Technology News

latest updates from easySERVICE™

The browser privacy system is in tatters, and most websites either don’t honor DNT or interpret it in different ways

Web browser

In 2009, a few Internet privacy advocates developed an idea that was supposed to give people a way to tell websites they don’t want to be monitored as they move from website to website. The mechanism, which would eventually be built into all the major browsers, was called Do Not Track.

With a single browser setting, these advocates thought, users would be able to communicate a preference for their privacy. It would be easier than downloading add-on software or creating a blacklist of specific companies to block. Do Not Track, or DNT, would be the Web’s version of the telemarketer Do Not Call list.

But today, DNT hangs by a thread, neutered by a failure among stakeholders to reach agreement. Yes, if you turn it on in your browser, it sends a signal in the form of an HTTP header to Web companies’ servers. But it probably won’t change what data they collect.

That’s because most websites either don’t honor DNT — it’s currently a voluntary system — or they interpret it in different ways. Another problem — perhaps the biggest — is that Web companies, ad agencies and the other stakeholders have never reached agreement on what “do not track” really means.

“It was conceived to be a uniform signal,” said Sid Stamm, one of DNT’s three founders. But, “part of the problem is there’s a wide range of expectations,” said Stamm, who is senior manager of security and privacy engineering at Mozilla. Mozilla’s Firefox browser has the DNT tool, as do Safari, Internet Explorer, Chrome and Opera.

Web users who are hopeful about DNT got a small boost Wednesday in California. State Attorney General Kamala Harris issued guidelines to help companies comply with a new state law requiring them to disclose whether they honor users’ DNT requests. But the law doesn’t force them to use the system.

Today, with the exception of a few companies that act on DNT requests, its inclusion in browsers is essentially cosmetic. “The original idea was to replace a variety of opt-out mechanisms with a browser preference,” said Arvind Narayanan, a computer science professor at Princeton who worked with others on developing a standard around DNT. “But opt out of what? That’s where there’s disagreement,” he said.

Is the user opting out of being tracked altogether, being tracked for advertising purposes, or being tracked for some other reason? There is no agreement among those involved.

Some experts say DNT should focus on third-party cookies. When someone visits Facebook, for instance, it uses cookies to keep track of how the person uses the site, to provide various features around security and advertising. But Facebook also runs an advertising exchange that works with other firms to deliver ads to Facebook users based on what they do outside the social network.

It’s those third-party ad companies that should be the targets of DNT’s signal, some experts say. They include names like AppNexus, BlueKai and Conversant.

But because big online firms like Google, Yahoo and Facebook also run ad exchanges that place ads across the wider Web, DNT might apply to them too.

The whole thing is a mess. Yahoo recently said it would no longer honor the DNT signal, citing the lack of “a single standard that is effective, easy to use and has been adopted by the broader tech industry.” Instead, Yahoo says its users can manage their privacy settings themselves with tools on its site.

It’s hard to get a firm count on how many companies honor, in some way, DNT. DoNotTrack.Us, a website maintained by Stanford researcher Jonathan Mayer and Princeton’s Narayanan, pegs the number at under two dozen, though the list is not regularly updated.

But maybe the list should be empty. “There is no such thing as Do Not Track right now,” said Mike Zaneis, executive vice president, public policy, and general counsel at the Interactive Advertising Bureau. “It’s a gimmicky marketing term,” he said.

Twitter and Pinterest are two of the few household names on the “good actor” list, which is reflected in their privacy policies.

Money could also be driving companies’ refusal to honor DNT, given that their businesses largely run on ad dollars. Delivering ads to the right people at the right time is harder if they’re hiding from you.

“DNT isn’t being honored because advertising companies like Yahoo just don’t care very much about user privacy, or haven’t been forced to care,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation, via email. Eckersley is also someone who has worked on the DNT technology to develop a standard, so far to no avail.

There are plenty of other privacy-themed browser extensions, search engines and even social networks out there now, designed to block tracking and targeted ads. The browser extensions, likeGhostery or AdBlock Plus, are designed to automatically prevent the person’s browser from connecting to ad companies’ servers.

Research conducted by Evidon, which makes Ghostery, shows these tools are better at keeping users anonymous than DNT. They work better because using them is like locking your house, versus putting a sign in your yard that says, “keep out,” said Princeton’s Narayanan.

The future doesn’t look bright for DNT. Progress toward a standard has been slow. The World Wide Web Consortium recently published a paper aimed at a standard, but it’s long overdue.

The Electronic Frontier Foundation has voiced fears that any standard that does come about may be so watered down that it won’t have any real protections. If there is a stronger standard, regulatory action could be the only thing to get companies to comply.

Chris Soghoian, an Internet privacy researcher and activist who led much of the original development of DNT, foresaw the challenges from the get-go.

“The technology behind implementing the Do Not Track header is trivially easy,” he wrote in a blog post in 2011. The more complex problem revolves around what ad networks should do when they receive the header, he said, which is “very much still up in the air.”

Three years later, that problem persists.

Source: Associated press


One comment on “The browser privacy system is in tatters, and most websites either don’t honor DNT or interpret it in different ways

  1. StellarPhoenixS
    August 20, 2014

    Reblogged this on Stellar Phoenix Solutions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


This entry was posted on May 22, 2014 by in Internet, Security and tagged , .
%d bloggers like this: