[LINK] do not track add-ons

Steven Clark steven.clark at internode.on.net
Tue Jan 25 14:54:11 AEDT 2011


> On 25/01/2011, at 9:11 AM, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> 
>> At 9:25 +1100 25/1/11, Jan Whitaker wrote:
>>> "Firefox, Google Chrome adding 'Do Not Track' tools
>>> January 25, 2011 - 8:43AM
>>> http://www.theage.com.au/technology/technology-news/firefox-google-chrome-adding-do-not-track-tools-20110125-1a38o.html
>> 
>> Lauren Weinstein's not impressed:
> 
> Lauren is not alone. It seems to me that the only way a 'do-not-track' could possibly work would require some kind of verifiable identification mechanism ... Otherwise how can a 'provider' know not to track your device's activity?
> 
> It seems to me that the better approach - and one more consistent with everyone's 'expectations' - would be to allow/enable 'users' to actively protect their anonymity. To allow users to actively choose to obfuscate themselves and their device(s) in some cryptographically consistent manner, perhaps involving a randomly generated hash derived via a client-side/driven PKI process?
> 
> If lawfully required individuals can establish that it was they who authorised the transaction (expecting someone to prove a negative is stupid fail).
> 
> Ultimately, this is a hard problem: anonymity is difficult to maintain - especially when there are financial incentives to 'unmask'. [and third-party escrow doesn't remove the problem, it just adds another external party to the game]
> 
> Proving a negative is implausible. The 'problem' needs to be recast in positive terms.
> 
> To my mind, anyone who desires to track/trace/etc me or my devices ought to be required to tell me up front that they want to do this, and how they propose to do it, and why, and provide me with clear and *effective* and *efficient* means to proceed anonymously as far as practicable. At the very worst, an unequivocal statement of the value of the tracking to the party proposing to track my behaviour ought to be declared up front. In real dollar terms.
> 
> Anonymity ought to be the norm. Identification ought to be 'opt-in' - not the default. And how that identification is to be used ought to be set out explicitly. And not in legalese, with disclaimers and so on. Hidden in a 'privacy' policy.
> 
> Just because 'following me about' might be 'valuable' to a business, doesn't mean it ought to be OK. If my local florist did that anywhere else, the outcry about unwarranted surveillance would be quickly addressed. So why should it be acceptable to do online? ESPECIALLY since it is so easy to do and to do without notice and to do covertly. even when down explicitly, it is hard for most people to relate to what is happening. This is a major black hole in privacy protection in practice -I have to know it's happening to complain about it. But it also has to be an issue that can conceivably be construed as a problem under existing privacy laws before anyone will do anything. Facebook is a multi-billion-dollar marketing database.  A Facebook user, I'm just a squeaking Gen-Xer ... 
> 
> In practice, Australian privacy law really only recognises 'identifiability' as a legitimate privacy concern. At the very least we ought to be able to expect that identifiability will be protected ... instead, the excitement over extracting as much 'value' out of people just because transactions are mediated by a computer brushes aside a fundamental issue. Loyalty cards manifest this as well, but at least you have to physically hand over the card - so you have some notice that the recording is happening.
> 
> It's so cheap and so easy to follow people online that discussions often overlook the problem that this behaviour would probably be considered abhorrent anywhere else. You don't expect a realtor to follow you about all day to see what you buy, what you do, and where you do it just so they can 'target' you for 'relevant' propositions just because you dropped by to ask about rental properties. But online this is not only OK, it's considered *essential* - because marketing businesses have found out how easy it is to do. And it is so cheap to do compared with how much they can ask for doing it that it's stupid for them *not* to at least try.
> 
> As the costs of tracking mobile phones etc drops, the temptation to do will be overwhelming. And having 'accepted' it online, it's (going to be) much harder to resist it in physical space.
> 
> 
> from Steven via Bandersnatch, a frumious iPad



More information about the Link mailing list