US senator introduces legislation aimed at protecting online privacy

[Nowak]

https://www.theverge.com/2019/5/20/18632363/sen-hawley-do-not-track-targeted-ads-duckduckgo

 

If anyone remembers a piece of US legislation introduced to curb lootboxes and predatory monetization schemes in video games, guess what? The senator who introduced said legislation, Josh Hawley (R-MO), is back, this time with a new piece of legislation aimed at curbing excessive data mining.

 

Quote

Online advertising has become more invasive than ever, and Sen. Josh Hawley (R-MO) announced today that he plans to introduce a bill that would create a Do Not Call list but for data tracking.

 

Hawley’s Do Not Track Act would, if approved, allow people using an online service to opt out of any data tracking that isn’t necessary for that particular service to properly work. It would create a national list that would provide people with an option to block any secondary data tracking and penalize companies that continued to collect unnecessary data.

If you're familiar with how the National Do Not Call List works, this is basically the same idea: you opt out once, and companies like Google, Facebook, Microsoft et al. aren't allowed to track you anymore. This is similar to hypothetical legislation authored by DuckDuckGo earlier this month. But why is the senator proposing this, you ask? Don't worry, he has a reason.

 

Quote

“Big tech companies collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent,” Hawley said. “They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet.”

Again, this is similar to a piece of hypothetical legislation authored by DuckDuckGo, with the same intention: closing the "do not track" loophole, rein in targeted advertising and ensuring compliance with a browser's "Do not track" setting.

 

Quote

The Do Not Track standard was first introduced in 2009, but it fizzled out as browsers and ad networks were unable to come to a consensus about how to treat the opt-out. But millions of users still have their browsers set to Do Not Track, and the new bill would add severe penalties for ignoring the signal. If a company like Google were to knowingly collect secondary datasets from users who opt out, the company would be penalized up to $1,000 a day per person — so long as the total is over $100,000. If a company collected the data unknowingly, it would still be required to pay out $50 a day per person.

For those of you wondering: this bill isn't supposed to impact services necessary for a site to run. This is intended to make the "Do not track" setting in your browser actually mean something.

 

If you live in the United States, then you should urge your senators to support Hawley's Do Not Track Act. It's about time that we took back control of our private information from big tech companies.

[Bouzoo]

Yeah, that'll work. Facebook and Google broke GDPR day 1 and you know what happened? No need to answer. 

[Delicieuxz]

Please people, if you live in the US, consider contacting your representative's office and asking that they support this bill. And maybe encourage others to do the same.

 

Here are some resources to help with getting in touch:

 

House of representatives search by zip-code: https://www.house.gov/representatives/find-your-representative

House of representatives directory: https://www.house.gov/representatives

Senator directory: https://www.senate.gov/senators/index.htm

 

Here's How To Contact Your U.S. Senators & Representatives

[Bananasplit_00]

Nice, hopefully this passes and it does something

[Arika]

How do you prove you are being tracked despite "do not track" being selected? 

[The King of the Undead]

finally something good from mo!

[Nowak]

13 minutes ago, Arika S said:

How do you prove you are being tracked despite "do not track" being selected? 

You still get targeted ads. Like, let's say you live here in the US (I know you don't, I'm just trying to give an example) and look at cereal on, say, Walmart's website. Then, you go on Facebook and you get ads from General Mills, promoting Honey Nut Cheerios to you. However, you have Do Not Track enabled in your browser, so Facebook shouldn't know you were looking at cereal.

 

This is what this bill aims to curb.

[Bouzoo]

7 minutes ago, comander said:

They were fined. 

Some things are easier to do than others. 
Checking a flag and turning off telemetrics is relatively easy. 

Yeah, Google was fined less than 60 million euros in a year, Facebook afaik haven't been fined yet for GDPR. So yeah, nothing changed. 

[orbitalbuzzsaw]

Ah yes the Do-Not-Call List, the most effective US Government program in history. 11/10 will definitely stand up to corporate assholes

[orbitalbuzzsaw]

Just now, comander said:

It'll probably stand up to the largest corporations. 
It probably won't work for lone agents who have 0 concerns about the law. 

Because the US government is so very good at punishing corporations for breaking the law.

[Trik'Stari]

Can we please just get an internet bill of rights already?

