Should Browser Do Not Track Be Enabled by Default?
Microsoft Finds Itself at Odds with W3C
Despite the new age of smarter, undeletable cookies
, behavioral advertising
, deep packet inspection
, clickstream sales
and search result hijacking
, there still aren't modern consumer protection regulations in place to protect consumers from privacy abuses. Given the collective lobbying muscle of the telecom, content, and advertising industries that's not particularly surprising, given none of those sectors want real rules with any teeth. What most of them want is just a show pony, with general lip service paid to consumer protection.
Back in February the White House introduced a new privacy bill of rights
(pdf) which consists largely of a bunch of initiatives started by tech industry players, designed with the hopes of pre-empting real privacy regulations. The completely voluntary measures include adding "do not track" functionality to browsers, something Mozilla has included for some time.
Fast forward to earlier this month, when Microsoft surprised a few people by stating that Internet Explorer 10 would have come with Do Not Track Anti-behavioral advertising protection turned on by default
. That's rather surprising for a tech industry that treats consumer "opt in" requirements like they were the bubonic plague, preferring to make customers do the leg work.
However, the latest W3C Do Not Track proposal
argues that Do Not Track should be disabled by default. In other words you've got privacy protections standards being developed that are weaker than those proposed by even Microsoft
, who took to their blog to argue that they will stick to their guns and hope the W3C changes their mind:
There has been a lot of public debate about tracking users activities on the Internet, including for the purposes of targeted advertising. Although there definitely are important benefits from targeted ads, many people are not comfortable receiving them... we respectfully disagree with those who argue that the default setting for DNT should favor tracking as opposed to privacy.
Some argue that Microsoft isn't really interested in being the good guy here as much as they are just trying to give Google, whose empire is based on advertising, a quick kick to the digital posterior. Much of the debate could be moot: as it stands an enabled Do Not Track flag simply informs websites you visit that you'd prefer to not be tracked
. There's absolutely nothing in place yet to prevent websites from simply ignoring it.
W3C will will W3C will trump because they make the standards, not the other way around.
Re: W3C will will actually he who has the biggest pockets will win. W3C only creates and develops "open" standards thats it. MS is still free to leave it on.
| || |said by ArrayList:Man, in a reversal of my opinion on standards avoidance with IE 1-7, I applaud their casual disregard for the W3C standards!
W3C will trump because they make the standards, not the other way around.
| Provided the context is not crime, de facto always trumps de jure. To translate, regardless of the de jure standard (i.e. W3C), whatever is most prevalent wins (i.e. Apple, Microsoft, Google -- whichever has the greatest market share).|
When IE held 90% market share, a lot of sites only tested for IE compatibility and even used IE-only features that have never been part of any W3C standard.
In closing, if MS decides to enable this by default and IE 10 ends up attaining the greatest browser share, DNT:ON will be a de facto standard even though the de jure W3C standard is different.
Re: W3C will will The problem is that websites will be free to ignore the tag for IE visitors and still claim to be W3C no-track compliant.
Re: W3C will will then those websites should be free to do so if they wish. Why do we need some "group" such as the W3C stating what needs to be done and not. If the market wants this turned on my default then it should be allowed and any "group" should screw off from that product.
Re: W3C will will I agree that they should be free to do so if they wish. But if people see W3C do-not-track compliance as a "good thing" that they want the sites they visit to have, then MS might be forced to back off. It comes down to IE market share versus W3C market share in the eyes of web users.
| That doesn't make sense. We're not talking about a non-standard HTML tag that only Microsoft is using. We're talking about some kind of HTTP header/cookie that tells the web site the user is saying "do not track me". As long as that header meets the W3C definition, the web site has to obey it in order to be compliant.|
The W3C is proposing that the user should have to specifically tell the browser to send the header and Microsoft is proposing that the user has to specifically tell the browser not to send the header.
IMO this isn't a standards issue. This is a user-preference issue. The fact that the W3C is recommending off by default is probably rooted in them wanting the feature to succeed and be slowly accepted rather than be out-of-the-gate disruptive. Disruptive usually has a bad aftertaste and this may hamper adoption and compliance efforts.
I have read the reason Microsoft wants it on by default as probably rooted in sticking it to Google.
If during installation all browsers told the user that the browser can send information to web sites that tells them not to track your on-line activity. Do you want to enable this feature or disable this feature?
Even if web sites aren't forced to comply, who wouldn't error on the side of saying "don't track me" even if only half the web sites honored it?
Re: W3C will will Google, Yahoo, and Adobe have already made the argument that websites could ignore opt-outs from IE users if the feature is turned on by default.
Re: W3C will will Then what does "compliance" mean? I'm just not following what you are trying to say. In your reply to my post you said web sites could ignore IE's settings and still be compliant.
Either they ignore the user's request to not be tracked or they don't. They cannot choose to ignore IE just because Microsoft decided to enable the do not track setting by default. That could be what the user wants or it could be due to Microsoft's default. There's no way for them to know and hence, they cannot simply ignore it and still comply with the W3C proposal.
