Chris Soghoian’s Cool Opt-Out Plugin

by on March 19, 2009 · 31 comments

What a victory for privacy and personal responsibility is Chris Soghoian’s Targeted Advertising Cookie Opt-Out (or “TACO” – documented and downloadable here). It signals to the 27 ad networks with well-configured opt-out cookies that you don’t want them to track you.

It’s a technical solution that empowers (and places responsibility with) the user to exercise dominion over his or her personal information. No need for law and regulation. No need to go pleading to politicians and bureaucrats for help.

It’s also a little more efficient than my method of controlling tracking, which is to take a glance at cookies as Web sites ask to set them on my computer.

(The answer is usually “no,” but it’s very interesting to see who all wants to get a glance at me when I visit any site. It’s a lot more than just ad networks, btw. I have no idea why people think ad-network tracking is bad and tracking by others is a matter of indifference.)

Now, Chris and I always find something to disagree about, so for good measure I’ll note that I disagree with his goal of switching targeted advertising from opt-out to opt-in.

Cookies are the wrong mechanism for universal opt-out, he correctly notes, and an opt-out HTTP header, were one adopted, would be switched on by default, so the big players won’t go there. “The only way we will get an easy to use, built-into the browser solution,” he concludes, “will be if government regulators get involved. FTC staffers — are you listening?”

Actually, an easy to use, built-into-the-browser solution is right there. In Firefox, it’s Tools > Options > Privacy > uncheck “Accept cookies from sites” or “Accept third-party cookies” (or further define what you want done with cookies). In Internet Explorer, it’s Tools > Internet Options > Privacy > Advanced > select “Override automatic cookie handling” and define what you want done.

A lot of folks think it’s jaw-droppingly difficult to look at cookies as they’re offered. It’s not. It’s easy to give cookies a quick skim as they come in. (Sometimes exercising responsibility for yourself is difficult. Walk it off.)

Now, should everyone do as I do? No. Should everyone do a Chris wants (and be untracked unless they request it)? Also, no.

The default on the street and on the Internet is for information to be available to others. If you don’t like it, you cover up your nakedness with clothes, or you figure out how to block cookies offered by sites you don’t want a relationship with. Kudos to Chris for giving people a cloak to wear, even though he advocates that regulators should tut-tut Web site operators for using their eyes to see.

  • federal

    Raivo Pommer
    raimo1@hot.ee

    EnBW Krise

    Nach der Empörung über Millionen-Zahlungen an Ex-Manager unter anderem bei der Post sorgt auch der frühere EnBW-Chef Utz Claassen mit einer Pensionsklage für Aufsehen.

    Der 45-Jährige verklagt seinen früheren Arbeitgeber, der die Zahlungen seines Übergangsgeldes zum Dezember 2008 eingestellt hatte. Claassen arbeite seit seinem Abschied von dem Stromkonzern für den Finanzinvestor Cerberus, erklärte ein Sprecher der EnBW am Donnerstag. Mit Aufnahme dieser Tätigkeit sei “der Grund für die Zahlung des Übergangsgelds entfallen”, bestätigte er einen Bericht der “Financial Times Deutschland”. Claassen habe der EnBW zudem noch keine konkreten Angaben über die Höhe seiner derzeitigen Vergütung gemacht. Der Manager hatte die EnBW nach vierjähriger Amtszeit zum Oktober 2007 verlassen.

    Dagegen sagte der Anwalt Claassens, Klaus Menge, sein Mandant erhalte als selbstständiger Unternehmensberater lediglich Honorare. Laut Dienstvertrag mit der EnBW würden die Zahlungen allerdings erst eingestellt, sobald Claassen ein “Gehalt, Tantiemen oder Ruhegehalt bezieht oder das Gehalt einen bestimmten Betrag übersteigt”, sagte der Jurist der Deutschen Presse-Agentur dpa. “Von Einkünften ist in dem Werk nicht die Rede”, sagte Menge. Außerdem habe die EnBW kein Recht auf Einsicht in die finanzielle Situation Claassens. Nach seinen Einkünften habe sie vor der Einstellung der Zahlungen nicht konkret gefragt.

  • http://techliberation.com/author/berinszoka/ Berin Szoka

    I've suspected for some time that Jim doesn't read the TLF and now I know it's true. For if Jim had read my post about this issue last week, he would have seen that we actually proposed just such a plug-in!

    http://techliberation.com/2009/03/13/google-cdt

  • dimitris

    How is this, in a practical sense, “new” in the face of Adblock and its whitelisting feature?

  • http://techliberation.com/author/berinszoka/ Berin Szoka

    Adblock blocks ads. This blocks cookies—and therefore blocks tracking. AdBlock blocks cookies only to the extent that the placement of cookies is requires that the ad load.

