Google, MS, Mozilla: Three 'Do Not Tracks' to woo them all

So many ways to do one simple thing

5 things you didn’t know about cloud backup

With the arrival of Microsoft's IE9 release candidate, we now have three separate "do not track" mechanisms from three separate browsers makers. There's room for them all. But it would be nice if we could agree a single mechanism that makes it as easy as possible for netizens to sidestep behavioral ad tracking, as the US Federal Trade Commission has requested.

In a December report on web privacy, the FTC recommended a "simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads". The most practical method, the commission said, would "involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads".

Mozilla has already built such a mechanism into the latest Firefox beta: a "Do Not Track" http header that lets netizens tell the world they don't want to be tracked. All that's left is for websites and ad networks to actually recognize the thing – and for other browser makers to adopt it too.

Neither is on the immediate horizon. Mozilla only proposed its DNT header last month, and the open source outfit is still in the early stages of sweet-talking the rest of the web. "Mozilla has garnered support from a number of stakeholders, starting with our users and developers," Mozilla global privacy and public policy leader Alex Fowler tells The Reg. "We continue to engage with key players in the online advertising industry and are seeing strong interest in server-side implementations of the DNT header."

Meanwhile, both Google and Microsoft have rolled out their own do-not-track mechanisms. Hours after Fowler and Mozilla unveiled their proposal, Google released a Chrome extension that lets you opt-out of tracking cookies from multiple advertising networks, including the web's top 15. It works even if you regularly clear your cookies.

Of course, Google is among those running the top 15 ad networks. This is very much a case of self-regulation, and it's not much of a change from what has come before.

Following the debut of Google's 2009 behavioral-advertising setup, privacy crusader Christopher Soghoian introduced a Firefox plug-in that maintained opt-outs for 27 separate behavioral ad networks. He called it the Targeted Advertising Cookie Opt-Out project – or TACO for short. It has since expanded to countless other networks and spawned a sister project, Beef TACO. As Soghoian tells The Reg, Google's "Keep My Opt Outs" extension is merely another TACO.

"Had this come out back in March of 2009, it would be innovative. However, at this point, it is rather pathetic," he tells The Reg. "Google needs to come up with quite a bit more if it wants to be able to claim that it is innovating on privacy. Instead, it appears to be doing the minimum possible to try and keep regulators off its back."

The extension is limited to participating ad networks, and it requires you to, well, install an extension. It's not built into the browser proper. Like Soghoian, Mozilla sees the need for more. "Mozilla's DNT header in Firefox is intended to be a single, clear universal signal to convey users desire to opt-out of tracking," Mozilla privacy engineer Sid Stamm told us. "While hardening the cookies surely helps opt-outs persist, we think it's more appropriate to have a single universal signal for even those who aren't in the list of hardened cookies get to know the user's desire to opt out."

Microsoft uses a third method. Known as Tracking Protection Lists, it relies on predefined lists of domains known to track your behavior via ad technologies. These lists are maintained by various third-party outfits, and the user is free to choose from among them. Microsoft has already submitted this method to the W3C in the hopes of turning it into a standard.

Mozilla's method is simpler. There's less for the user to wrap his head around. But Mozilla is requiring the active participation of sites and ad networks. With Microsoft's method, third-parties decide what should be blocked.

In typical fashion, Mozilla believes the best route is to get everyone to play nicely together. "We believe the major players in the display advertising business will honor consumers' choice for privacy (as witnessed in the NAI opt out program and others), and we would like to allow them that opportunity by letting consumers convey their choice through our HTTP header," Stamm says.

"Advertisements are a constructive part of the Web ecosystem, and we think blocking ads outright is too detrimental to the Web; instead, we would like to pursue a solution where users and advertising networks can work in concert (instead of in conflict) to balance value with consumers' privacy choices."

As Stamm points out, the Mozilla and Microsoft methods can coexist. And they will. Both have their merits. Microsoft's method actually works – right now – and Mozilla should be applauded for working to get everyone on the same page. But for the moment, they're not. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton EXPOSED in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.