Skip the navigation

Standards group to bar IE10 from claiming 'Do Not Track' compliance

If Microsoft doesn't change IE10's on-by-default privacy setting, it can't say browser is compliant when standard is finalized, says W3C

June 7, 2012 04:19 PM ET

Computerworld - Microsoft's decision to switch on the "Do Not Track" by default in Internet Explorer (IE10) will have to be rethought if the company wants to claim it supports the developing privacy standard.

On Wednesday, the W3C (World Wide Web Consortium) standards organization reached a compromise on some aspects of "Do Not Track," the browser feature that signals whether a user wants online advertisers and websites to track his or her movements.

The new draft of the standard, which may be months from passing in final form, explicitly bars browsers from setting Do Not Track (DNT) on by default.

"An ordinary user agent MUST NOT send a Tracking Preference signal without a user's explicit consent," the draft reads (download PDF).

That seemed squarely aimed at Microsoft.

Last week the company announced with some fanfare that Internet Explorer 10 (IE10), the new edition to be bundled with Windows 8 and its tablet offshoot Windows 8, and to be made available as an upgrade on Windows 7, would set DNT on by default.

Microsoft's chief privacy officer, Brendon Lynch, made it crystal clear.

"We believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online," Lynch wrote in a May 31 blog.

But the W3C group that's been hammering out DNT disagreed, and said flatly that while Microsoft is perfectly free to do what it wants, it cannot call IE10 DNT compliant if it continues down its on-by-default road.

"Microsoft IE, as a general purpose user agent, will not be able to claim compliance with DNT once we have a published W3C Recommendation," Aleecia McDonald, a researcher at Stanford's Center for Internet and Society (CIS) and a part-time employee of Mozilla, said in a summary of a Wednesday conference call. Mozilla supports her work as co-chair of the W3C effort on DNT.

"As a practical matter, they can continue their current default settings, since DNT is a voluntary standard in the first place. But if they claim to comply with the W3C Recommendation and do not, that is a matter the FTC (and others) can enforce," McDonald said.

Mozilla, in fact, had staked out its position earlier.

"At its foundation, DNT is intended to express an individual's choice, or preference, to not be tracked," said Alex Fowler, who leads Mozilla's privacy and policy work, in a blog post written the same day Microsoft said IE10 would have the signal on by default. "It's important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it's not the browser being tracked, it's the user."

Firefox, Fowler continued, supports DNT, but leaves it in the "off" position which lets -- or makes, depending on the viewpoint -- the user choose. "For DNT to be effective, it must actually represent the user's voice," Fowler said.

Either Microsoft or the W3C group will have to blink. And it doesn't sound like the W3C will be the one to back down.



Our Commenting Policies