Do Not Track default feature in IE 10 makes Digital Advertising Alliance unhappy

Source.

Quote:

Originally Posted by Neowin

The launch of the Windows 8 Release Preview on Thursday also came with a new version of Internet Explorer 10. As we reported on Thursday, Microsoft had made the decision to put in the Do Not Track feature in IE 10 as the default for its users. Microsoft called this new move an "important step in this process of establishing privacy by default, putting consumers in control and building trust online." As it turns out, not everyone is happy about this decision. The Digital Advertising Alliance has issued a press release that expresses concern over this move. The DAA, described as "a coalition of the nation’s leading media and marketing trade associations and companies" said that back in February it had committed to an agreement that would honor browser data collection settings but also supported giving the consumer the choice about how companies collect information from their web browser.

Read more: http://www.neowin.net/news/do-not-tr...-group-unhappy

[Hungry Man]

The right solution is to let users choose. If you have a problem with tracking the right to choose should be there for you. But turning off ads and tracking across a massive amount of computers will only serve to hurt and break the internet.

[dw426]

The problem is that, agreements or not, in practice they aren't honoring the choice. I touched on this in another thread, but if they truly want customers to not block them, then they need to stop forcing themselves on us and continuing to serve the most obtrusive ads possible. Flash ads probably contributed to the popularity of ad-blockers than anything else ever has (I personally also hate the "scrolling" ads that follow you down a page.).

Between malware hijacks and "in your face" half movies, I'm sorry, I have very little sympathy for them. The "evercookie" didn't do them any favors either. The social media invasion, where you have to allow Facebook tracking just to use a website when you don't even have a Facebook account and plaster "Like" and "1" buttons everywhere just makes it worse. Stop being militant, and we'll talk.

[Hungry Man]

I block ads for a reason. Some ads "deserve" to be blocked, and I don't really like tracking so I should have the right to disable it.

But I still think it's a good thing that the Adblock Plus dev has added a whitelist for ads that aren't terrible. Inline text ads are whitelisted by default, which is great as they really aren't in the way at all. If all ads were simple text that stayed in place I'd never use adblock.

[dw426]

Quote:

Originally Posted by Hungry Man

I block ads for a reason. Some ads "deserve" to be blocked, and I don't really like tracking so I should have the right to disable it.

But I still think it's a good thing that the Adblock Plus dev has added a whitelist for ads that aren't terrible. Inline text ads are whitelisted by default, which is great as they really aren't in the way at all. If all ads were simple text that stayed in place I'd never use adblock.

Same here, I could even handle the late 90s "flashing buttons" type deal. But now, good lord. Text is perfectly fine so long as it is neatly done (not overlapping main content, not in weird places.). The tracking thing, I get that websites really need it to some extent. In fact, I don't mind at all that they track what I do on their website. Start following to my 5th, 6th website, and I have an issue. I think I'd rather have Doubleclick following me around rather than this damned Facebook which makes Google tracking look non-existent.

[Hungry Man]

It's actually really interesting. I can see referral information on my blog and I've noticed where a lot of readers are coming from in terms of search engine, search queries, or where they were linked to it. It's pretty useful information. If I were trying to target my blog it would be really obvious what stuff is popular with users because of the info available.

But I use the no-referrers header for Chrome and anyone else using it won't show up on my site with referrer info, just that they were there.

So while I personally don't like being tracked I can see why even just a little information can make targeting ads way more effective.

[dw426]

Right, I completely get that it's useful, and I'm not against it so long as there are some boundaries. A select few though are getting to the point where they just want more, and more, and more. And, when it's forced on me, I draw a line. I'll be glad to help websites out by viewing an ad here and there, and let them take a peek at my interests, but respect my choices and give me a little room.

[Hungry Man]

I agree entirely.

[NGRhodes]

Some advertisers seem to not understand that the data they track is technically OUR data (under EU cookie law and data protection act) and we have a right to choose what they do with OUR data.. Some of the laws around this have been around a long time and its the advertisers that have managed to avoid the attention of EU law makers for so long (note each country in EU has different time scales for implementing the cookie law and how).
In the case of a lot of 1st party services the way to opt out is to simply not use that service or opt out of specific information collection services (usually checkbox on a form), but with 3rd party advertisers there has been no mechanism exposed by them (atleast the major ones) to the user or the websites that host the adverts to inform and allow the user to choose (which is a legal requirement in the EU) about what will be done with data collected by these advertisers and which is why the EU has had to come up with specific cookie laws.

Major members of the DAA are some of the ones who have been skirting these EU laws and are now complaining when someone introduces tools which allow users to enforce their legal rights that members of the DAA have failled to do so far.

IMHO the solution is coming up with a good consent model.
Something that we are struggling in the UK with the our implementation of the EU cookie law that requires consent to store your data in cookies for any non essential useage (session cookies are OK).
We were informed that explicit consent was needed, then 48 hours before the deadline for implementation the other week the IOC changed their mind and said implied consent would be OK.

Cheers, Nick

[funkydude]

Well said Nick, never thought of it like that.

[Critter2]

I block everything I can, it's none of their business what I do on the web, none at all

[dw426]

http://www.pcworld.com/article/25669...html#tk.hp_new. Kind of related to the topic, and a good reason to not embrace social integration with websites.

[dw426]

http://www.wired.com/threatlevel/201...-do-not-track/

MS backed down.