  • dimitris

    Well, it may be splitting hairs, but for google posterity if nothing else:

    My SOP for years now has been to set Firefox to always ask me what to do with cookies. With one or two work-related exceptions, the rest of the (web) world gets this treatment:

    - The vast majority of cookies are persistently (“always do this for this site”) denied.
    - When needed, cookies are accepted only for the browser session.

    This way, when advertising networks attempt to set tracking cookies, that serves as a trigger for me to enrich my AdBlock filters, before persistently denying the cookie.

    So far I haven't seen any such third-party cookies which, being blocked, have interfered with my other use of a site.

    Hence the “practical”, if not exact, equivalence.

    What would be excellent for a Firefox privacy add-on would be a feature to limit cookies to the particular tab's lifetime, similar to NoScript's temporary permission option.

  • Matt S

    I generally just set my browser to block/ignore third-party cookies. This covers 90% of the issue IMHO — first-party cookies are effectively opt-in, since you've chosen to go a particular site. It's the drive-by third-party cookies that compromise privacy.

  • http://enigmafoundry.wordpress.com eee_eff

    It’s a technical solution that empowers (and places responsibility with) the user to exercise dominion over his or her personal information. No need for law and regulation. No need to go pleading to politicians and bureaucrats for help

    Jim:

    You haven't come close to demonstrating that there is no need for regulation, just that in one particular instance someone has developed a technical work around. Big difference. When you actually demonstrate that regulation isn't required, let someone know, will you?

  • Matt S

    I generally just set my browser to block/ignore third-party cookies. This covers 90% of the issue IMHO — first-party cookies are effectively opt-in, since you've chosen to go a particular site. It's the drive-by third-party cookies that compromise privacy.

  • http://enigmafoundry.wordpress.com eee_eff

    It’s a technical solution that empowers (and places responsibility with) the user to exercise dominion over his or her personal information. No need for law and regulation. No need to go pleading to politicians and bureaucrats for help

    Jim:

    You haven't come close to demonstrating that there is no need for regulation, just that in one particular instance someone has developed a technical work around. Big difference. When you actually demonstrate that regulation isn't required, let someone know, will you?

  • dimitris

    Well, it may be splitting hairs, but for google posterity if nothing else:

    My SOP for years now has been to set Firefox to always ask me what to do with cookies. With one or two work-related exceptions, the rest of the (web) world gets this treatment:

    - The vast majority of cookies are persistently (“always do this for this site”) denied.
    - When needed, cookies are accepted only for the browser session.

    This way, when advertising networks attempt to set tracking cookies, that serves as a trigger for me to enrich my AdBlock filters, before persistently denying the cookie.

    So far I haven't seen any such third-party cookies which, being blocked, have interfered with my other use of a site.

    Hence the “practical”, if not exact, equivalence.

    What would be excellent for a Firefox privacy add-on would be a feature to limit cookies to the particular tab's lifetime, similar to NoScript's temporary permission option.

  • http://clipperhouse.com Matt Sherman

    I generally just set my browser to block/ignore third-party cookies. This covers 90% of the issue IMHO — first-party cookies are effectively opt-in, since you've chosen to go a particular site. It's the drive-by third-party cookies that compromise privacy.

  • http://enigmafoundry.wordpress.com eee_eff

    It’s a technical solution that empowers (and places responsibility with) the user to exercise dominion over his or her personal information. No need for law and regulation. No need to go pleading to politicians and bureaucrats for help

    Jim:

    You haven't come close to demonstrating that there is no need for regulation, just that in one particular instance someone has developed a technical work around. Big difference. When you actually demonstrate that regulation isn't required, let someone know, will you?

  • Pingback: Ends, Means, and One Man’s War on Advertising | The Technology Liberation Front

  • Pingback: Click World News » Blog Archive » Can Technology Solve The Privacy Questions Around Behavioral Advertising?

  • Pingback: michaelzimmer.org » NY Times on Online Data Collection and Sharing

  • Pingback: Can Technology Solve The Privacy Questions Around Behavioral Advertising? | Geek News and Musings

  • Pingback: If NCMEC’s Going to Regulate the Internet for Child Porn, It Should At Least Be Subject to FOIA

  • Pingback: nono hair removal demonstration

  • Pingback: How to Astral Project Tonight

  • Pingback: Afterburn Fuel

  • Pingback: devenir rentier

  • Pingback: topsail island real estate

  • Pingback: Check this out

  • Pingback: clark faint seo zen bonus

  • Pingback: Pension

  • Pingback: Florida Lottery

  • Pingback: Jurk Sale

  • Pingback: click

  • Pingback: premier league singapore

  • Pingback: roulette system

  • Pingback: bambole per i gemelli

Previous post:

Next post: