Google, MS, Mozilla: Three 'Do Not Tracks' to woo them all
So many ways to do one simple thing
With the arrival of Microsoft's IE9 release candidate, we now have three separate "do not track" mechanisms from three separate browsers makers. There's room for them all. But it would be nice if we could agree a single mechanism that makes it as easy as possible for netizens to sidestep behavioral ad tracking, as the US Federal Trade Commission has requested.
In a December report on web privacy, the FTC recommended a "simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads". The most practical method, the commission said, would "involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads".
Mozilla has already built such a mechanism into the latest Firefox beta: a "Do Not Track" http header that lets netizens tell the world they don't want to be tracked. All that's left is for websites and ad networks to actually recognize the thing – and for other browser makers to adopt it too.
Neither is on the immediate horizon. Mozilla only proposed its DNT header last month, and the open source outfit is still in the early stages of sweet-talking the rest of the web. "Mozilla has garnered support from a number of stakeholders, starting with our users and developers," Mozilla global privacy and public policy leader Alex Fowler tells The Reg. "We continue to engage with key players in the online advertising industry and are seeing strong interest in server-side implementations of the DNT header."
Meanwhile, both Google and Microsoft have rolled out their own do-not-track mechanisms. Hours after Fowler and Mozilla unveiled their proposal, Google released a Chrome extension that lets you opt-out of tracking cookies from multiple advertising networks, including the web's top 15. It works even if you regularly clear your cookies.
Of course, Google is among those running the top 15 ad networks. This is very much a case of self-regulation, and it's not much of a change from what has come before.
Following the debut of Google's 2009 behavioral-advertising setup, privacy crusader Christopher Soghoian introduced a Firefox plug-in that maintained opt-outs for 27 separate behavioral ad networks. He called it the Targeted Advertising Cookie Opt-Out project – or TACO for short. It has since expanded to countless other networks and spawned a sister project, Beef TACO. As Soghoian tells The Reg, Google's "Keep My Opt Outs" extension is merely another TACO.
"Had this come out back in March of 2009, it would be innovative. However, at this point, it is rather pathetic," he tells The Reg. "Google needs to come up with quite a bit more if it wants to be able to claim that it is innovating on privacy. Instead, it appears to be doing the minimum possible to try and keep regulators off its back."
The extension is limited to participating ad networks, and it requires you to, well, install an extension. It's not built into the browser proper. Like Soghoian, Mozilla sees the need for more. "Mozilla's DNT header in Firefox is intended to be a single, clear universal signal to convey users desire to opt-out of tracking," Mozilla privacy engineer Sid Stamm told us. "While hardening the cookies surely helps opt-outs persist, we think it's more appropriate to have a single universal signal for even those who aren't in the list of hardened cookies get to know the user's desire to opt out."
Microsoft uses a third method. Known as Tracking Protection Lists, it relies on predefined lists of domains known to track your behavior via ad technologies. These lists are maintained by various third-party outfits, and the user is free to choose from among them. Microsoft has already submitted this method to the W3C in the hopes of turning it into a standard.
Mozilla's method is simpler. There's less for the user to wrap his head around. But Mozilla is requiring the active participation of sites and ad networks. With Microsoft's method, third-parties decide what should be blocked.
In typical fashion, Mozilla believes the best route is to get everyone to play nicely together. "We believe the major players in the display advertising business will honor consumers' choice for privacy (as witnessed in the NAI opt out program and others), and we would like to allow them that opportunity by letting consumers convey their choice through our HTTP header," Stamm says.
"Advertisements are a constructive part of the Web ecosystem, and we think blocking ads outright is too detrimental to the Web; instead, we would like to pursue a solution where users and advertising networks can work in concert (instead of in conflict) to balance value with consumers' privacy choices."
As Stamm points out, the Mozilla and Microsoft methods can coexist. And they will. Both have their merits. Microsoft's method actually works – right now – and Mozilla should be applauded for working to get everyone on the same page. But for the moment, they're not. ®
To be honest the whole tracking thing is just the oily scum on a very deep, fetid cesspool. In their apparent desperation to shove some shouty, flashing, insistent ad on whatever bit of the page you happen to look, advertisers make themselves their own worst enemy, turning their 'victims' off in droves and pushing adblock plus downloads through the roof, at 850,000 a week its far and away the most popular Firefox download.
If ad networks could engage their brains and back off a bit, refraining from acting like a small yappy dog insistently trying to fuck the hole in your tennis shoe, the viewing public might not spend so much time studiously trying to avoid them like a dose of the clap.
They should learn from another group of parasites, viruses. Any virus too enthusiastic in doing its thing is going to kill its host, denying itself the opportunity to spread. Less sometimes really is more; ITV's increasing rapid demise is only accelerated by treating every theatrical pause in their (alleged) dramas as an ideal opportunity to pimp more banal shit at you at double the volume of the so-called programme. Surprise, surprise, you hit the mute button.
The whole track/advertise/avoid business is becoming an arms race, and despite current appearances to the contrary, I don't really think its one the ad networks will ultimately win.
Even if all 3 got adopted, you can expect a lot of the add networks to just find some other way to track people. For this to work, a legal hammer (as in jail time + fines, not one or the other, both) was over the head of those who cheat.
I think the fact that these "do not track" mechanisms are being thought about shows that there is a more fundamental problem here. Even if these schemes work, are they really the answer? The real solution is that web sites should not be tracking anyone. And, as you suggest, legislation is probbaly the only way to make this happen.