Why 'Do Not Track' Still Doesn't Cut It - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
2/23/2012
05:17 PM
Serdar Yegulalp
Serdar Yegulalp
Commentary
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Why 'Do Not Track' Still Doesn't Cut It

A consistent standard for opting out of advertiser tracking on the Web is a nice idea. Too bad that's all it might ever be.

On paper, the Obama administration's announcement of a proposed Consumer Privacy Bill of Rights sounds like a great idea. It calls for legislation that allows attorneys general and the Federal Trade Commission to enforce how end-user privacy is protected, and for consistent transparency in how personal data is collected and used online.

After "Do Not Call", and hot on the heels of yesterday's news about California pledging better privacy protection for users of mobile apps, here's "Do Not Track".

Again, it sounds like a great idea: Click a conspicuously visible button in your browser, and third parties are automatically blocked from harvesting unwanted information from your browsing habits. What's more, it wouldn't just be a good idea--it would be mandated and protected by law.

That's the theory, anyway. The practice might turn out to be far thornier. In truth, there is no agreement or rule on what the browser is supposed to do when the user clicks the magical Do Not Track button.

The quest for a universal Do Not Track (DNT) standard has worn on for some time now, with little more than a few competing ad hoc standards to show for it. It's always been possible for end users to purge tracking cookies, use proxies, or block data harvesting with third-party add-ons. But who wouldn't be happy with a single, centralized mechanism to allow users to opt out of online tracking? (Apart from advertisers, that is?)

The problem is figuring out what that one single mechanism is, getting everyone to use it, and making sure it isn't just going to be circumvented or broken.

One of the original DNT initiatives involved using a header, broadcast by the browser, to tell Web servers that the user in question doesn't want to be tracked. A version of this proposal was floated in 2009 (as described by security researcher Christopher Soghoian), but lacked support from the very people who needed most to implement it: the advertisers. The idea also suffered from one major loophole: the burden of support was on the server side, not the client. The server didn't have to honor the header, and there was no enforceable penalty for noncompliance.

Over time the idea of a universal DNT system returned with a vengeance. The problem was, again, how to implement it, since everyone seems to have wildly different ideas--all of which put the burden of support on different parties.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll