Q&A: How "Do Not Track" is more fig leaf than privacy tool
By Stewart Mitchell
Posted on 7 Nov 2012 at 16:00
Google today quietly slipped a Do Not Track (DNT) tool into its Chrome browser, becoming the last mainstream browser to do so.
However, the landscape for blocking behavioural advertising through such browser tools remains complicated, as advertising networks try to stave off the potentially costly effects of making it easier for people to opt out of behavioural tracking.
As it stands, all browser DNT tools are turned off by default, and advertising companies regularly ignore the requests not to track.
We spoke to privacy campaigner and University of East Anglia Law School lecturer Paul Bernal about the struggle to make DNT effective.
Q. The idea of DNT has been around a while – what's taking so long and how does it work?
A. The most direct starting point was the Phorm case. The reactions people had in Europe were legal, which brought about the cookie directive, and at the same time the reactions in the US were more self-regulatory, and DNT is driven by the industry. It's more driven by the advertisers than the browsers, but it's supposed to be co-operation between the two.
The essential idea is that the browser makers come up with a common system that will put in to page headers a system that says either “I want to be tracked” or “I don't want to be tracked” - and the advertising industry will write their pages in such a way that they obey those instructions. The instructions are built into the browser, set by the user, and advertisers agree to follow those instructions.
Q. That's unless they decide not to – as Yahoo did recently.
A. The bottom line with this is... is it by default that you do allow tracking or you don't allow tracking? At the moment, the industry very much wants a default that you do allow tracking. They know that most people never change the default, and if they keep it that way then they still get much of the data they need, because they're as much interested in general data to build up patterns as they are in specific data from one individual.
This all came to a head – they've been discussing it for a long time and it's still not been agreed – when Microsoft announced that in the new version of Internet Explorer [IE 10] it would leave DNT on by default.
As a result of that, the industry started panicking and said "if Microsoft does do that we will ignore the settings". They said they didn't believe that having it on by default was appropriate.
Yahoo's argument is that a default setting shouldn't bind them to respecting the DNT request because if it's a default setting it doesn't involve active choice.
Q. Yahoo said it thought people wanted personalisation - do you not think that's the case?
A. There are two underlying arguments that they make all the time. Advertising networks say that behavioural tracking is the only way the web can survive in its current free model, which is an argument with very little evidence either way. Academic studies show that when people know about tracking they turn it off, but the advertisers point to surveys that show users like to have adverts tailored – it all depends how you ask the question.
Many people thought that DNT was really a fig leaf, the industry paying lip service to the idea that people wanted privacy but they really only wanted to sign up to it if they knew that people would still allow themselves to be tracked - where it's off by default. When people started saying it should be on by default, companies started lobbying against it and then decided they were going to ignore it.
Q. Any other issues throwing a spanner in the works?
A. There's a big question of whether it will finally mean "do not track" or whether it means "do not target". People assume it means "do not track", which means they wouldn't track you and collect behavioural data. However, in practice it looks likely to mean "do not target", which means they would continue to gather data, but wouldn't use it to target you with advertisements while you are online. Privacy people like me think that Do Not Track should mean "Do Not Track".
There's the possibility to sell the data on to someone else, and in the US where a lot of this debate goes on they don't have data protection laws that prevent the selling of profile data. European rules might make a difference there, but they are not in force and are very much being opposed.
Is your business a social business? For helpful info and tips visit our hub.
The Internet stops working
My experience of DNT (with IE9) is
a. you select a set of web addresses. You don't just click a "DNT" switch. So what happens with all of those web addresses NOT in the list?
b. the internet pretty much stops talking to you. So you are effectively forced to switch DNT off.
How about some discussion of these lists are rather than just pretending it's a light switch and what are people experiencing?
By JohnHo1 on 7 Nov 2012
IE10 in W8 has DNT switched on as default.
By AlphaGeeK on 8 Nov 2012
Yes, I know. So that means that the internet just sits and stares at you, rather than returning results? Have you tried to use it?
By JohnHo1 on 8 Nov 2012
All seems normal when using Chrome with DNT.
By tirons1 on 8 Nov 2012
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs