Standards group to bar IE10 from claiming 'Do Not Track' compliance
If Microsoft doesn't change IE10's on-by-default privacy setting, it can't say browser is compliant when standard is finalized, says W3C
Computerworld - Microsoft's decision to switch on the "Do Not Track" by default in Internet Explorer (IE10) will have to be rethought if the company wants to claim it supports the developing privacy standard.
On Wednesday, the W3C (World Wide Web Consortium) standards organization reached a compromise on some aspects of "Do Not Track," the browser feature that signals whether a user wants online advertisers and websites to track his or her movements.
The new draft of the standard, which may be months from passing in final form, explicitly bars browsers from setting Do Not Track (DNT) on by default.
"An ordinary user agent MUST NOT send a Tracking Preference signal without a user's explicit consent," the draft reads (download PDF).
That seemed squarely aimed at Microsoft.
Last week the company announced with some fanfare that Internet Explorer 10 (IE10), the new edition to be bundled with Windows 8 and its tablet offshoot Windows 8, and to be made available as an upgrade on Windows 7, would set DNT on by default.
Microsoft's chief privacy officer, Brendon Lynch, made it crystal clear.
"We believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online," Lynch wrote in a May 31 blog.
But the W3C group that's been hammering out DNT disagreed, and said flatly that while Microsoft is perfectly free to do what it wants, it cannot call IE10 DNT compliant if it continues down its on-by-default road.
"Microsoft IE, as a general purpose user agent, will not be able to claim compliance with DNT once we have a published W3C Recommendation," Aleecia McDonald, a researcher at Stanford's Center for Internet and Society (CIS) and a part-time employee of Mozilla, said in a summary of a Wednesday conference call. Mozilla supports her work as co-chair of the W3C effort on DNT.
"As a practical matter, they can continue their current default settings, since DNT is a voluntary standard in the first place. But if they claim to comply with the W3C Recommendation and do not, that is a matter the FTC (and others) can enforce," McDonald said.
Mozilla, in fact, had staked out its position earlier.
"At its foundation, DNT is intended to express an individual's choice, or preference, to not be tracked," said Alex Fowler, who leads Mozilla's privacy and policy work, in a blog post written the same day Microsoft said IE10 would have the signal on by default. "It's important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it's not the browser being tracked, it's the user."
Firefox, Fowler continued, supports DNT, but leaves it in the "off" position which lets -- or makes, depending on the viewpoint -- the user choose. "For DNT to be effective, it must actually represent the user's voice," Fowler said.
Either Microsoft or the W3C group will have to blink. And it doesn't sound like the W3C will be the one to back down.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts