Do Not Track
In many of our modern browsers, we see the option of “Ask websites not to track me” (Safari v9) or “Send a ‘Do Not Track’ request with your browsing traffic” (Chrome v48) but what does this option do?
Do Not Track (DNT) is a small piece of information that is sent along your HTTP request when you click on a webpage. This is a single DNT signal to be maintained on a browser so it does not require you to get DNT cookie from each individual advertiser. Do Not Track tells the website and their third party content providers (such as advertisers) that you wish to not be tracked for advertising purposes.
Do Not Track (DNT) is a small piece of information that is sent along your HTTP request when you click on a webpage. This is a single DNT signal to be maintained on a browser so it does not require you to get DNT cookie from each individual advertiser. Do Not Track tells the website and their third party content providers (such as advertisers) that you wish to not be tracked for advertising purposes.
What is Web Tracking
Web tracking is when the website uses special software and cookies to keep tabs on their visitors. These tracking services can be used to improve the online experience to tailor ads to the consumer. While visiting the website of Opentracker, a company that provides tracking tools and other analytical tools, there was a little widget that shows the potential information that can be tracked, such as your location, the website you came from, number of visits, and total pages viewed.
Websites like Amazon can then take this information and use it to predict and suggest products to you. First party tracking are tracking done by the website you are on. Many websites like Facebook, Amazon, Google, etc. will store cookies, or small text files assigned to your browser once you've visited the website. These cookies are helpful to ensure that you are logged in to your online account or your settings are restored. However, tracking by a third party, like an ad server, uses cookies to recognize the same user across different websites. When you visit the New York Times, you might get ads for shoes if you had searched for it earlier.
Websites like Amazon can then take this information and use it to predict and suggest products to you. First party tracking are tracking done by the website you are on. Many websites like Facebook, Amazon, Google, etc. will store cookies, or small text files assigned to your browser once you've visited the website. These cookies are helpful to ensure that you are logged in to your online account or your settings are restored. However, tracking by a third party, like an ad server, uses cookies to recognize the same user across different websites. When you visit the New York Times, you might get ads for shoes if you had searched for it earlier.
Implementation of Do Not Track
In 2007, several public interest groups, including the World Privacy Forum, CDT, and the EFF asked the FTC to create a Do Not Track list for online advertising. In their proposal, the interest groups asked the FTC to "Create a national Do Not Track List similar to the national Do Not Call List." Nothing came from the request until 2010 when the FTC Chairman Leibowitz tells Senate committee that FTC is considering a DNT list. Later that year, the idea of using a HTTP header instead of cookies or a list gained widespread acceptance. In 2011, Mozilla Firefox was the first browser to implement the DNT header and shortly after, Microsoft Internet Explorer, Google Chrome, and Apple Safari shortly followed. In 2012, support for DNT came from the FTC, the White House, and the Digital Alliance Surveillance. The W3C, a international Internet setting group comprised of all interested stake holders gathered to formulate an agreed upon international standard for a header based DNT standard. However, there were arguments amongst the members and a consensus could not be reached. After nearly 4 years, the group issued a modest proposal in 2015 that calls for networks and companies to honor a Do Not Track request in limited circumstances.
The implementation of Do Not Track has been riddled with issues. In 2012, users who used the "Express" setting while installing Windows 8 enabled a Do Not Track option by default for Internet Explorer 10 and Windows 8. Advertisers bashed Microsoft for setting it as default and quickly announced that they would ignore the DNT request because it makes the consumer's choice for them. The W3C also criticized Microsoft's decision. In 2015, Microsoft announced that as of Windows 10, it would not default to Do Not Track while using the express settings. However, the damage has done and many privacy advocates say that the backfire from Windows 8's default opt-out approach killed DNT.