 

1. Freedom of speech. (this would apply to generic social media like facebook and Twitter. Not subject specific internet forums)

2. Right to privacy.

3. Though Shalt Not Look at Another Mans True Browsing History.

4. Auto-play ads with audio will be punishable by being fed the to Ravenous Bugblatter Beast of Traal.

 

etc.

 

Edit: I am half joking, half serious. Right to privacy and Freedom of Speech need to apply to things like Facebook and Twitter because they offer a utility. A means by which the public views and converses with itself, at large. The reach and power is too far and too great to not be regulated.

[Nowak]

Just now, Mr. horse said:

I don't see the need. Nothing a quick logout, browser wipe/reset and change of an ip would fix. 

You overestimate how smart the average user is.

[Nowak]

Just now, Mr. horse said:

Not really. The average user is not informed about this or simply doesn't care and willingly hands over there lifes story.

Those that do know and would care would lickly know how to clear there browser out and change their ip.

both being trivia tasks. 

The average user would not know how to change their IP address. That's what I mean.

[Nowak]

Just now, Mr. horse said:

For a cell phone. Turn on air plane mode and turn it off.

for dsl and most cable internet providers power off the modem amd power it back on. 

It's rather simple. But you are right. Most people probably don't even know what an IP address is.

My guy, I know this shit. I also live with people who know next to nothing about how technology works and just think the modem is a magical box that makes the internet work. If someone needs to touch it, I'm the one who does so.

 

Because of how transparent the whole DHCP process is, unless you already know what an IP address is you'd never know what your IP is or why it matters.

[ARikozuM]

Just now, Mr. horse said:

For a cell phone. Turn on air plane mode and turn it off.

for dsl and most cable internet providers power off the modem amd power it back on. 

It's rather simple. But you are right. Most people probably don't even know what an IP address is.

You're changing your internal IP, not the external IP (or is it the other way?), when you do that. It doesn't change the fact that tracking you would still work. 

[TempestCatto]

I'm gonna be honest, you mention the "Do Not Call List" that thing hasn't worked for me in years. No matter how many times I register my number, I still get spammy shit. I do hope this "Do Not Track" thing works out better.

 

Though that raises a question for me. Let's say you're listing to Spotify without premium. You get ads, and usually those ads are meant to be local so you don't hear something for a store or car dealer that's not in your town. Does that still count as "tracking" or "targeted"? 

[Trik'Stari]

13 minutes ago, Mr. horse said:

I don't see the need. Nothing a quick logout, browser wipe/reset and change of an ip would fix. 

Or better yet no scrip and a add blocker or something. 

Not that it really matters. Its not really a real problem. People just like getting their jimmys rustled up over things.  

All three of those are beyond the comprehension of 95% of users out there, in my experience.

 

I'm still shocked my own father knows how to log out of Gmail and does so when he's done checking it. This man struggles with pausing the TV or a streaming service.

 

With a remote. With the same button that has been pause for what....... 40-50 years?

[Trik'Stari]

3 minutes ago, TempestCatto said:

I'm gonna be honest, you mention the "Do Not Call List" that thing hasn't worked for me in years. No matter how many times I register my number, I still get spammy shit. I do hope this "Do Not Track" thing works out better.

 

Though that raises a question for me. Let's say you're listing to Spotify without premium. You get ads, and usually those ads are meant to be local so you don't hear something for a store or car dealer that's not in your town. Does that still count as "tracking" or "targeted"? 

That's actually an interesting point.

 

I do feel that advertisers should be able to be relevant to specific geographic locations, to a certain extent. But at what point does that violate privacy?

 

Damn good question. Considering I regard marketing and advertising personnel on the same level as Nazi's, Communists, and Cyclists.

[TempestCatto]

2 minutes ago, Trik'Stari said:

Communists, and Cyclists.

I'm glad you and I think alike here. I have a national cycle track in my town and holy shit those guys genuinely deserve to get run-over. 

[Guest]

2 minutes ago, TempestCatto said:

I'm glad you and I think alike here. I have a national cycle track in my town and holy shit those guys genuinely deserve to get run-over. 

I cycle a lot, because gas is getting higher and so is my cholesterol (genetic , well that’s what they tell me anyway) I always keep the the curb, pretty much the left (not in America, so lateral not medial deviation) or on the line, always single file etc.

