Protection Group recommendations (see the last call working drafts, bottom left, http://www.w3.org/2011/tracking-protection/)?
Anything that can simply be ignored is worse than worthless. It's worse because it's actively harmful in the cases, the numerous cases, where the tag is simply ignored.
I feel that this would not deter companies from tracking. People would still use disconnect and adblock to make sure that their search queries are not being tracked. I myself am considering getting a VPN since a lot of sites track according to mac address.
Google somehow manages to escape their own browser settings. I set the Chrome flag to 'Do not track', but when I go to their site settings I have to additionally disable tracking.
A lot of this tracking only seems to exist for advertising schemes, which only exist to monetize the page. We are years past the point where we should have figured out how to make it easy to pay who you're looking at.
For instance, when you visit the page for Article X on news site Y, maybe Y's response includes a header that says it requests a donation, with some suggested value like "10 cents". And then, in some standard interface, the browser would show this request (e.g. a small icon in the corner with a price, including some given link on how to pay it). The request would require certain things for security; e.g. use of HTTPS and being on the same domain as the majority of the content.
And since blatant copy/paste stealing and re-posting to blogs, etc. is a money-making scheme in itself, the browser might "protect" monetized pages in some way; e.g. disable the copy/paste and printing functions unless the donation interface is used to pay, to at least make it more difficult to outright rip off web sites.