Yahoo! rejects privacy arguments, ignores do not track from IE 10 users

Filed Under: Featured, Internet Explorer, Microsoft, Privacy

Yahoo! logoA little more than a month ago Apache went head to head with Microsoft over the choice of do not track (DNT) in Internet Explorer 10. Apache has now backed down and provides the code to ignore DNT as a commented option in its config files.

On Friday Yahoo! decided it was time to take over the resistance to DNT by announcing it would now ignore Internet Explorer 10 users' choices to not be tracked on grounds that it believes its users' experience is "better when it is personalized."

There are several problems with their argument.

  1. The argument that Yahoo! users expect a personalized experience has nothing whatsoever to do with advertisers tracking users. No different than with Microsoft, Google or Facebook, the personalized experience is only expected by users who have logged into the service.

  2. Users of Internet Explorer 10 have expressed their preference to not be tracked. The do not track setting is clearly and explicitly stated during installation and is a clear expression of the user's choice to not be tracked.
  3. The argument is hollow and isn't open and honest. Yahoo! wants to provide advertisers the ability to target its users to generate revenue.

    Why not be open and suggest to users that providing great financial, news, sports and entertainment content requires advertising partners?

The crux of the matter is whether Internet Explorer 10 is requiring users to choose a tracking preference. Considering the options presented during installation, this should be obvious.

IE10 tracking preferences

Yahoo! and other organizations that depend upon advertising revenue need to find a balance between targeted ads and respect for user privacy. If I log into their services I expect personalized weather, sports, stock and targeted advertising.

If I simply click a link that leads to a Yahoo! asset, they should respect my choice, do not track, and present ads that may not be tailored, but still support Yahoo's valuable services.

Every day I receive non-targeted ads in my physical mailbox. Pizzas, manicures and concerts from the latest bands. Clearly this generates revenue and costs significantly more than delivering a banner ad.

I am not a piece of meat to be sent to market. Respect my choices and adapt your business model. I am happy to buy products and happy to pay for the services I receive.

Proof? Follow me on App.Net. If you care about your privacy, insist that companies honor your preferences and don't patronize those who don't.

And to Yahoo!: If you want to talk big about privacy, put your money where your mouth is. I don't begrudge you your methods, but respect my choices. Microsoft fairly presents a choice and you need to honor it or become irrelevant.

, , ,

You might like

24 Responses to Yahoo! rejects privacy arguments, ignores do not track from IE 10 users

  1. Jenn · 721 days ago

    Does anyone else notice a conflict in the above image?

    "Turn on Do Not Track in Internet Explorer"
    and
    "Let apps give you personalized content based on your PC's location, name, and account picture."

    You could say that by installing an app, you are expressly giving it permission to track you. But it is far more insidious to track my PC's location and name than to know where I went on the internet.

    Not to mention the typical and annoying, "Help improve Microsoft software, services, and location services by sending us info." I always wonder what info they're stealing off my machine.

  2. Terryphi · 720 days ago

    Yahoo already is irrelevant!

  3. Ben · 720 days ago

    Well said!

  4. JohnMWhite · 720 days ago

    Even when I log in to a service, I don't necessarily expect a personalised experience. This is particularly true of a search engine and news/information platform. I don't want to be bubbled and filtered and only ever exposed to ideas, viewpoints or products I already have demonstrated an interest in. I come to these companies for information. If I want the local weather, I'll ask for it. If I don't want to be tracked, I'll ask for that as well, and if a company says "too bad, we'll track you anyway", they have zero respect for their customers and can take a flying leap. Would a restaurant last much longer if they decided to ignore all customers who said "no thanks" to dessert?

  5. Who still use Yahoo? More and more websites are explicatively chosen to ignore the do not track claiming that Microsoft "forcing" it upon the user.

    • markstockley · 720 days ago

      Who still uses YAHOO!? Good question...

      According to Alexa YAHOO! is the world's 4th most popular website. They estimate that about 20% of web users use it on a daily basis. About 50% of that number seems to be users using YAHOO! mail - a group of users likely to revisit the site very regularly and who have entrusted it with a *awful lot* of personal information.

      By comparison Twitter is 8th and is used by about 8% of web users.

      M.

      • Wizard · 720 days ago

        Most of my older customers still use yahoo. On the other hand some of the new generations use Google or on the rare occasion bing.

        I use yahoo mail as my junk and the occasional "must register" website forums. I check my Yahoo mail once every 6 months or so and i will have no less than 5k in the spam box.

        If yahoo would keep up with the times and offer better services to the young crowd it may do better.

  6. LindaB · 720 days ago

    In Europe, we have rules that mean this ignoring of a user's stated preference is illegal. They will find the EC (European Commission) is likely to impose a fine that can be up to 50% or total revenues! That will hurt if they don't reconsider their anti-user policies.

  7. this is one of the reasons that I do not use yahoo.

