Feeds

MS tacks Mozilla 'Do Not Track' header onto W3C submission

Before you can say 'embrace and extend' ...

Protecting against web application threats using SSL

In a move that melds sneaky with shrewd, Microsoft has added Mozilla's Do Not Track browser header to the submission of its Tracking Protection proposal to the World Wide Web Consortium (W3C). This potentially leaves Google – the third of the three contenders for privacy-enhanced browsing – isolated in a self-regulatory alliance with a gaggle of US ad networks, while Microsoft sidles closer to the kind of solution the regulators are likely to go for.

Both the US FTC and the European Union are currently concerned about Online Behavioural Advertising (OBA) in particular, and the tracking of individuals across the internet in general. Mozilla unveiled its proposal, a Do Not Track browser header that expressed an individual's desire not to be tracked, in late January, practically simultaneous with Google's release of its own Keep My Opt-Outs. Microsoft added its Tracking Protection to IE9 late last year.

Although Mozilla's Do Not Track requires that websites and servers actually pay attention to the user's wishes as expressed via the browser, it has the virtue of being a universal approach to the issue, and it also conforms more closely to the wishes of the regulators. An FTC report last year recommended a Do Not Track browser setting so that "consumers would not have to exercise choices on a company-by-company or industry-by-industry basis, and that such choices would be persistent," while the EU's E-Privacy Directive requires that users be given an "informed choice" prior to having cookies placed on their machines. Neither body is happy about the largely unintelligible nature of current browser privacy settings.

Google's Keep My Opt-Outs and Microsoft's Tracking Protection have more immediate effect than Do Not Track, but they're limited, and really don't look like they'll cut the mustard with the regulators. Google has chosen to work with the Self-Regulatory Program for Online Behavioral Advertising, which you could view as the US ad industry's attempt to fend off legislation, and at the moment its system – a browser plug-in – is restricted to Chrome, and only allows you to opt out of OBA by about 60 US networks. And it is perhaps worth pointing out at this juncture that the ad industry does not necessarily view OBA and tracking as the same thing (see the FTC report linked to above).

Microsoft's Tracking Protection, on the other hand, relies on third-party white lists and block lists of "companies that offer poor privacy protection". It is not switched on by default, and it does potentially give you a great measure of control of what you wish to block or allow, as there's nothing stopping you building your own lists. Most people using it, however, will do so via third parties (eg TrustE), and most people probably won't switch it on in the first place.

But put that together with Do Not Track, and you have a potential winner – albeit still a fairly rudimentary one that will require at least the threat of a regulatory stick in order to be effective (although you could interpret the E-Privacy Directive as meaning it already has regulatory force in Europe).

Mozilla itself meanwhile feels that Do Not Track is the beginning of the discussion, not the end. "I think that all of the Do Not Track discussion is in its very early stages," Mozilla Foundation chairperson Mitchell Baker told The Register earlier this year. "Hopefully, the current proposals will ultimately look very crude." ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.