Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/23/2012
05:13 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

'Do Not Track' Won't Save You From Yourself

Just because you now have a Consumer Privacy Bill of Rights, don't assume you have privacy.

Congratulations! You've got privacy. Thanks to the Obama Administration's Consumer Privacy Bill of Rights, no one will ever know about your secret shame, cat breading (yes, breading, not breeding).

Through the miracle of self-regulation--the very thing you can't manage as you post picture after picture of cats wearing slices of bread to your Facebook account--companies like Facebook and Google will start honoring your wish to use online services without being tracked for the purpose of advertising. Soon, your Gmail ads will not include any mention of cats or bread, except by chance. Instead, the online ads you see will be irrelevant and annoying. How's that for progress?

Google and its ilk may still use your data for market research and product development. And law enforcement, of course, will still be able to demand data from online companies about your suspicious cat breading activities. But if you just keep telling yourself, "Now, I have privacy," then everything will be okay.

That is, assuming you can actually be bothered to opt-out.

That task will be easier as browser makers implement a "Do Not Track" button. Online ad networks will also be providing a Do Not Track icon on ads, according to the Federal Trade Commission. Just make sure to click on the button and not the ad, or that will be a billable event for the advertiser. Not that Google is likely to complain.

[ Find out about the new Consumer Privacy Bill of Rights. Read Obama's Consumer Privacy Bill of Rights: 9 Facts. ]

Make no mistake, this is a real victory for Mozilla, the first browser maker to implement Do Not Track. And if Google, which pays the lion's share of the non-profit organization's bills thanks to a Firefox search deal, sees ad revenue decline as a result of a data drought, Mozilla doesn't have to worry for another three years.

Alex Fowler, privacy and public policy lead at Mozilla, sees the Consumer Privacy Bill of Rights and the growing momentum of Do Not Track as an expansion of user control.

"While Internet users have always had some measure of control, the needs for online privacy are not being fully addressed by the controls that exist today," he said in an email. "The problem with the existing controls is that users lose some functionality and erode their experience. Having to break one's Web experience to get privacy shouldn't be an acceptable tradeoff."

But privacy isn't dispensed with a button. Nor is it guaranteed by a Consumer Privacy Bill of Rights that specifies many things that companies "should" do, but offers no detail about enforcement or penalties.

Given that the rights guaranteed in the U.S. Constitution's Bill of Rights were not really available to large numbers of U.S. citizens through the Civil Rights era, and even today get bypassed, we should not expect privacy to descend with the stroke of a legislative pen. It should be noted that last year, the Obama administration was arguing that email should not be protected by the Fourth Amendment. Privacy with exceptions is about as comforting as a parachute that "usually" opens.

The Obama administration's privacy framework represents the beginning of what's going to be a long, drawn-out discussion. It's a positive step, but it's just a step, and a step toward responsible business practices--data usage policies--rather than privacy. As Electronic Freedom Foundation attorney Kevin Bankston noted via Twitter, the White House framework preserves the possibility that online companies could be required to retain data for law enforcement purposes beyond stated data retention times. We promise not to track you, unless we have to.

One anonymous commenter posting to the website of privacy researcher Christopher Soghoian, who helped create Do Not Track, voiced his (or her) skepticism: "I personally wouldn't ever trust ad companies to respect law and many countries [don't] even have laws about privacy on the Net. So I'm inclined to laugh out loud at the idea. I will continue to recommend and help friends and family to install and configure Adblock Plus, NoScript, and Ghostery 'correctly' (as in 'extremely restrictive mode') for them to evade as [many] ads and [as much] profiling [as] possible."

Better still, think before you post anything online or send an email. Take the time to understand Internet technology and its repercussions. Know that using a computer is an act of self-surveillance. The efforts of advertisers to understand your behavior and deliver relevant ads are largely inconsequential. Ads can be ignored or blocked, if you care enough to make that choice. But no government guidelines can save you from yourself if you insist on posting pictures of cats bedecked in bread.

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/24/2012 | 4:07:50 PM
re: 'Do Not Track' Won't Save You From Yourself
Another option is to boot up with a LiveCD, which is a full operating system loaded from disc. In live mode, you reboot the computer, using disc in the drive, and boot from that drive instead of the hard drive. You can then use the LiveCD operating system on the disc without writing data permanently and then when you are done, you can shut down and resume using the system normally. You can find lots of LiveCD operating systems at distrowatch.com. There are even a few LiveCD distributions (also termed distros) that you can use like on-CD applications within Windows. Basic LiveCD instructions: Find one that has the features you need (generally anything from the top 5 popular distros will do), download the ISO image for that LiveCD (They can be around 1 GB in size, but there are <650 MB versions for CD images too), burn the saved ISO to a blank disc, and then you can use that LiveCD disc.

--- Jonathon

cloudfilesecurity.biz
MARIN000
50%
50%
MARIN000,
User Rank: Apprentice
2/24/2012 | 3:30:44 PM
re: 'Do Not Track' Won't Save You From Yourself
If one wants privacy protection that is 100% effective (ie; the "parachute that always opens) and completely under user control they need to use a software platform that remembers nothing from one session to the next. No supercookies, no tokens...nothing to track. CyberShield Solutions makes such software free to everyone on its website.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9079
PUBLISHED: 2020-08-11
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.