Latest news
As more and more browser developers add the support for the Do Not Track header to their products, and since Microsoft's decision of making IE10 have the Do Not Track on by default, the discussion about whether websites should or should not accept this particular user request has reached a new level.Microsoft's forceful step has already been criticized by the Apache Foundation, which added a patch to its open source Apache HTTP Server that will make it ignore the DNT header if sent by the IE10 browser.
"The only reason DNT exists is to express a non-default option. That's all it does. It does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization," explained the Roy Fielding, the creator of the patch and one of the founders of the Apache HTTP Server Project, but also a scientist at Adobe and one of the editors of the DNT standard.
Apache has since thawed a bit on that stance and has offered the code for ignoring DNT as an option in the Server's configuration files, but now Yahoo! has made it clear that it will also disregard the DNT signal from IE 10.
"Recently, Microsoft unilaterally decided to turn on DNT in Internet Explorer 10 by default, rather than at users’ direction. In our view, this degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them. It basically means that the DNT signal from IE10 doesn’t express user intent," the company pointed out in a post on its Policy Blog.
"Ultimately, we believe that DNT must map to user intent — not to the intent of one browser creator, plug-in writer, or third-party software service," they explained their decision, adding that users can use the company's Ad Interest Manager tool in order to have more control over personalized advertising on Yahoo!.
But Sophos' Chester Wisniewski thinks that their argument is invalid, especially because "the DNT setting is clearly and explicitly stated during installation and is a clear expression of the user's choice to not be tracked."
Yahoo! should definitely be able to track the users who have logged into their services and expect personalized content, he says, but if someone who has not logged in lands on some of their assets, they should respect the DNT request and show them random ads.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