  8. bvierra · 720 days ago

    The issue is that DNT was supposed to be a user choice, MS made it so that it was not. Sure it states that on 1 screen, that is a screen that 90% of people do not read. DNT was supposed to be an option the user had to enable manually, not an express option they have to disable. MS screwed over all the work going into DNT by doing this and they know it, in fact I believe they most likely did it on purpose so that they have a reason not to follow it in the future

    • Mrs. W · 719 days ago

      Why does this nearly always work in the favor of corporations, no matter what?

      If the end user doesn't read a pages-long EULA and agrees to terms they don't like, too bad. They ought to have read it.

      If they don't read a short bulleted list and agree to something that, god forbid, protects them, too bad. We don't think they read it, so we're going to ignore it.

      At some point, we must agree on what informed consent entails, and not vary that definition just because corporations whine. If Yahoo! thinks the user's consent to DNT is unenforceable, then so are their much-longer ToS and Privacy Policy. You can't have it both ways.

  9. Narlaquin · 720 days ago

    Well, even though we cool kids don't use IE10, we have parents, kids and friends that may. Can't we of the internet community stage some sort of protest, like with SOPA? Plugins for all available browsers that check a blacklist of sites like Yahoo! and adservers that won't respect DNT. The plugin could a) lie about the sort of browser being used: IE10 would become IE10DNT, FFx becomes FFxDNT etc. b) Plugin would then divert ad requests to *somewhere else* (localhost). c) Plugin could accept a message from an Apache server extension that says DNT is respected, and report to the blacklist admins for them to check out that this is actually the case, and remove the now compliant site from the blacklist after week or so "punishment".
    If baddy sites spoof the server side, then they are blacklisted for good, or until public apology,
    Any ideas, or Slashdot style "your idea won't work" forms ?

    • RMc-Canada · 719 days ago

      @Narlaquin-

      Got my first PC IN '99 & the only browser I've ever used has been Internet Explorer LOL!. I’ve never had a need to use anything different?, its just the browser to me?. No Idea why people make a fuss over a browser?, unless their only reason is to use something other then Microsoft?, maybe its as simple as that eh?.

      I Love my current IE 9. but again, for me?, its just a browser?...

      • mbutler522010 · 719 days ago

        I can't live without noscript. If IE could come up with a browser addon that would do noscript with the same ease I would switch back to IE, but for now its a nonstarter for me.

        • vbwhitehead · 718 days ago

          I couldn't agree more with every word you just said, except of course for the additional problem of DNT created by Microsoft being yet another hurdle that IE would have to overcome before I would consider using it as my default browser.

  10. Freida Gray · 720 days ago

    If any IE10 users still want to visit Yahoo sites with DNT why not get a back-up browser,install DNT on that browser,then use the back-up browser to visit Yahoo sites & visit everything else with IE10?

    • Laurence Marks · 719 days ago

      Frieday Gray wrote: "If any IE10 users still want to visit Yahoo sites with DNT why not get a back-up browser,install DNT on that browser,then use the back-up browser to visit Yahoo sites & visit everything else with IE10? "

      Pretty tough if you are a Yahoo (or AT&T or Bellsouth) mail user. Every time you receive an email containing a link you wish to follow you would have to copy it, open a different browser, and paste the link.

  11. wolsonjr · 718 days ago

    Maybe more to the point - who still uses IE?

  12. Keith · 717 days ago

    Who does and who does not use IE is not the focus of this issue. The very same could be happening with Chrome, Firefox, Safari... the issue is that Yahoo are ignoring a setting made in the browser, regardless if it was set by the user or the publisher. There is something seriously wrong that it is able to do that, regardless of who the publisher is.

    What else is Yahoo, or for that matter, Google, Bing, Ask.... or indeed ANY web site able to do to cirumvent security type settings in a browser?

    If a privacy/security setting is enabled, that should be the end of it. There should be no way to override that selection.

  13. Nigel · 717 days ago

    If Yahoo is going to be consistent with their own argument (as it is summarized in Chet's article), then essentially they've stated that they won't honor ANY browser's DNT setting, irrespective of whether it's IE10 or otherwise. I mean, if they believe so vehemently that their users' experience is "better when it is personalized", then why honor DNT under any circumstances whatsoever?

    I don't see why they would, with that attitude. I agree that their argument is disingenuous. I don't trust them. I won't use Yahoo. Period.

    • Chester Wisniewski · 717 days ago

      They are a member of the working group and are saying they will honor it as long as it has been explicitly chosen by the user. The debate is whether Windows 8 users are explicitly setting it or even if it is allowed to prompt the user to make a choice. The standard says that the default choice is "unset".

      • Nigel · 717 days ago

        Right...I do understand that. But it seems to me that Yahoo's approach simply assumes that IE10 users must have NOT explicitly chosen DNT. Rather than err in favor of users' privacy, they're trashing the DNT preference of every IE10 user who does bother to make an explicit choice. They're penalizing their own users for Microsoft's failure to adhere to the standard, an action that doesn't exactly convey the message that the Yahoo folks are looking out for their users' best interests.

        Actually, Microsoft could obliterate the controversy by simply making the DNT setting its own separate step in the first-run setup process. DNT could be "unset" by default, but users could not get past the DNT setting window without making an explicit choice. That should cut the legs out from under all arguments.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.