Original URL: https://www.theregister.com/2013/07/17/w3c_rejects_daa_dnt_definition/

Admen's suggested tweaks to Do Not Track filed straight into the bin

Thanks, but no thanks, say W3C's anti-web-stalking bods

By Gavin Clarke

Posted in Software, 17th July 2013 13:05 GMT

Web standards chiefs have snubbed an ad industry attempt to water down efforts to prevent people from being tracked across the internet.

The World Wide Web Consortium (W3C) is drawing up a specification that will set out how web browsers can instruct online advertising networks and other websites not to stalk people as they move from site to site.

Ideally, a user can enable or disable this Do Not Track (DNT) mechanism in his or her browser, and avoid corporations building up profiles about them from their private web activities.

The W3C's Tracking Protection Working Group invited admen to suggest changes to the spec, but this week rejected the industry's proposals, preferring to stick to its own definition of the DNT system.

The team decided against using the terminology suggested by the Digital Advertising Alliance (DAA), which gave businesses enough wriggle room to beam targeted ads at netizens even if they had enabled DNT.

The DAA’s wording for the specification was, in short, rejected for putting advertisers first. The association's members include Dell, Microsoft, Adobe and Amazon along with ad-serving networks, manufacturers, financial service providers and publishing companies.

W3C members working on the DNT proposal include Apple, IBM, Mozilla and Yahoo!

The W3C's working group chairmen Matthias Schunter and Peter Swire wrote in their decision on the definition here: “One representative of the DAA informed the group this month that limits on collection would be a ‘non-starter’.”

From there, the DAA proposals unravelled. Advertisers suggested a system of “technical, administrative and operational controls” to anonymise site visitors yet allow them to be identified and profiled at a later stage. How exactly these "anonymised" individuals could be "re-identified" in future was at odds with European Union rules on privacy, Schunter and Swire wrote.

Also, the pair added, “a number of comments raised credible technical objections about the quality of protection against re-identification provided by the DAA proposal.”

The chairmen continued:

Since June, a large portion of the group’s time has been devoted to clarifying the meaning of the DAA proposal, providing a detailed record for today’s decision. Based on the comments received, the current DAA proposal is less protective of privacy and user choice than their earlier initiatives.

The wording of the definition of DNT is important: it’ll form the basis of a Tracking Preference Extension specification: the user's preference on ad-stalking is sent to web servers in the HTTP headers; if DNT: 1 is present in the request for a document, the user does not wish to be tracked.

The working group's DNT definitions, first proposed in June, will now be used to form the tracking specification for the W3C to approve. ®