Feeds

MS tacks Mozilla 'Do Not Track' header onto W3C submission

Before you can say 'embrace and extend' ...

The Essential Guide to IT Transformation

In a move that melds sneaky with shrewd, Microsoft has added Mozilla's Do Not Track browser header to the submission of its Tracking Protection proposal to the World Wide Web Consortium (W3C). This potentially leaves Google – the third of the three contenders for privacy-enhanced browsing – isolated in a self-regulatory alliance with a gaggle of US ad networks, while Microsoft sidles closer to the kind of solution the regulators are likely to go for.

Both the US FTC and the European Union are currently concerned about Online Behavioural Advertising (OBA) in particular, and the tracking of individuals across the internet in general. Mozilla unveiled its proposal, a Do Not Track browser header that expressed an individual's desire not to be tracked, in late January, practically simultaneous with Google's release of its own Keep My Opt-Outs. Microsoft added its Tracking Protection to IE9 late last year.

Although Mozilla's Do Not Track requires that websites and servers actually pay attention to the user's wishes as expressed via the browser, it has the virtue of being a universal approach to the issue, and it also conforms more closely to the wishes of the regulators. An FTC report last year recommended a Do Not Track browser setting so that "consumers would not have to exercise choices on a company-by-company or industry-by-industry basis, and that such choices would be persistent," while the EU's E-Privacy Directive requires that users be given an "informed choice" prior to having cookies placed on their machines. Neither body is happy about the largely unintelligible nature of current browser privacy settings.

Google's Keep My Opt-Outs and Microsoft's Tracking Protection have more immediate effect than Do Not Track, but they're limited, and really don't look like they'll cut the mustard with the regulators. Google has chosen to work with the Self-Regulatory Program for Online Behavioral Advertising, which you could view as the US ad industry's attempt to fend off legislation, and at the moment its system – a browser plug-in – is restricted to Chrome, and only allows you to opt out of OBA by about 60 US networks. And it is perhaps worth pointing out at this juncture that the ad industry does not necessarily view OBA and tracking as the same thing (see the FTC report linked to above).

Microsoft's Tracking Protection, on the other hand, relies on third-party white lists and block lists of "companies that offer poor privacy protection". It is not switched on by default, and it does potentially give you a great measure of control of what you wish to block or allow, as there's nothing stopping you building your own lists. Most people using it, however, will do so via third parties (eg TrustE), and most people probably won't switch it on in the first place.

But put that together with Do Not Track, and you have a potential winner – albeit still a fairly rudimentary one that will require at least the threat of a regulatory stick in order to be effective (although you could interpret the E-Privacy Directive as meaning it already has regulatory force in Europe).

Mozilla itself meanwhile feels that Do Not Track is the beginning of the discussion, not the end. "I think that all of the Do Not Track discussion is in its very early stages," Mozilla Foundation chairperson Mitchell Baker told The Register earlier this year. "Hopefully, the current proposals will ultimately look very crude." ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.