I think that is the right decision - Explicit Consent Requirement. Otherwise, every other ad/tech company would simply ignore the flag.

[dw426]

Quote:

Originally Posted by guest

I think that is the right decision - Explicit Consent Requirement. Otherwise, every other ad/tech company would simply ignore the flag.

True, though it won't stop them from still ignoring it if they truly want to. DNT isn't 100% either to begin with, sometimes it doesn't block.

[Hungry Man]

If the user doesn't initiate it even the advertisers who do normally respect it won't. That's already been shown.

But MS has made the right decision by not turning it on by default. Can't read into it now but I assume it's just a matter of them not turning it on.

[siljaline]

I'm not sure I'd throw in the Towel before the circus has begun

TPL's under IE9 work perfectly well although not perfect. Using several works for me, but, that's just me. Pull a Hosts file off my sig and your cooking with gas. Figuratively speaking ...

[dw426]

Quote:

Originally Posted by siljaline

I'm not sure I'd throw in the Towel before the circus has begun

TPL's under IE9 work perfectly well although not perfect. Using several works for me, but, that's just me. Pull a Hosts file off my sig and your cooking with gas. Figuratively speaking ...

Hmm, I'd have to disagree with the Host file inclusion. Two issues with them that make them inefficient to use:

1. Any and all malware addresses will be almost always gone by the time the file is updated. I'd never, ever use a host file to block malware.

2. Many host file lists cover all ad servers/trackers, and they aren't as easy to edit.

As far as TPLs go, sure, most of the time they work just fine. I'd only use one or two at most though.

[siljaline]

Quote:

Originally Posted by dw426

Hmm, I'd have to disagree with the Host file inclusion. Two issues with them that make them inefficient to use:
1. Any and all malware addresses will be almost always gone by the time the file is updated. I'd never, ever use a host file to block malware.

You are in the minority in making this statement.

Quote:

2. Many host file lists cover all ad servers/trackers, and they aren't as easy to edit.

Edit Hosts via Hosts editor, or just by using Notepad.

Quote:

As far as TPLs go, sure, most of the time they work just fine. I'd only use one or two at most though.

Again, you are in the minority, many use and manage three or more TPL's

Regardless of these statements, all is not lost as IE10 and Win 8 are not RTM

[m00nbl00d]

Quote:

Originally Posted by dw426

Hmm, I'd have to disagree with the Host file inclusion. Two issues with them that make them inefficient to use:

1. Any and all malware addresses will be almost always gone by the time the file is updated. I'd never, ever use a host file to block malware.

2. Many host file lists cover all ad servers/trackers, and they aren't as easy to edit.

As far as TPLs go, sure, most of the time they work just fine. I'd only use one or two at most though.

Regarding the hosts file, I've actually seen a blog article by Zscaler sometime ago, where they're shown that community lists such as MDL, etc are actually more effective at blocking malicious domains than web browsers own lists, which work at the cloud level. Just an example. I actually pointed it out in the past at some thread, I believe. I was actually surprised that it could be so effective.

Granted, there may be one or another list, that is not updated that often, and that will obviously mean it will be less effective, but there's quite a handful list of malicious domain black lists that are updated daily, and some are updated hourly,etc ; not necessarily in the hosts file format, but can be made one, by using some script to convert it automatically.

I do see from time to time people saying that such lists aren't that effective, yet they provide no evidence of what so ever. Please, don't take this the wrong way, because it's not intented as an attack, but if one says that xyz isn't effective, than one should provide the evidence.

For instance, we got Zeus, SpyEye and Palevo black lists by abuse.ch. I've read at Krebs On Security blog an article about Zeus/Spyeye botnet owners thinking of hiring a hitman to take care of the security researcher behind abuse.ch. The reason being that these lists do seem to be effective.

[Hungry Man]

Uh, aren't host files updated like... at most twice a month? I can't see that being very effective, you'd have to wait over a week to be protected.

It's not going to hurt but I wouldn't rely on it.

[m00nbl00d]

Quote:

Originally Posted by Hungry Man

Uh, aren't host files updated like... at most twice a month? I can't see that being very effective, you'd have to wait over a week to be protected.

It's not going to hurt but I wouldn't rely on it.

MDL is actually updated daily, unless there's some problem. Malware Patrol list is updated hourly -http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000

Dshield also has 3 lists, updated daily -https://secure.dshield.org/tools/suspicious_domains.html

I'm not hunting them down, but I remember those. I believe more to exist, that are updated quite regularly.

Ads/Trackers lists may be updated monthly or weekly. These don't change that often, so I see no issue with them?

P.S: I also believe that abuse.ch lists are updated daily... maybe even updated within a shorter period of time.

[funkydude]

What use is that when the HOSTS file doesn't immediately take effect when replaced? Cloud services like SmartScreen do.

[Hungry Man]

I was thinking of MVPS when I said bimonthly. Nice that MDL does that. I'd just put it in my adblock if I were going to do anything with it.

[m00nbl00d]

Quote:

Originally Posted by funkydude

What use is that when the HOSTS file doesn't immediately take effect when replaced?

What do you mean? DNS cache? HostsMan allows you to clean it, using its own GUI, without having to use cmd line. Browser cache? Clean it. It just takes a second or so. I don't see it as being much of an issue, to be honest.

I don't see this as a reason not to use it, for those folks wanting to use it.