Internet 'Do Not Track' system is in shatters
The lack of a standard has hamstrung the browser privacy tool
IDG News Service - Chalk up another victory for corporate surveillance: Five years after advocates came up with an easy way to let you browse the Web with just a little privacy, the Do Not Track system is in tatters and that pair of boots you looked at online last month is still stalking you from website to website.
In 2009, a few Internet privacy advocates developed an idea that was supposed to give people a way to tell websites they don't want to be monitored as they move from website to website. The mechanism, which would eventually be built into all the major browsers, was called Do Not Track.
With a single browser setting, these advocates thought, users would be able to communicate a preference for their privacy. It would be easier than downloading add-on software or creating a blacklist of specific companies to block. Do Not Track, or DNT, would be the Web's version of the telemarketer Do Not Call list.
But today, DNT hangs by a thread, neutered by a failure among stakeholders to reach agreement. Yes, if you turn it on in your browser, it sends a signal in the form of an HTTP header to Web companies' servers. But it probably won't change what data they collect.
That's because most websites either don't honor DNT -- it's currently a voluntary system -- or they interpret it in different ways. Another problem -- perhaps the biggest -- is that Web companies, ad agencies and the other stakeholders have never reached agreement on what "do not track" really means.
"It was conceived to be a uniform signal," said Sid Stamm, one of DNT's three founders. But, "part of the problem is there's a wide range of expectations," said Stamm, who is senior manager of security and privacy engineering at Mozilla. Mozilla's Firefox browser has the DNT tool, as do Safari, Internet Explorer, Chrome and Opera.
Web users who are hopeful about DNT got a small boost Wednesday in California. State Attorney General Kamala Harris issued guidelines to help companies comply with a new state law requiring them to disclose whether they honor users' DNT requests. But the law doesn't force them to use the system.
Today, with the exception of a few companies that act on DNT requests, its inclusion in browsers is essentially cosmetic. "The original idea was to replace a variety of opt-out mechanisms with a browser preference," said Arvind Narayanan, a computer science professor at Princeton who worked with others on developing a standard around DNT. "But opt out of what? That's where there's disagreement," he said.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!