Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/23/2012
05:13 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

'Do Not Track' Won't Save You From Yourself

Just because you now have a Consumer Privacy Bill of Rights, don't assume you have privacy.

Congratulations! You've got privacy. Thanks to the Obama Administration's Consumer Privacy Bill of Rights, no one will ever know about your secret shame, cat breading (yes, breading, not breeding).

Through the miracle of self-regulation--the very thing you can't manage as you post picture after picture of cats wearing slices of bread to your Facebook account--companies like Facebook and Google will start honoring your wish to use online services without being tracked for the purpose of advertising. Soon, your Gmail ads will not include any mention of cats or bread, except by chance. Instead, the online ads you see will be irrelevant and annoying. How's that for progress?

Google and its ilk may still use your data for market research and product development. And law enforcement, of course, will still be able to demand data from online companies about your suspicious cat breading activities. But if you just keep telling yourself, "Now, I have privacy," then everything will be okay.

That is, assuming you can actually be bothered to opt-out.

That task will be easier as browser makers implement a "Do Not Track" button. Online ad networks will also be providing a Do Not Track icon on ads, according to the Federal Trade Commission. Just make sure to click on the button and not the ad, or that will be a billable event for the advertiser. Not that Google is likely to complain.

[ Find out about the new Consumer Privacy Bill of Rights. Read Obama's Consumer Privacy Bill of Rights: 9 Facts. ]

Make no mistake, this is a real victory for Mozilla, the first browser maker to implement Do Not Track. And if Google, which pays the lion's share of the non-profit organization's bills thanks to a Firefox search deal, sees ad revenue decline as a result of a data drought, Mozilla doesn't have to worry for another three years.

Alex Fowler, privacy and public policy lead at Mozilla, sees the Consumer Privacy Bill of Rights and the growing momentum of Do Not Track as an expansion of user control.

"While Internet users have always had some measure of control, the needs for online privacy are not being fully addressed by the controls that exist today," he said in an email. "The problem with the existing controls is that users lose some functionality and erode their experience. Having to break one's Web experience to get privacy shouldn't be an acceptable tradeoff."

But privacy isn't dispensed with a button. Nor is it guaranteed by a Consumer Privacy Bill of Rights that specifies many things that companies "should" do, but offers no detail about enforcement or penalties.

Given that the rights guaranteed in the U.S. Constitution's Bill of Rights were not really available to large numbers of U.S. citizens through the Civil Rights era, and even today get bypassed, we should not expect privacy to descend with the stroke of a legislative pen. It should be noted that last year, the Obama administration was arguing that email should not be protected by the Fourth Amendment. Privacy with exceptions is about as comforting as a parachute that "usually" opens.

The Obama administration's privacy framework represents the beginning of what's going to be a long, drawn-out discussion. It's a positive step, but it's just a step, and a step toward responsible business practices--data usage policies--rather than privacy. As Electronic Freedom Foundation attorney Kevin Bankston noted via Twitter, the White House framework preserves the possibility that online companies could be required to retain data for law enforcement purposes beyond stated data retention times. We promise not to track you, unless we have to.

One anonymous commenter posting to the website of privacy researcher Christopher Soghoian, who helped create Do Not Track, voiced his (or her) skepticism: "I personally wouldn't ever trust ad companies to respect law and many countries [don't] even have laws about privacy on the Net. So I'm inclined to laugh out loud at the idea. I will continue to recommend and help friends and family to install and configure Adblock Plus, NoScript, and Ghostery 'correctly' (as in 'extremely restrictive mode') for them to evade as [many] ads and [as much] profiling [as] possible."

Better still, think before you post anything online or send an email. Take the time to understand Internet technology and its repercussions. Know that using a computer is an act of self-surveillance. The efforts of advertisers to understand your behavior and deliver relevant ads are largely inconsequential. Ads can be ignored or blocked, if you care enough to make that choice. But no government guidelines can save you from yourself if you insist on posting pictures of cats bedecked in bread.

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/24/2012 | 4:07:50 PM
re: 'Do Not Track' Won't Save You From Yourself
Another option is to boot up with a LiveCD, which is a full operating system loaded from disc. In live mode, you reboot the computer, using disc in the drive, and boot from that drive instead of the hard drive. You can then use the LiveCD operating system on the disc without writing data permanently and then when you are done, you can shut down and resume using the system normally. You can find lots of LiveCD operating systems at distrowatch.com. There are even a few LiveCD distributions (also termed distros) that you can use like on-CD applications within Windows. Basic LiveCD instructions: Find one that has the features you need (generally anything from the top 5 popular distros will do), download the ISO image for that LiveCD (They can be around 1 GB in size, but there are <650 MB versions for CD images too), burn the saved ISO to a blank disc, and then you can use that LiveCD disc.

--- Jonathon

cloudfilesecurity.biz
MARIN000
50%
50%
MARIN000,
User Rank: Apprentice
2/24/2012 | 3:30:44 PM
re: 'Do Not Track' Won't Save You From Yourself
If one wants privacy protection that is 100% effective (ie; the "parachute that always opens) and completely under user control they need to use a software platform that remembers nothing from one session to the next. No supercookies, no tokens...nothing to track. CyberShield Solutions makes such software free to everyone on its website.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...