Review Request: GUI configuration for the 'Do Not Track'?feature...

Sat Apr 16 20:52:39 BST 2011

On Sat, Apr 16, 2011 at 11:54 AM, Oswald Buddenhagen <ossi at kde.org> wrote:
> On Fri, Apr 15, 2011 at 09:00:11PM +0200, Ingo Klöcker wrote:
>> On Friday 15 April 2011, Oswald Buddenhagen wrote:
>> > On Fri, Apr 15, 2011 at 09:24:47AM -0400, Dawit Alemayehu wrote:
>> > > The configuration option is there to allow the user to opt-in if
>> > > they so choose.
>> >
>> > that's not a very wise default. if too many people will use it (*),
>> > the data miners will just ignore the standard, based on the rightful
>> > claim that most people didn't even explicitly say they don't want to
>> > be tracked.
>>
>> Sorry, but this argumentation is ridiculous. Bad data miners will ignore
>> the standard no matter what.
>>
> that's besides the point.
> data mining is their business. with that flag on, there is no business.
> the only way to make them respect user privacy is either law or just
> making the opt-out share small enough that they don't care too much. if
> you default to opt-out, you give them the perfect excuse for ignoring
> it.

Though I agree with the premise, you argument is not entirely correct
and using it as a justification for why the opt-out should not be
default is completely wrong.

First, the idea that DNT affects most sites lively hood is something
that has already been dispelled. For most sites, there is no reason to
track your browsing habits to provide reasonable advertising on their
pages. For example, if you were to visit a wine related page, then it
is reasonable for you to expect to see wine related ads on that page.
The idea of specifically targeting ads based on more specific
information is mostly the domain of sites that collect vast amount
about you and what you do online, e.g. google/facebook. There a lot
more information about this and related subject at
http://donottrack.us.

Second, even if we completely accept your premise, then why exactly
would it hurt the user for us to include the OPT-OUT header by default
? The sites that want to ignore that header will ignore it anyhow
regardless. So what exactly is lost by simply sending the header by
default ? Not sending it however means that you get no protection even
at those sites that have already implemeted support for this feature.
If you think that is a complete hogwash and no site will do this
willingly, then may I suggest you read
http://firstpersoncookie.wordpress.com/2011/03/30/industry-adoption-of-dnt-underway/.

>> > if you want to encourage people to make use of this privacy
>> > protection mechanism, you should pop up a dialog if no preference
>> > has been configured yet.
>>
>> You do realize that people do not read dialogs? Most users will have
>> no clue what the dialog is talking about and just click Yes.
>>
> do you realize that most people honestly couldn't care less? and they
> don't deserve better. let them enjoy their "free" internet.

Well that seems like the perfect argument why the OPT-OUT should be
the default. It is a well established fact that most users could not
be bothered to think about security or privacy issues until they get
bitten by it. Hence, the more reason why software should strive more
to do right by them as much as possible.

> fwiw, the firefox 4 default is opt-in. and for some reason the setting
> isn't even under "privacy", but under "advanced".

They will change it soon enough. For the life of me, I cannot imagine
of a single person that would voluntarily opt-in to be tracked online.
They have to be completely ignorant about the matter or threatened
with lack of access to capitulate on this issue.

Regards,
Dawit A.