Internet and e-mail policy and practice
including Notes on Internet E-mail


2010
Months
Aug

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home


01 Aug 2010

Even if Do-not-track were a good idea, could it ever work?

In a recent article, I read about increasingly intrusive tracking of online users, which has lead to a proposal at the FTC

FTC Chairman Jon Leibowitz said the system would be similar to the Do-Not-Call registry that enables consumers to shield their phone numbers from telemarketers.

Maybe I'm dense, but even if this weren't a fundamentally bad idea for policy reasons, I don't see how it could work.

The phone system is regulated to the extent that there is a well defined set of phone numbers, and the overwhelming majority of phones used by consumers have one or perhaps two numbers. If I travel with my mobile phone, its number stays the same no matter where I am. A phone number is a fine identifier to use in the no-call database.

For do-not-track. what's the identifier? Your IP address? Most ISPs assign addresses with PPP or DHCP so they change anywhere from once an hour to a few times a year. My ISP uses a "carrier NAT" so that their residential customers have no unique external IP address at all. When I travel with my laptop, I get whatever IP a hotspot or hotel happens to assign me, typically hidden behind a NAT. And on a lot of ISPs, when users fetch web pages, the remote site sees the IPs of the ISP's web cache, not the individual users.

As an alternative, for web tracking, I could imagine that the FTC could ask the IETF to invent a no-track header to be sent with each HTTP request, along with all of the other options like preferred language that a browser sends now. But that header has to be programmed into every web browser, every mail program that renders HTML mail, every web server, and every web cache and proxy, which, if we're really diligent, might cover half of the users in two or three years.

Even if we do have a no-track header, we're still in the sitation other people have outlined, with bad guys just ignoring it, and little way to even tell that they're doing so, much less get the FTC to act on it.

In my experience, the FTC is not dumb, so my most charitable interpretation of this proposal is that they know it won't work, but they figure they have to show they tried and failed before they can go back to Congress and ask for something reasonable, like only track people who opt in and say it's OK.

In the meantime, Firefox users might enjoy a browser add-on called Ghostery which lets you see how many trackers web sites offer you (a lot, it's impressive) and decide which of them you want to accept.


posted at: 20:17 :: permanent link to this entry :: 1 comments
posted at: 20:17 :: permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)

Ghostery also available for Chrome
http://news.ghostery.com/post/871715000/ghostery-for-chrome-v2-0

(by Richi Jennings 02 Aug 2010 08:10)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
It turns out you don’t need a license to hunt for spam.
4 days ago

A keen grasp of the obvious
Italian Apple Cake
562 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.