This reminds me the variable speed-limit signs (based on congestion) on I-270 in St. Louis. First it was a "limit" for which you could be ticketed. When they discovered that this was impossible to enforce (likely because someone successfully challenged it in court -- the limit would dynamically change and if you missed it, you had no idea what the limit was until the next sign which could be several miles), they changed it to a "recommended" speed. Translation: It's completely ignored and folks pretty much drive whatever speed they want. They are speeding if they exceed the static 60mph limit but they are not speeding if they exceed the variable recommended limit.
This is an example of a reasonable idea but it has no teeth so there can be no compliance violations (i.e. no tickets). Bottom line: It's stupid and they should just remove the LED signs and use them somewhere else. Perhaps a school zone whose speed changes on time of day. That's enforceable.
Re: W3C will will By compliance, I mean that website owners could claim to respect the W3C do-not-track tag, while completely ignoring the request from those using IE. Since it's trivial to detect which browser is being used, it would be simple to do. I'm not sure why you say that they cannot choose to ignore IE, they surely could.
Re: W3C will will We need to be careful not to mix the preference domain and the functional domain. The function of the do-not-track feature does not depend on the feature's default user preference. A site can either ignore it or honor it. That would be the definition of objective compliance.
I agree that web sites could/want to mix the preference domain and the functional domain but that would be like racial profiling. Because the do-not-track use case doesn't require discrimination of the browser version for proper function, all browers are equal. If not, compliance is subjective and meaningless.
In Other Words How DARE Microsoft stand up for the consumer (something which, surprisingly, the Mozilla Foundation does NOT do with Firefox; however, Firefox recoders the Waterfox Project *does* do). The anti-Microsoft bias is threatening my Wellies....
sign me up! I'll be sure to opt in immediately, because I like them tracking me so they can pimp their unwanted products and services to me. Heck, I'll publish my home phone number on web sites so telemarketers can call me too.
If you really want to see what's going on, install the extension Ghostery, and be prepared to be be shocked.
Use a "Do not track plus" addon in Firefox and Chrome
quote:So, make it non-voluntary. I use the "Do Not Track Plus" addon in both Firefox & Chrome and also use "Ad Block Plus" in both browsers. "Do not track plus" also has addons for IE & Safari. Between the 2 of them no tracking is allowed by websites I visit for about 99% of ad networks, social networks, etc.
Do Not Track flag simply informs websites you visit that you'd prefer to not be tracked. There's absolutely nothing in place yet to prevent websites from simply ignoring it.
Re: Use a "Do not track plus" addon in Firefox and Chr Nice try, Ron Paul
Re: Use a "Do not track plus" addon in Firefox and Chr Right - I thought Republicans were all about freedom and choice, vs. government rules.
Re: Use a "Do not track plus" addon in Firefox and Chr
said by en103:Non-voluntary as in use a widely available tool to do it for yourself. Not non-voluntary as make it a law to force it.
Right - I thought Republicans were all about freedom and choice, vs. government rules.
With the tool, you don't have to depend on the web site honoring a request they may or may not honor.
And? there still aren't modern consumer protection regulations in place to protect consumers from privacy abuses
When has the solution to a problem ever been "add more government?"
If you can't open it, you don't own it.
said by Cabal:I don't know... when we started commercial flying and created the FAA, when we discovered the RF spectrum and created the FCC, when we discovered nuclear isotopes and created the NRC. This list goes on, the world's more complicated than "all government bad" or "all government good".
When has the solution to a problem ever been "add more government?"
Re: And? We didn't create the FCC for RF Spectrum. FCC was created for the radio stations. Was designed for policing pirate radio stations. Nothing more. Over years it has been given more power- and tries to take more than they have up long ago.
And as far as some government its not needed.
Re: And? Say what now? Radio is part of the RF spectrum. Fighting "pirate radio stations" means allocating spectrum and preventing transmission from users who use spectrum they are not licensed to use. This actually all happened decades before the FCC (which was created in 1934) and even the Federal Radio Commission (created in 1926), when the Radio Act of 1912 was passed, but the purpose was to allocate spectrum instead of allowing it to be a free-for-all.
Though not so much about privacy... ALWAYS, oops, Always, even now, IE (internet options) by DEFAULT has had Empty Temporary items unchecked.
This always the first location you find the malware/spyware and payloads hiding before it hits the system (and cache/restore area).
If every IE had this on by default (majority of surfers not on dialup...that is what this was for...to cache frequent items...which change anyway...).
Hey Microsoft, fix this! :P
(Have nice day)
Re: Though not so much about privacy... they are- IE 10.
South Bend, IN
If not I will block it manually.
We promise "on by default" may be well intentioned yet it essentially tells media companies they can't track ANYONE. Unless ultimately backed by threat of violence (legislation) I don't see the angle by which this would be agreeable on a voluntary basis.
When "off by default" unfortunately few who would know or care to turn it on might be deemed an acceptable loss. In return media would secure some cover from legislation and public objection to being constantly stalked by media companies everywhere they go on the Internet.
I suppose the amusing scenario would be to have it off by default. Wait a couple years, pass legislation codifying the tracking rules THEN update all browsers to on by default.
Personally I think all of it is a bad idea.
I prefer technical solutions to deny stalkers access to information rather than more laws governing the Internet or evil bits with no bite.