[PET] Apache Webserver Update Ignores IE10 Privacy Settings

Paul Syverson syverson at itd.nrl.navy.mil
Mon Sep 24 10:22:34 BST 2012


On Wed, Sep 19, 2012 at 12:04:09PM -0700, Aleecia M. McDonald wrote:
> 
> On Sep 19, 2012, at 9:25 AM, Paul Syverson <syverson at itd.nrl.navy.mil> wrote:
> 
> > I believe another prominent member of the PETs community who I shan't
> > name was recently joking (or not?) about giving an invited talk on DNT
> > with no shirt on and "Do not look at my chest" written on his chest.
> 
> One PETS regular sarcastically dismissed DNT as the "don't be evil"
> bit when he first heard the idea, but rapidly came around to seeing
> it would be more than a Pretty Please approach. Companies
> voluntarily choose to adopt DNT, and then are held to the promise
> they make. In the US, that means FTC enforcement. In that regard,
> it's like the way privacy policies work. But where privacy policies
> are "say what you will do, and do that," DNT is a bundle of things,
> as in "here is a minimum baseline to follow if you want to claim DNT
> compliance."

I fear that by pulling this anecdote from my post and using it to
embellish on the value of DNT you took my point to be entirely
dismissive of DNT. The points were in what I said first:
The contributions of keeping things like DNT are often
underappreciated by those who think that the only security that ever
matters has an adversary model with only technological elements.
Also, in my citation from Fielding, DNT will only work if
people believe it is reflecting actual preferences. One danger of
what happens if that breaks down is reflected in the quote
from Swa Frantzen in the original post:
"The real issue behind the name calling is that the standard is a
compromise between an advertising industry that desperately wants to
track users and privacy advocates who do not want anybody to be
tracked. As with any compromise if one vendor starts to shift the
balance of the compromise itself, the entire compromise is at
risk. And if that happens those of us who did set DNT manually will
get happily ignored by the advertising industry."

The "shirtless idea" is an amusing but nonetheless valid reminder of
the limitations of policy based solutions. And as with most amusing
anecdotes and jokes, it can't be taken too seriously or expected to
fully and accurately capture all aspects of its subject. Perhaps you
just felt a need to further clarify the virtues (and limitations) of
DNT. That you did so in response to this particular extract from my
post made me feel a need to further clarify what I was saying overall.

It's not just jokes that are so limited; the Frantzen quote is
primarily a valid observation, but it does not fully and accurately
capture the positions of all in the advertising industry or of privacy
advocates. We can't say everything important and relevant at
once. Nonetheless some of us still try, to the exasperation of my
friends and non-friends alike.

HTH,
Paul

> 
> In the US, we have a Do Not Call list. From a PETS perspective, Do
> Not Call is imperfect in that it does not have a technical mechanism
> to stop telemarketing calls. Sure, enforcement matters. The name Do
> Not Call is overly broad, in that it does not stop all calls
> (yikes!) or even stop all solicitations. For example, there are
> carve-outs for businesses with existing relationships, charity, and
> political campaigns. But for all that it is Do Not Call* with fine
> print to go with the *, Do Not Call does give people more control.
> 
> Neither Do Not Call nor Do Not Track will cure cancer. And yes, the
> over-claims are frustrating to read, both in the press and in a few
> research papers where the authors believe they know what DNT is, and
> company X is violating DNT. As you can no doubt tell, we are into
> the political layer here too.
> 
> Like Do Not Call, with DNT, I expect user choice and control will
> advance, fine print and all. Some DNT details are still under
> vigorous debate, but the overall shape is becoming clear.
> 
> 	Aleecia
> 	/* personal opinions only; not speaking for Mozilla, Stanford,
> or in any capacity for the Tracking Protection Working Group */
> _______________________________________________ PET mailing list
> PET at lists.links.org http://lists.links.org/mailman/listinfo/pet



More information about the PET mailing list