Privacy-minded tech companies and nonprofit groups launched an ambitious attempt Monday to give Internet users greater control over the data they share online.
The coalition, led by the Electronic Frontier Foundation, proposed uniform standards spelling out precisely what it means when an Internet user indicates they don’t want to be tracked.
This singular standard, its advocates hope, will help people avoid some of the omnipresent data collection that has become the hallmark of modern Web services, without requiring those people to cut themselves off from the advertising that powers nearly every online service.
Do Not Track, first proposed by a trio of activist computer scientists in 2009, is a system built into web browsers that sends a message to websites requesting that they don’t collect personal information from that user.
Compliance with the request is entirely voluntary, so sites can chose to ignore it. Some major sites, like Twitter, comply with Do Not Track requests, but most others simply ignore it, preferring to prioritize the revenue generated by precise advertising over the expressed wishes of their users.
Do Not Track is an option on all major web browsers, but as of last September, slightly more than 8 percent of Firefox users had enabled it.
The new coalition supporting Do Not Track includes not just consumer groups like the EFF but also the privacy-minded search engine DuckDuckGo, the publishing platform Medium, the web-analytics platform Mixpanel, and the popular ad-filtering browser extension AdBlock.
The goal of the tracking standard is to give Internet users greater control over their online footprint. It’s a noble idea, but its implementation has been tricky. The coalition’s new standards were designed to address these deployment issues.
One of the major problems with the tracking standard is that a user’s precise intent in enabling the feature has never been clear. When Yahoo announced that it would no longer honor users’ Do Not Track requests, it cited this uncertainty as a justification.
When the World Wide Web Consortium, an international group that defines major Web standards, looked into the issue, the advertising industry argued that Do Not Track should still let them collect all their data. The feature, they said, should simply prevent from using collected information to show targeted ads to people who had enabled it.
While that was a relatively straightforward solution, at least from a technical standpoint, it left consumers with the worst of both worlds. Companies continued to collect their data, but they no longer received the modest benefit of seeing ads targeted to their specific interests.
The new Do Not Track standard spells out precisely what happens when someone using the feature visits a website. That site won’t collect user identifiers like cookies, “supercookies,” or other fingerprints. It will delete their IP addresses as soon as is feasible. If it contains third-party applications that collect user data, or if it is required by law to collect personal information, users who have opted out of tracking will be immediately notified of this fact.
The standard does allow some data to be collected and shared, including aggregate records of readership patterns and statistical models of user behavior, as long as that information is sufficiently anonymized to prevent individual identification.
Casey Oppenheim, CEO of the online privacy firm Disconnect, insisted in an interview with the Daily Dot that a clear standard was crucial to drawing the line between users protecting their privacy from advertisers and users blocking advertising across the board.
Disconnect offers a suite of products allowing users to browse and search the Web without being tracked, by filtering out the thousands upon thousands of invisible tracking requests made by nearly every website. In many cases, the only way Disconnect—and similar tools like the EFF’s Privacy Badger—can stop trackers is by blocking advertisements entirely.
“Disconnect has been accused at various points of being an ad blocker,” Oppenheim told the Daily Dot. “We’ve resisted that because we think advertising really important for the future of the web. We don’t just want to block advertisement.
“The point of our product isn’t just to block ads,” Oppenheim said. “The problem is that, a lot of times, we can’t block tracking requests without blocking advertisements.”
Oppenheim said that, if a site indicated that it would abide by the new standard, programs like Disconnect could effectively place it on a white list, allowing its advertisements through because the software recognized that the site was honoring no-tracking requests.
In an email to the Daily Dot, EFF Chief Computer Scientist Peter Eckersley said that the possibility of fewer users blocking their ads would convince the major ad networks, which have largely ignored Do Not Track, to finally adopt the new standards.
“We believe that this policy is coupled with meaningful incentives for companies of many sizes and types to implement DNT,” wrote Eckersley. “By doing so, they will have an opportunity to interact with a large population of browsers that would otherwise be blocking that content altogether. We think this will close the incentives gap that has thus far prevented many web publishers, advertisers and analytics companies from investing in privacy enhancing technologies.”
Internet companies have always been afraid of tools like Disconnect effectively turning into ad blockers and disrupting their bottoms lines. That fear is likely to grow more pressing as interest in privacy tools expands in the wake of NSA contractor Edward Snowden‘s revelations, which made Internet users more conscious of their online privacy and the myriad threats to it.
In a recent Pew survey, 93 percent of American adults said it was important that they be able to control who received information about them online.
Photo by Lisa Plummer/Flickr (CC BY SA 2.0)