Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/23/2012
05:13 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

'Do Not Track' Won't Save You From Yourself

Just because you now have a Consumer Privacy Bill of Rights, don't assume you have privacy.

Congratulations! You've got privacy. Thanks to the Obama Administration's Consumer Privacy Bill of Rights, no one will ever know about your secret shame, cat breading (yes, breading, not breeding).

Through the miracle of self-regulation--the very thing you can't manage as you post picture after picture of cats wearing slices of bread to your Facebook account--companies like Facebook and Google will start honoring your wish to use online services without being tracked for the purpose of advertising. Soon, your Gmail ads will not include any mention of cats or bread, except by chance. Instead, the online ads you see will be irrelevant and annoying. How's that for progress?

Google and its ilk may still use your data for market research and product development. And law enforcement, of course, will still be able to demand data from online companies about your suspicious cat breading activities. But if you just keep telling yourself, "Now, I have privacy," then everything will be okay.

That is, assuming you can actually be bothered to opt-out.

That task will be easier as browser makers implement a "Do Not Track" button. Online ad networks will also be providing a Do Not Track icon on ads, according to the Federal Trade Commission. Just make sure to click on the button and not the ad, or that will be a billable event for the advertiser. Not that Google is likely to complain.

[ Find out about the new Consumer Privacy Bill of Rights. Read Obama's Consumer Privacy Bill of Rights: 9 Facts. ]

Make no mistake, this is a real victory for Mozilla, the first browser maker to implement Do Not Track. And if Google, which pays the lion's share of the non-profit organization's bills thanks to a Firefox search deal, sees ad revenue decline as a result of a data drought, Mozilla doesn't have to worry for another three years.

Alex Fowler, privacy and public policy lead at Mozilla, sees the Consumer Privacy Bill of Rights and the growing momentum of Do Not Track as an expansion of user control.

"While Internet users have always had some measure of control, the needs for online privacy are not being fully addressed by the controls that exist today," he said in an email. "The problem with the existing controls is that users lose some functionality and erode their experience. Having to break one's Web experience to get privacy shouldn't be an acceptable tradeoff."

But privacy isn't dispensed with a button. Nor is it guaranteed by a Consumer Privacy Bill of Rights that specifies many things that companies "should" do, but offers no detail about enforcement or penalties.

Given that the rights guaranteed in the U.S. Constitution's Bill of Rights were not really available to large numbers of U.S. citizens through the Civil Rights era, and even today get bypassed, we should not expect privacy to descend with the stroke of a legislative pen. It should be noted that last year, the Obama administration was arguing that email should not be protected by the Fourth Amendment. Privacy with exceptions is about as comforting as a parachute that "usually" opens.

The Obama administration's privacy framework represents the beginning of what's going to be a long, drawn-out discussion. It's a positive step, but it's just a step, and a step toward responsible business practices--data usage policies--rather than privacy. As Electronic Freedom Foundation attorney Kevin Bankston noted via Twitter, the White House framework preserves the possibility that online companies could be required to retain data for law enforcement purposes beyond stated data retention times. We promise not to track you, unless we have to.

One anonymous commenter posting to the website of privacy researcher Christopher Soghoian, who helped create Do Not Track, voiced his (or her) skepticism: "I personally wouldn't ever trust ad companies to respect law and many countries [don't] even have laws about privacy on the Net. So I'm inclined to laugh out loud at the idea. I will continue to recommend and help friends and family to install and configure Adblock Plus, NoScript, and Ghostery 'correctly' (as in 'extremely restrictive mode') for them to evade as [many] ads and [as much] profiling [as] possible."

Better still, think before you post anything online or send an email. Take the time to understand Internet technology and its repercussions. Know that using a computer is an act of self-surveillance. The efforts of advertisers to understand your behavior and deliver relevant ads are largely inconsequential. Ads can be ignored or blocked, if you care enough to make that choice. But no government guidelines can save you from yourself if you insist on posting pictures of cats bedecked in bread.

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
MARIN000
50%
50%
MARIN000,
User Rank: Apprentice
2/24/2012 | 3:30:44 PM
re: 'Do Not Track' Won't Save You From Yourself
If one wants privacy protection that is 100% effective (ie; the "parachute that always opens) and completely under user control they need to use a software platform that remembers nothing from one session to the next. No supercookies, no tokens...nothing to track. CyberShield Solutions makes such software free to everyone on its website.
JonathonT
50%
50%
JonathonT,
User Rank: Apprentice
2/24/2012 | 4:07:50 PM
re: 'Do Not Track' Won't Save You From Yourself
Another option is to boot up with a LiveCD, which is a full operating system loaded from disc. In live mode, you reboot the computer, using disc in the drive, and boot from that drive instead of the hard drive. You can then use the LiveCD operating system on the disc without writing data permanently and then when you are done, you can shut down and resume using the system normally. You can find lots of LiveCD operating systems at distrowatch.com. There are even a few LiveCD distributions (also termed distros) that you can use like on-CD applications within Windows. Basic LiveCD instructions: Find one that has the features you need (generally anything from the top 5 popular distros will do), download the ISO image for that LiveCD (They can be around 1 GB in size, but there are <650 MB versions for CD images too), burn the saved ISO to a blank disc, and then you can use that LiveCD disc.

--- Jonathon

cloudfilesecurity.biz
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp;amp; Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.