Google, MS, Mozilla: Three 'Do Not Tracks' to woo them all

So many ways to do one simple thing

Build a business case: developing custom apps

With the arrival of Microsoft's IE9 release candidate, we now have three separate "do not track" mechanisms from three separate browsers makers. There's room for them all. But it would be nice if we could agree a single mechanism that makes it as easy as possible for netizens to sidestep behavioral ad tracking, as the US Federal Trade Commission has requested.

In a December report on web privacy, the FTC recommended a "simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads". The most practical method, the commission said, would "involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads".

Mozilla has already built such a mechanism into the latest Firefox beta: a "Do Not Track" http header that lets netizens tell the world they don't want to be tracked. All that's left is for websites and ad networks to actually recognize the thing – and for other browser makers to adopt it too.

Neither is on the immediate horizon. Mozilla only proposed its DNT header last month, and the open source outfit is still in the early stages of sweet-talking the rest of the web. "Mozilla has garnered support from a number of stakeholders, starting with our users and developers," Mozilla global privacy and public policy leader Alex Fowler tells The Reg. "We continue to engage with key players in the online advertising industry and are seeing strong interest in server-side implementations of the DNT header."

Meanwhile, both Google and Microsoft have rolled out their own do-not-track mechanisms. Hours after Fowler and Mozilla unveiled their proposal, Google released a Chrome extension that lets you opt-out of tracking cookies from multiple advertising networks, including the web's top 15. It works even if you regularly clear your cookies.

Of course, Google is among those running the top 15 ad networks. This is very much a case of self-regulation, and it's not much of a change from what has come before.

Following the debut of Google's 2009 behavioral-advertising setup, privacy crusader Christopher Soghoian introduced a Firefox plug-in that maintained opt-outs for 27 separate behavioral ad networks. He called it the Targeted Advertising Cookie Opt-Out project – or TACO for short. It has since expanded to countless other networks and spawned a sister project, Beef TACO. As Soghoian tells The Reg, Google's "Keep My Opt Outs" extension is merely another TACO.

"Had this come out back in March of 2009, it would be innovative. However, at this point, it is rather pathetic," he tells The Reg. "Google needs to come up with quite a bit more if it wants to be able to claim that it is innovating on privacy. Instead, it appears to be doing the minimum possible to try and keep regulators off its back."

The extension is limited to participating ad networks, and it requires you to, well, install an extension. It's not built into the browser proper. Like Soghoian, Mozilla sees the need for more. "Mozilla's DNT header in Firefox is intended to be a single, clear universal signal to convey users desire to opt-out of tracking," Mozilla privacy engineer Sid Stamm told us. "While hardening the cookies surely helps opt-outs persist, we think it's more appropriate to have a single universal signal for even those who aren't in the list of hardened cookies get to know the user's desire to opt out."

Microsoft uses a third method. Known as Tracking Protection Lists, it relies on predefined lists of domains known to track your behavior via ad technologies. These lists are maintained by various third-party outfits, and the user is free to choose from among them. Microsoft has already submitted this method to the W3C in the hopes of turning it into a standard.

Mozilla's method is simpler. There's less for the user to wrap his head around. But Mozilla is requiring the active participation of sites and ad networks. With Microsoft's method, third-parties decide what should be blocked.

In typical fashion, Mozilla believes the best route is to get everyone to play nicely together. "We believe the major players in the display advertising business will honor consumers' choice for privacy (as witnessed in the NAI opt out program and others), and we would like to allow them that opportunity by letting consumers convey their choice through our HTTP header," Stamm says.

"Advertisements are a constructive part of the Web ecosystem, and we think blocking ads outright is too detrimental to the Web; instead, we would like to pursue a solution where users and advertising networks can work in concert (instead of in conflict) to balance value with consumers' privacy choices."

As Stamm points out, the Mozilla and Microsoft methods can coexist. And they will. Both have their merits. Microsoft's method actually works – right now – and Mozilla should be applauded for working to get everyone on the same page. But for the moment, they're not. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story


7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?