Google, MS, Mozilla: Three 'Do Not Tracks' to woo them all

So many ways to do one simple thing

With the arrival of Microsoft's IE9 release candidate, we now have three separate "do not track" mechanisms from three separate browsers makers. There's room for them all. But it would be nice if we could agree a single mechanism that makes it as easy as possible for netizens to sidestep behavioral ad tracking, as the US Federal Trade Commission has requested.

In a December report on web privacy, the FTC recommended a "simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads". The most practical method, the commission said, would "involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads".

Mozilla has already built such a mechanism into the latest Firefox beta: a "Do Not Track" http header that lets netizens tell the world they don't want to be tracked. All that's left is for websites and ad networks to actually recognize the thing – and for other browser makers to adopt it too.

Neither is on the immediate horizon. Mozilla only proposed its DNT header last month, and the open source outfit is still in the early stages of sweet-talking the rest of the web. "Mozilla has garnered support from a number of stakeholders, starting with our users and developers," Mozilla global privacy and public policy leader Alex Fowler tells The Reg. "We continue to engage with key players in the online advertising industry and are seeing strong interest in server-side implementations of the DNT header."

Meanwhile, both Google and Microsoft have rolled out their own do-not-track mechanisms. Hours after Fowler and Mozilla unveiled their proposal, Google released a Chrome extension that lets you opt-out of tracking cookies from multiple advertising networks, including the web's top 15. It works even if you regularly clear your cookies.

Of course, Google is among those running the top 15 ad networks. This is very much a case of self-regulation, and it's not much of a change from what has come before.

Following the debut of Google's 2009 behavioral-advertising setup, privacy crusader Christopher Soghoian introduced a Firefox plug-in that maintained opt-outs for 27 separate behavioral ad networks. He called it the Targeted Advertising Cookie Opt-Out project – or TACO for short. It has since expanded to countless other networks and spawned a sister project, Beef TACO. As Soghoian tells The Reg, Google's "Keep My Opt Outs" extension is merely another TACO.

"Had this come out back in March of 2009, it would be innovative. However, at this point, it is rather pathetic," he tells The Reg. "Google needs to come up with quite a bit more if it wants to be able to claim that it is innovating on privacy. Instead, it appears to be doing the minimum possible to try and keep regulators off its back."

The extension is limited to participating ad networks, and it requires you to, well, install an extension. It's not built into the browser proper. Like Soghoian, Mozilla sees the need for more. "Mozilla's DNT header in Firefox is intended to be a single, clear universal signal to convey users desire to opt-out of tracking," Mozilla privacy engineer Sid Stamm told us. "While hardening the cookies surely helps opt-outs persist, we think it's more appropriate to have a single universal signal for even those who aren't in the list of hardened cookies get to know the user's desire to opt out."

Microsoft uses a third method. Known as Tracking Protection Lists, it relies on predefined lists of domains known to track your behavior via ad technologies. These lists are maintained by various third-party outfits, and the user is free to choose from among them. Microsoft has already submitted this method to the W3C in the hopes of turning it into a standard.

Mozilla's method is simpler. There's less for the user to wrap his head around. But Mozilla is requiring the active participation of sites and ad networks. With Microsoft's method, third-parties decide what should be blocked.

In typical fashion, Mozilla believes the best route is to get everyone to play nicely together. "We believe the major players in the display advertising business will honor consumers' choice for privacy (as witnessed in the NAI opt out program and others), and we would like to allow them that opportunity by letting consumers convey their choice through our HTTP header," Stamm says.

"Advertisements are a constructive part of the Web ecosystem, and we think blocking ads outright is too detrimental to the Web; instead, we would like to pursue a solution where users and advertising networks can work in concert (instead of in conflict) to balance value with consumers' privacy choices."

As Stamm points out, the Mozilla and Microsoft methods can coexist. And they will. Both have their merits. Microsoft's method actually works – right now – and Mozilla should be applauded for working to get everyone on the same page. But for the moment, they're not. ®

Sponsored: 5 critical considerations for enterprise cloud backup