'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything

Discussion in 'privacy general' started by mood, Oct 15, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,843
    'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything
    October 15, 2018
    https://gizmodo.com/do-not-track-the-privacy-tool-used-by-millions-of-peop-1828868324
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Privacy-minded people know very well, that "do no track" is merely for show. It is basically:
    Code:
    Browser: Please, do not track.
    WebPage: Umm, nope.
    Browser: Whatever.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,371
    Location:
    U.S.A. (South)
    Yup.

    Just another feel safe from tracking phony baloney
     
  4. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    654
    Original intention might have been good, but if there is no way to enforce the setting
    ("please don't track me? please please pleas...?")
    then ad companies just continue to show middle finger to it.

    Also the so called private browsing, (a la incognito) mode should be renamed to something
    else because it really does not (like some have already said here) hide you tracks in any form whatsoever.
    The only thing it's good for is if you are afraid that your wife or boss finds out you have
    been watching porn again instead of working :D
    (and not that good even then, if your boss or wife has technical know how...)

    EDIT:
    Ah, from that article....W3C.....again....behind another useless ****...
    There was actually time when they did offer some great things but long gone now....
     
    Last edited: Oct 15, 2018
  5. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,172
    That's it in a nutshell.
     
  6. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,177
    From the "Do Not Track" feature learn more page:

    REALLY!

    The Federal Trade Commission (FTC) decided not to get officially involved
    and tasked it to (WC3) to work out the details of "Do Not Track" technology.

    Who controls the W3C?
    Adobe, Facebok, Google, Netflix, PayPal, Kaiser Permanente, Yahoo!, ...

    As of 15 October 2018, the World Wide Web Consortium (W3C) has 477 Members
    and many of them are interested in collecting your data.

    Powerful corporate interests who IMO is why DNT doesn't do much of anything
    for the user.
     
    Last edited: Oct 15, 2018
  7. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,172
    @KeyPer4Life Ha ha Less relevant advertising? how about no ads at all. As to the rest, good work sherlock! Only goes to show you have to look at every dang "feature" to see the potential scam.
     
  8. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    976
    So the only way to be anonymous is a vpn?
     
  9. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    873
    Location:
    Land o fruits and nuts, and more crime.
    :thumb: Why are people so dumb to fall for fancy wording? :'(
    Not even fancy wording. Just stupid people!:argh:
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,983
    Arguably, it's impossible to be "anonymous" online. Fully anonymous, anyway. Say that someone has ten Wilders accounts. Now of course, I don't, because that violates ToS, and I value participation here. But say that someone does.

    It'd arguably be hard for them to post actively using all ten. Because shared interests, writing style, etc would eventually link them. Especially if they played sock puppet games, interacting with each other to support, attack, or merely create discord.

    The same concerns apply to the Internet overall. Except that it's a hugely greater space to get lost in.

    Finally, all that assumes perfectly anonymous communication methods. And there is arguably no such thing. VPN services do not provide anonymity. Too few users share a given server. Most browsers leak too much about the computer running them. And it's too easy (well, not trivial, but too easy for adversaries with credentials and resources) to force providers to deanonymize users, or to get information directly by compromising their network uplinks.

    Tor does a pretty good job at anonymity. Each connection (circuit) comprises three relays. Traffic is effectively nested via cryptographic onion routing. Circuits change randomly at ten-minute intervals. And Tor browser is heavily tweaked to prevent leaks, and make all users look alike.

    However, Tor is vulnerable to coordinated attacks by malicious relays. At least, if enough of them slip by Tor Project oversight on suspicious patterns of relay creation and management. Also, there's always the possibility of 0day exploits. And then there's the potential for traffic analysis by such global adversaries as the NSA. And then, sometimes Tor browser leaks. Or Tor can get bypassed by malware that phones home directly. Unless you have a good firewall setup, or use Whonix.

    Finally, you can connect to Tor through nested VPN chains, comprising servers from multiple providers. That protects (at least somewhat) against Tor compromise. But against traffic analysis by global adversaries, it's iffy.
     
  11. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    654
    Like @mirimir said, there is no such thing as 100% anonymity currently.

    The vanilla browsers are just too leaky because most of the core developers are more interested of flashy things (adding new APIs, Harware acceleration etc...)
    than privacy or even security. Either by choise or otherwise (read: money/boss)

    Just by taking look how long it took for mozilla for example, to fix the remote DNS lookup over SOCKS5 proxy (reported 17 years ago, fixed...maybe..few years ago) https://bugzilla.mozilla.org/show_bug.cgi?id=134105

    Or the insecure master password bug reported over 9 years ago: https://bugzilla.mozilla.org/show_bug.cgi?id=524403 (they increased iteration count but are still using insecure PBKDF1, instead of PBKDF2 o_O )

    If one does not want to totally throw away traditional GUI browsing (and use things like Lynx or NetSurf browser that have less stuff crammed into them) then best bet is to use Tor Browser or any other of those privacy oriented browser projects out there combined with Tor + VPN (even tought VPN was not really originally meant to be acting as glorified proxy...)
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,983
    Yeah, well, VPNs were invented for secure network connectivity between trusted peers. So with VPN services, that's you and the proxy server. But there's more to it than secure connectivity with the proxy server. With a VPN connection, you get full TCP/IP connectivity (for tun interfaces) or ethernet connectivity (for tap interfaces). So that lets you transparently proxy all traffic.
     
  13. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    654
    That's right. And because it was originally meant for connecting those two networks over insecure, unencrypted Internet there were no such things to worry like DNS leaks or what happens if for some reason or another, VPN connection dies, the routing table modifications that the VPN clients made disappear and you are back to your ordinary plaintext connection. Those things are (if they are, depending of the client implementation) duck taped however each vendor best see fit it.

    Found this BTW just now:
    https://www.farces.com/google-goes-evil-by-default-and-you-cant-turn-it-off/

    I have no doubts, whatsover of W3C (or Google) intentions anymore....
    :(
     
  14. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    654
  15. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,785
    It's important to make it clear what you think is a threat, what do you value or wanna protect, and what is your possible goal. Otherwise these discussion are prone to go extreme or confusion. If you contemplate, you'll find anonymity is not a necessary condition for privacy and vice versa.

    DNT is still useful as we can see who respect user decision - only problem is they are few. Browser tracking and targeted ads pose impo question on privacy - even when one knows it's not tied to his real identity (at least unless you login w/ them), many ppl feel privacy invasion, which some classical explanation for privacy may fail (But the fact is, every effort to define or extract essential property of privacy have been failed). Obviously ad-providers and privacy-minded consumers see privacy differently, but it's inevitable by its nature.

    Pardon me for prejudice but I feel current situation may be partly resulted from western way of thinking: self-focused and short-sighted view which ignore sustainability and overall goodies on society (tragedy of the Commons). Web master just want more revenue, ad giants just want more customer. Now gradual increase in ad-blocker costs them a bit. If this 'battle' goes on, the future of the web will be doomed. But adversity can have big chances - if privacy-assuring ads succeed, even some giants may slowly follow. There're already potential ways to achieve that (mathematically provable privacy formulation). IIRC one reason a British city (or what...I don't remember) diminished surveillance camera is that it turned out they cost too much while not very effective - a few scientific research have shown they do not decrease overall crime (criminals just move to less monitored area), and another research shown employees' productivity degrades when they're monitored, tho they are not consciously aware of. It may be time to strictly examine if targeted ads are truly good for overall economy.

    A few years ago, I encountered a nice blog. He introduced a product, and put a direct link for it. But besides, he also put an affiliate ad stating sth like (my free translation) "If you don't mind to buy through the ad, I'll get revenue. I'll donate half of it to (NGO or sth)". This in addition to modest ad selection made me smile and happy to click it.
     
  16. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    654
    For god's sake mozilla....I just now noticed.....
    They still haven't rised that dang iteration count for that 9 year old master password bug and changed the bug to P5 ....Lowest priority possible.
    :eek:
     
  17. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    976
    Tor is slow enough as it is. How bad would it be behind a VPN?
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,983
    Tor is so slow that adding a VPN or three isn't noticeable ;)
     
  19. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    844
    Location:
    Sverige
    Gents, could someone point me to a good article on browser tracking, it's an interesting topic.

    Also, I use privacy badger, as well as umatrix and ublock. Umatrix is set to allow only first party cookies and block the rest, would this hinder tracking? Umatrix also utilizes various blocklist sources, and I let ublock handle the more advertising-oriented blocklists (lists used in one, are unused in the other).

    Thanks for thoughts
     
  20. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,785
    If this means you block everything except for 1st party cookie (1st & 3rd scripts, XHR, CSS, image, etc.), it should block most tracking tho it'll also break too many sites until you make custom exclusion. Some ppl also combine CanvasBlocker and/or spoof UA and other attributes via uMatrix or other addons to foil fingerprinting. But I'm pessimistic about these efforts and think VM-based compartmentalization is better as long as you take measures for low-level tracking such as webgl. Also spoofing or reducing referrer info and disabling some talkative APIs may be worth consideration.
     
  21. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,805
    Location:
    UK
    Everything, and I mean everything about an interactive, rich-media browsing experience is designed to prevent anonymity. The whole basis of free is to grab you, identifiably, market-ready you, by the eyeballs, and keep you tethered and hooked on nominally free internet services.

    As described above, this results in so many avenues for de-anonymisation it's impossible to protect completely, and dangerous to presume so, depending on your threat model.

    The future of anonymity (and to a fair extent, liberation from a time-wasting UI that you have to interact with), is medium latency message passing systems, with structured and semi-structured message content. Or course, that way of working is anathema to the current internet behemoths, so don't expect them to provide those services.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,843
    DuckDuckGo wants to bring back 'Do Not Track' with draft duck bill
    May 2, 2019
    https://www.theinquirer.net/inquire...-bring-back-do-not-track-with-draft-duck-bill
    The Do-Not-Track Act of 2019
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.