The implementation of Do Not Track has been riddled with issues. In 2012, users who used the "Express" setting while installing Windows 8 enabled a Do Not Track option by default for Internet Explorer 10 and Windows 8. Advertisers bashed Microsoft for setting it as default and quickly announced that they would ignore the DNT request because it makes the consumer's choice for them. The W3C also criticized Microsoft's decision. In 2015, Microsoft announced that as of Windows 10, it would not default to Do Not Track while using the express settings. However, the damage has done and many privacy advocates say that the backfire from Windows 8's default opt-out approach killed DNT.
Effectiveness of Do Not Track
Most major browsers include a Do Not Track option, however, website owners or advertisers can ignore the request minimizing its effectiveness. A majority of websites on the Internet does not honor the DNT signal. However, some major sites like Twitter and Pinterest have committed to honor DNT signal (click here for a list of sites that honor DNT).
In 2011, the Digital Advertising Alliance developed a Do Not Track system of their own which allows users to affirmatively opt-out of targeted advertising by logging in to the AdChoices and clicking on an icon. The icon links to video about the values of interest based advertising and then displays another link which the users can click to opt out receiving interested based ads from some or all DAA members. However, a study conducted by Parks Associates found that three years after the introduction of the AdChoices icon, most consumers were unaware of it, and awareness had grown only to 6% in 2013 from 5% in 2011.
In June of 2015, Consumer Watchdog petitioned the FCC to require edge providers (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor Do Not Track Requests from consumers. However, the FCC ruled that they will not force the edge providers to honor consumer Do Not Track requests saying that they don't intend to "relate the Internet, per se, or any Internet applications or content."
What Can You Do as a Consumer
There are many options for consumers to protect their privacy from trackers. Many browsers offer the possibility of installing extensions to enhance the browser's function. Some extensions can be used to block any traffic from trackers.
Ad blockers such as uBlock (Origin), AdBlock, and Adblock Plus allows users to block out ads and filter out trackers. Extensions like Ghostery and Disconnect automatically blocks third-party scripts used for tracking you, like google Analytics, Intercom, social sharing buttons and more. The EFF's Privacy Badger is "born out of [EFF's] desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent."
Author's Thoughts
I think that we can't rely on organizations to protect our privacy, we have to take the first step. In my browser I have uBlock and Ghostery set up to block any intrusive ads and trackers. I believe that while DNT is a great idea on paper, it's implantation has been lackluster. With advertisers not honoring requests and no incentives or real purpose for them to do so, DNT is slowly dying.
I thought it was really interesting just how long it took them to even implement any kind of Do Not Track in the first place, 2007 until 2015, 8 years! I also found it weird, annoying, and misleading that a lot of websites do not honor DNT. What is the point of having a DNT if it doesn't actually work? I think you are right in that people need to take the first step and protect their privacy further than and before corporations ever will. Obviously it is in the business's best interest to keep the consumer as readily able to be tracked, whereas that is not the best option for the consumer. All I have ever had on my computer before is ad blocker, because up until this class I didn't realize that ads were more than just annoying, they are super stalker and creepy as well.
ReplyDeleteI agree with the sentiments expressed by Junkang and Anne - what is the purpose of having DNT if it is rarely honored and poorly executed? I would hope that in the future, some type of enforcement would be passed by an entity like the FCC, but based on what was posted by Junkang, I don't see that being likely. After reading this post, I actually went through and downloaded the Ghostery extension for my chrome browser. I think the sad part of the matter is that I had to read this blog post and take proactive action to prevent this type of thing because of the lack of enforcement of DNT. Most consumers probably wouldn't know about it or care enough to install an extension like Ghostery. Like Anne said, this is in the best interest of those who are tracking, not the consumer.
ReplyDeleteI have to agree with the general sentiment so far-- I'm frustrated that Do Not Track is merely a request. If I don't want my information tracked I mean just that-- I don't want my information tracked. The fact that websites/companies would just ignore that really bothers me. I actually already looked into Privacy Badger prior to this post and I think I'll download it now. I wish that DNT was legally binding and that all websites would have to honor it but I can see why those websites would be opposed to the movement. However, as someone who frequently uses the internet, I would very much rather not be tracked.
