The Trouble With Do Not Track—Will Open Standards Help?

Posted on December 3rd, 2015

12-03-15-The-Trouble-With-Do-Not-Track-Will-Open-Standards-Help

Image: Shutterstock, ra2studio

The World Wide Web Consortium (W3C), a leading standards development organization and affirming partner and signatory of the OpenStand Principles, recently unveiled a proposal that calls for ad networks and other companies to stop collecting data from users who have turned on do-not-track signals, except for auditing, security, debugging and frequency capping purposes. This proposal, spearheaded by the Tracking Protection Working Group, published a working draft last July entitled Tracking Compliance and Scope that defines the parameters under which a user’s Do Not Track (DNT) preferences may be followed.

This proposal is the result of a four-year privacy initiative from W3C and heralds an important move towards standards for do-not-track. In 2011, the Mozilla Firefox web browser featured a “do not track” (DNT) tool which was essentially a utility through which users could communicate to web sites that they did not wish to have their information stored and tracked. No doubt this seemed like a simple and elegant solution to personal privacy on the web and fellow tech companies Microsoft, Google, and Apple soon featured similar tools in their own browsers.

While providing users with a mechanism to submit DNT requests is a step in the right direction, the DNT request tools haven’t proven to be highly effective. The problem remains that there is no mechanism to ensure websites must to honor user initiated DNT requests. Companies that have elected to ignore DNT requests have justified their behavior by claiming that user-submitted DNT requests do not accurately reflect the user’s desires. This position was given some credence by Microsoft’s decision to have tracking enabled, by default, in its Internet Explorer browser. Would-be trackers claimed Microsoft’s move devalued the meaningfulness of the DNT signal by making it no longer a required user action.

W3C’s proposal seeks to address the shortcomings of existing DNT signal utilities by standardizing how such DNT requests should be interpreted. Another proposal, authored by web privacy group Electronic Frontier Foundation (EFF), goes even farther than the one proffered by W3C, stipulating that websites shouldn’t store visiting IP addresses for longer than 10 days. After that period, EFF says, the data should be “de-identified.” Several pro-privacy organizations such as analytics company Mixpanel, tracking-blocking extension AdBlock, and search engine DuckDuckGo have expressed their support of EFF’s proposal.

But what is the incentive for advertisers and web hosts to honor this new version of DNT signals? Supporters of the EFF proposal have indicated that ad blockers such as PrivacyBadger, AdBlock and Disconnect will examine publishers’ sites to see whether they say they comply with the DNT standards set out by the EFF. If so, the software will not automatically block third-party material from those sites.

Peter Eckersley, chief computer scientist at the EFF, has voiced his cautious optimism regarding the proposal’s success in light of its significant support among privacy advocates. Cooperation from ad blockers will allow users who do not wish to be tracked to have the ability to better understand how their data is being used and safeguard their information. Users who are willing to have their information tracked may be incentivized by web sites for the privilege of doing so.

Tell us what you think of new movements for “do not track” standards, and how companies and advertisers should respond to users who do not wish to be tracked. Leave us a comment and subscribe to our blog to stay informed and up to date on web privacy issues!

Posted in News