[PET] Fwd: Apache Webserver Update Ignores IE10 Privacy Settings

Wright, Matthew mwright at uta.edu
Wed Sep 19 16:22:25 BST 2012


Interesting implications for privacy?

Begin forwarded message:

From: "Pierce, Sean" <seanp at UTA.EDU<mailto:seanp at UTA.EDU>>
Date: September 18, 2012 11:21:15 PM CDT
To: "ISEC at LISTSERV.UTA.EDU<mailto:ISEC at LISTSERV.UTA.EDU>" <ISEC at LISTSERV.UTA.EDU<mailto:ISEC at LISTSERV.UTA.EDU>>
Subject: [ISEC] Apache Webserver Update Ignores IE10 Privacy Settings
Reply-To: CSE Information Security Lab <ISEC at LISTSERV.UTA.EDU<mailto:ISEC at LISTSERV.UTA.EDU>>

It is interesting to see that a company is trying to protect customer privacy while a (community driven) open source project is not:

Apache Webserver Update Ignores IE10 Privacy Settings
(September 10, 2012)
An update for the Apache webserver makes websites ignore Do Not Track
(DNT) settings in Internet Explorer 10 (IE10). Roy Fielding, a DNT
architect, who was vocal in his disapproval of Microsoft's decision
earlier this year to make DNT on by default in IE10, wrote the patch.
Fielding says that Microsoft violated the standard requiring DNT
preferences to be transmitted to websites only when users specifically
enable the feature in their configuration settings. Others maintain that
Microsoft complies with the requirement by displaying a screen during
the operating system set-up process that explicitly tells users that if
they choose the Express set-up option, DNT will be turned on in IE10.
http://arstechnica.com/security/2012/09/apache-webserver-updated-to-ignore-do-not-track-settings-in-ie-10/
[Guest Editor's Note (Pescatore): The W3C specification for Do Not Track
says "We do not specify how tracking preference choices are offered to
the user or how the preference is enabled: each implementation is
responsible for determining the user experience by which a tracking
preference is enabled." Microsoft's approach meets this, and other,
language in the spec - and is the much better way to go. Apache software
ignoring IE 10 settings is equivalent to Google subverting the Safari
browser settings and the FTC has already ruled on that.
(Swa Frantzen): The real issue behind the name calling is that the
standard is a compromise between an advertising industry that
desperately wants to track users and privacy advocates who do not want
anybody to be tracked. As with any compromise if one vendor starts to
shift the balance of the compromise itself, the entire compromise is at
risk. And if that happens those of us who did set DNT manually will get
happily ignored by the advertising industry.]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.links.org/pipermail/pet/attachments/20120919/8c849170/attachment-0001.html>


More information about the PET mailing list