ReplyDeleteI think that having DNT is very important, but only if the industry actually implements it. I share the sentiments of the class so far of frustration at the lackluster implementation of DNT so far. I agree with Michael that I think that an entity like the FCC or FTC should provide enforcement of Do Not Track. While this may be unlikely, I still feel it is the best option. Until then, things like Ghostery and Privacy Badger might be a good solution for those who are concerned about not being tracked.
ReplyDeleteI second Michael's sentiments, and I also downloaded Ghostery at Junkang's recommendation. It seems from what I have read that others would need to take a similar approach, and proactively take steps as individuals to ensure they are not being tracked. It is unfortunate that DNT signals are not often honored by sites and that no action has been taken to change the status quo, and it seems change is unlikely.The best remaining option I can see is increased public attention to the activity and prevalence of trackers. If the public's only option for protection it to act oneself, individuals need to be aware they need to take action.
ReplyDeleteI also agree with the common sentiment - that DNT is important but only if industry actually follows the request. The ability to protect one's computer activity is an important aspect of privacy, especially since the Internet has become so ubiquitous. Take this class as an example. Our class uses multiple platforms as its base (Canvas, Blogger, YouTube), as well as numerous additional online sources. Blogger, for example, gives statistics to the blog owner, including visitor operating system, country, and how the visitor was directed to the blog. Comparatively, this is quite limited information (Stat Counter, for example, includes information such as city, internet provider, and IP address to users). We might not care that Prof Dryer can see how many page views the blog has, but that doesn’t extend to every website. We should be able to control the information that we’re generating, and legislating DNT policies would be one method to create this control.
ReplyDeleteAs far as things that we have talked about in this class I think this is a trifle. Personally I ignore all adds while I am browsing whether they are relevant to my interests or not. That said I think that you should be able to opt out of targeted advertising if you want to. I also agree that we can not trust corporations to honor DNT. People that are do not want targeted adds need to to take affirmative action. Something that I have learned from this class is that privacy is very rarely the default setting. Privacy is a right that everyone should have access to but in this age is it something that is sought, not given.
ReplyDeletePersonally, I like the concept of Do Not Track, and think that there should be some laws put in place to require advertisers to honor those requests. For me, it goes back to the concept of a person owning the information they produce. While I don't believe that DNT should be a default, merely for practical reasons (the goal here is to give consumers a choice, not to destroy an industry), I do think that enabling DNT would entail revoking consent for the advertisers to collect information on you. I do wonder how this would be legislated though. Obviously the US can't regulate things that happen in other countries, and given the international nature of the internet, I can see advertising companies setting up outside the US in order to track users.
ReplyDeleteOn another, related note, one of my favorite concepts are browser addons like TrackMeNot and AdNauseam, which take a more aggressive strategy to avoid tracking. Instead of hiding your activity, these addons create large amounts of junk data by clicking through every ad, to prevent advertisers from getting useful information.
Looks like I get to express an unpopular sentiment. I think that DNT is a great idea and its widespread use would be a good thing, that said, I don't think that it is the FCC's place to implement that kind of regulation. The FCC is a US Government organization and thus should not attempt to police a global phenomenon. While I realize that a large portion of the advertisers (that advertise to US citizens) are US companies (and thus it is reasonable for the FCC to regulate them) I think that the problem is too opaque to effectively enforce. Advertisers have it in their best interest to adhere to DNT because the common alternative is a full scale ad-blocker. Al-blockers are a much bigger threat. Additionally, many browsers are blocking information to third party trackers transparently for their users, and removing this protection if the website promises to obey DNT. https://www.eff.org/dnt-policy (note that they reenable the protections if the user enables DNT and also sends the HTTP header).
ReplyDeleteOn a side note it is pretty hard to avoid being tracked. Even if you do everything right, your browser can often be fingerprinted and tracked. Paradoxically the more privacy plugins you install, the more unique your browser configuration becomes and the easier you are to track. See the fingerprinting section of: https://panopticlick.eff.org/