Q&A: How "Do Not Track" is more fig leaf than privacy tool
By Stewart Mitchell
Posted on 7 Nov 2012 at 16:00
Google today quietly slipped a Do Not Track (DNT) tool into its Chrome browser, becoming the last mainstream browser to do so.
However, the landscape for blocking behavioural advertising through such browser tools remains complicated, as advertising networks try to stave off the potentially costly effects of making it easier for people to opt out of behavioural tracking.
As it stands, all browser DNT tools are turned off by default, and advertising companies regularly ignore the requests not to track.
We spoke to privacy campaigner and University of East Anglia Law School lecturer Paul Bernal about the struggle to make DNT effective.
Q. The idea of DNT has been around a while – what's taking so long and how does it work?
A. The most direct starting point was the Phorm case. The reactions people had in Europe were legal, which brought about the cookie directive, and at the same time the reactions in the US were more self-regulatory, and DNT is driven by the industry. It's more driven by the advertisers than the browsers, but it's supposed to be co-operation between the two.
The essential idea is that the browser makers come up with a common system that will put in to page headers a system that says either “I want to be tracked” or “I don't want to be tracked” - and the advertising industry will write their pages in such a way that they obey those instructions. The instructions are built into the browser, set by the user, and advertisers agree to follow those instructions.
Q. That's unless they decide not to – as Yahoo did recently.
A. The bottom line with this is... is it by default that you do allow tracking or you don't allow tracking? At the moment, the industry very much wants a default that you do allow tracking. They know that most people never change the default, and if they keep it that way then they still get much of the data they need, because they're as much interested in general data to build up patterns as they are in specific data from one individual.
This all came to a head – they've been discussing it for a long time and it's still not been agreed – when Microsoft announced that in the new version of Internet Explorer [IE 10] it would leave DNT on by default.
As a result of that, the industry started panicking and said "if Microsoft does do that we will ignore the settings". They said they didn't believe that having it on by default was appropriate.
Yahoo's argument is that a default setting shouldn't bind them to respecting the DNT request because if it's a default setting it doesn't involve active choice.
Q. Yahoo said it thought people wanted personalisation - do you not think that's the case?
A. There are two underlying arguments that they make all the time. Advertising networks say that behavioural tracking is the only way the web can survive in its current free model, which is an argument with very little evidence either way. Academic studies show that when people know about tracking they turn it off, but the advertisers point to surveys that show users like to have adverts tailored – it all depends how you ask the question.
Many people thought that DNT was really a fig leaf, the industry paying lip service to the idea that people wanted privacy but they really only wanted to sign up to it if they knew that people would still allow themselves to be tracked - where it's off by default. When people started saying it should be on by default, companies started lobbying against it and then decided they were going to ignore it.
Q. Any other issues throwing a spanner in the works?
A. There's a big question of whether it will finally mean "do not track" or whether it means "do not target". People assume it means "do not track", which means they wouldn't track you and collect behavioural data. However, in practice it looks likely to mean "do not target", which means they would continue to gather data, but wouldn't use it to target you with advertisements while you are online. Privacy people like me think that Do Not Track should mean "Do Not Track".
There's the possibility to sell the data on to someone else, and in the US where a lot of this debate goes on they don't have data protection laws that prevent the selling of profile data. European rules might make a difference there, but they are not in force and are very much being opposed.
The Internet stops working
My experience of DNT (with IE9) is
a. you select a set of web addresses. You don't just click a "DNT" switch. So what happens with all of those web addresses NOT in the list?
b. the internet pretty much stops talking to you. So you are effectively forced to switch DNT off.
How about some discussion of these lists are rather than just pretending it's a light switch and what are people experiencing?
By JohnHo1 on 7 Nov 2012
IE10 in W8 has DNT switched on as default.
By AlphaGeeK on 8 Nov 2012
Yes, I know. So that means that the internet just sits and stares at you, rather than returning results? Have you tried to use it?
By JohnHo1 on 8 Nov 2012
All seems normal when using Chrome with DNT.
By tirons1 on 8 Nov 2012
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
- Yes, I write down my passwords
- How to make money from apps