Standards group to bar IE10 from claiming 'Do Not Track' compliance
If Microsoft doesn't change IE10's on-by-default privacy setting, it can't say browser is compliant when standard is finalized, says W3C
Computerworld - Microsoft's decision to switch on the "Do Not Track" by default in Internet Explorer (IE10) will have to be rethought if the company wants to claim it supports the developing privacy standard.
On Wednesday, the W3C (World Wide Web Consortium) standards organization reached a compromise on some aspects of "Do Not Track," the browser feature that signals whether a user wants online advertisers and websites to track his or her movements.
The new draft of the standard, which may be months from passing in final form, explicitly bars browsers from setting Do Not Track (DNT) on by default.
"An ordinary user agent MUST NOT send a Tracking Preference signal without a user's explicit consent," the draft reads (download PDF).
That seemed squarely aimed at Microsoft.
Last week the company announced with some fanfare that Internet Explorer 10 (IE10), the new edition to be bundled with Windows 8 and its tablet offshoot Windows 8, and to be made available as an upgrade on Windows 7, would set DNT on by default.
Microsoft's chief privacy officer, Brendon Lynch, made it crystal clear.
"We believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online," Lynch wrote in a May 31 blog.
But the W3C group that's been hammering out DNT disagreed, and said flatly that while Microsoft is perfectly free to do what it wants, it cannot call IE10 DNT compliant if it continues down its on-by-default road.
"Microsoft IE, as a general purpose user agent, will not be able to claim compliance with DNT once we have a published W3C Recommendation," Aleecia McDonald, a researcher at Stanford's Center for Internet and Society (CIS) and a part-time employee of Mozilla, said in a summary of a Wednesday conference call. Mozilla supports her work as co-chair of the W3C effort on DNT.
"As a practical matter, they can continue their current default settings, since DNT is a voluntary standard in the first place. But if they claim to comply with the W3C Recommendation and do not, that is a matter the FTC (and others) can enforce," McDonald said.
Mozilla, in fact, had staked out its position earlier.
"At its foundation, DNT is intended to express an individual's choice, or preference, to not be tracked," said Alex Fowler, who leads Mozilla's privacy and policy work, in a blog post written the same day Microsoft said IE10 would have the signal on by default. "It's important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it's not the browser being tracked, it's the user."
Firefox, Fowler continued, supports DNT, but leaves it in the "off" position which lets -- or makes, depending on the viewpoint -- the user choose. "For DNT to be effective, it must actually represent the user's voice," Fowler said.
Either Microsoft or the W3C group will have to blink. And it doesn't sound like the W3C will be the one to back down.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- SANS: Next-Generation Datacenters = Next-Generation Security This whitepaper takes a look at some new technology that may allow security teams to implement more flexible and capable protection models in...
- SANS: Protecting Virtual Endpoints with McAfee Server Security Suite Essentials SANS review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
- Safeguarding the Next-Generation Data Center Use of virtual and cloud servers has exploded. Unfortunately, security often lags behind. McAfee recommends looking at innovative solutions in order to erect...
- Aberdeen: Securing the Evolving Datacenter This report highlights ways security technologies and services are evolving to provide the visibility and control needed to deploy workloads flexibly in the...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!