Feeds

MS tacks Mozilla 'Do Not Track' header onto W3C submission

Before you can say 'embrace and extend' ...

High performance access to file storage

In a move that melds sneaky with shrewd, Microsoft has added Mozilla's Do Not Track browser header to the submission of its Tracking Protection proposal to the World Wide Web Consortium (W3C). This potentially leaves Google – the third of the three contenders for privacy-enhanced browsing – isolated in a self-regulatory alliance with a gaggle of US ad networks, while Microsoft sidles closer to the kind of solution the regulators are likely to go for.

Both the US FTC and the European Union are currently concerned about Online Behavioural Advertising (OBA) in particular, and the tracking of individuals across the internet in general. Mozilla unveiled its proposal, a Do Not Track browser header that expressed an individual's desire not to be tracked, in late January, practically simultaneous with Google's release of its own Keep My Opt-Outs. Microsoft added its Tracking Protection to IE9 late last year.

Although Mozilla's Do Not Track requires that websites and servers actually pay attention to the user's wishes as expressed via the browser, it has the virtue of being a universal approach to the issue, and it also conforms more closely to the wishes of the regulators. An FTC report last year recommended a Do Not Track browser setting so that "consumers would not have to exercise choices on a company-by-company or industry-by-industry basis, and that such choices would be persistent," while the EU's E-Privacy Directive requires that users be given an "informed choice" prior to having cookies placed on their machines. Neither body is happy about the largely unintelligible nature of current browser privacy settings.

Google's Keep My Opt-Outs and Microsoft's Tracking Protection have more immediate effect than Do Not Track, but they're limited, and really don't look like they'll cut the mustard with the regulators. Google has chosen to work with the Self-Regulatory Program for Online Behavioral Advertising, which you could view as the US ad industry's attempt to fend off legislation, and at the moment its system – a browser plug-in – is restricted to Chrome, and only allows you to opt out of OBA by about 60 US networks. And it is perhaps worth pointing out at this juncture that the ad industry does not necessarily view OBA and tracking as the same thing (see the FTC report linked to above).

Microsoft's Tracking Protection, on the other hand, relies on third-party white lists and block lists of "companies that offer poor privacy protection". It is not switched on by default, and it does potentially give you a great measure of control of what you wish to block or allow, as there's nothing stopping you building your own lists. Most people using it, however, will do so via third parties (eg TrustE), and most people probably won't switch it on in the first place.

But put that together with Do Not Track, and you have a potential winner – albeit still a fairly rudimentary one that will require at least the threat of a regulatory stick in order to be effective (although you could interpret the E-Privacy Directive as meaning it already has regulatory force in Europe).

Mozilla itself meanwhile feels that Do Not Track is the beginning of the discussion, not the end. "I think that all of the Do Not Track discussion is in its very early stages," Mozilla Foundation chairperson Mitchell Baker told The Register earlier this year. "Hopefully, the current proposals will ultimately look very crude." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.