 

Like sometimes cyclists have fair points, like space is ok, like I’m fine with 30-50cm, depending on size of vehicle. But the ones who claim they need to ride abreast or the middle of the lane just are dicks. I always give them a honk if I’m in the car, especially in 100k zones. No excuse for riding abreast or the middle of the lane on a highway - especially around corners.

[dalekphalm]

32 minutes ago, Mr. horse said:

For a cell phone. Turn on air plane mode and turn it off.

for dsl and most cable internet providers power off the modem amd power it back on. 

It's rather simple. But you are right. Most people probably don't even know what an IP address is.

 

but even with out a new IP on online tracking is stoped after you log out of everything and clear out your browser history and stuff.

FYI neither of those would work in most situations. This is because your ISP assigns you a DHCP assigned address with a lease time. The lease time is how long the IP address is "reserved" for you. Typically this would be at minimum of 1-2 days, with more likely being 1+ week.

 

So if you happened to be a few moments away from your DHCP lease renewing, and you powered down? Yeah - you'd get a new IP Address. But if you even had 5 minutes left on the lease, it would just pick up the same IP again immediately after reconnecting, and then since the device was still using the IP at the time of lease renewal, it would renew for whatever the lease time happens to be.

 

For you to realistically "get a new IP" at home, you'd have to unplug your modem for at least a day or two - possibly up to a week or longer. You could of course call your ISP and request a new IP - some will ISP's will do this, some won't.

[fargonaz]

Unfortunately, legislation isn't the answer, government is not an efficient method to fix technical issues.

[dalekphalm]

Just now, fargonaz said:

Unfortunately, legislation isn't the answer, government is not an efficient method to fix technical issues.

Online privacy isn't a technical issue. The issue is companies ignoring DNT requests. And also DNT requests having no legal backing, so there's essentially no repercussions if a company ignores the request.

[fargonaz]

1 minute ago, dalekphalm said:

Online privacy isn't a technical issue. The issue is companies ignoring DNT requests. And also DNT requests having no legal backing, so there's essentially no repercussions if a company ignores the request.

You win.

[Delicieuxz]

10 hours ago, Mr. horse said:

I don't see the need. Nothing a quick logout, browser wipe/reset and change of an ip would fix. 

Or better yet no scrip and a add blocker or something. 

Not that it really matters. Its not really a real problem. People just like getting their jimmys rustled up over things.  

Blocking ads from being shown to you is not the same thing as blocking sites from tracking you - which will still happen even if you don't see ads. The biggest thing those steps will do is make your own internet experience excruciating and a waste of time, while you're still tracked.

 

The quick log-out of hundreds of sites and wiping your cookies after each browsing session means that you'll also have to perpetually log back into hundreds of sites, and remember your log-in details for all of them. You won't have any auto-complete searches or browsing history available to you, and when you log back into sites so that you can see and engage their content, your data will be associated with you regardless of whether you log out and wipe your cookies.

 

And you'll still receive targeted ads based on your current IP address, your browser cookies, the account you're logged into a site with, and other things.

 

After doing a clean installation of Windows, it takes me months of logging into various websites when I happen to visit them before browsing is as smooth as possible again.

 

10 hours ago, Mr. horse said:

For a cell phone. Turn on air plane mode and turn it off.

for dsl and most cable internet providers power off the modem amd power it back on. 

It's rather simple. But you are right. Most people probably don't even know what an IP address is.

 

but even with out a new IP on online tracking is stoped after you log out of everything and clear out your browser history and stuff.

That will accomplish nothing other than maybe give you a placebo sense of privacy if you don't understand how tracking works. You're primarily tracked by cookies and accounts, probabilistic matching, canvas fingerprinting, HTML5 storage, device ID, installed apps, and not IP. And your phone activity is still logged while it's in airplane mode, and then that activity is uploaded once you connect to the internet again.

 

 

How Does Google AdSense Track Your IP?

Quote

Because IP addresses cannot reliably identify an individual user, advertising services track visitors through small files on their browsers called cookies. When you visit a website that is advertising with Google AdSense, it tells your Web browser to create a cookie with data to identify you as a unique visitor. As you visit more sites that use Google's advertising services, the sites will check for that cookie to identify you. This lets Google's advertising services track your browsing and show you targeted ads.