Standards group to bar IE10 from claiming 'Do Not Track' compliance
If Microsoft doesn't change IE10's on-by-default privacy setting, it can't say browser is compliant when standard is finalized, says W3C
Computerworld - Microsoft's decision to switch on the "Do Not Track" by default in Internet Explorer (IE10) will have to be rethought if the company wants to claim it supports the developing privacy standard.
On Wednesday, the W3C (World Wide Web Consortium) standards organization reached a compromise on some aspects of "Do Not Track," the browser feature that signals whether a user wants online advertisers and websites to track his or her movements.
The new draft of the standard, which may be months from passing in final form, explicitly bars browsers from setting Do Not Track (DNT) on by default.
"An ordinary user agent MUST NOT send a Tracking Preference signal without a user's explicit consent," the draft reads (download PDF).
That seemed squarely aimed at Microsoft.
Last week the company announced with some fanfare that Internet Explorer 10 (IE10), the new edition to be bundled with Windows 8 and its tablet offshoot Windows 8, and to be made available as an upgrade on Windows 7, would set DNT on by default.
Microsoft's chief privacy officer, Brendon Lynch, made it crystal clear.
"We believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online," Lynch wrote in a May 31 blog.
But the W3C group that's been hammering out DNT disagreed, and said flatly that while Microsoft is perfectly free to do what it wants, it cannot call IE10 DNT compliant if it continues down its on-by-default road.
"Microsoft IE, as a general purpose user agent, will not be able to claim compliance with DNT once we have a published W3C Recommendation," Aleecia McDonald, a researcher at Stanford's Center for Internet and Society (CIS) and a part-time employee of Mozilla, said in a summary of a Wednesday conference call. Mozilla supports her work as co-chair of the W3C effort on DNT.
"As a practical matter, they can continue their current default settings, since DNT is a voluntary standard in the first place. But if they claim to comply with the W3C Recommendation and do not, that is a matter the FTC (and others) can enforce," McDonald said.
Mozilla, in fact, had staked out its position earlier.
"At its foundation, DNT is intended to express an individual's choice, or preference, to not be tracked," said Alex Fowler, who leads Mozilla's privacy and policy work, in a blog post written the same day Microsoft said IE10 would have the signal on by default. "It's important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it's not the browser being tracked, it's the user."
Firefox, Fowler continued, supports DNT, but leaves it in the "off" position which lets -- or makes, depending on the viewpoint -- the user choose. "For DNT to be effective, it must actually represent the user's voice," Fowler said.
Either Microsoft or the W3C group will have to blink. And it doesn't sound like the W3C will be the one to back down.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!