Mozilla, Microsoft, and Google have each developed some sort of “do not track” feature for their respective Web browsers. The intent is good, but each solution is fundamentally flawed and is unlikely to work very well in the real world.
Following the call for action from the United States Federal Trade Commission (FTC) to create some sort of a Web browsing “do not track” list similar to the “do not call” list consumers can use to avoid being harassed by telemarketers, the major browser vendors took some initiative and got to work.
Microsoft announced availability of the Internet Explorer 9 release candidate–the final evaluation version before the official release of the browser. The IE9 RC includes Microsoft’s solution to the Web tracking issue. The problem with Microsoft’s approach, though, is that it relies too heavily on user intervention–requiring the user essentially to manage which sites should or shouldn’t be allowed to track browsing behavior.
Google’s approach is not an inherent feature of the Chrome browser, but is offered instead as a “Keep My Opt-Outs” browser extension. Not only does the Google solution require the user to be aware of the extension and add it, but the ability of the extension to thwart online tracking efforts relies on the self-regulating efforts of the advertising companies responsible for the tracking.
Then, there is Mozilla’s “do not track” solution. The Mozilla feature has been added to the latest beta release of Firefox 4. If enabled, Firefox will add information to HTTP requests from the browser letting Web sites know that the user wishes not to be tracked…assuming the Web site is paying attention and chooses to care.
The Electronic Frontier Foundation (EFF) backs the Mozilla solution. An EFF spokesperson e-mailed me to comment. “The Do Not Track approach endorsed by the FTC and now Mozilla is a great idea. It’s technically elegant and will serve as a platform for further privacy innovation. Yes, parallel efforts will still be needed to combat online scams, phishing and privacy-invading malware (and also to protect people who don’t use Do Not Track) but this is a major step in the right direction.”
It may be technically elegant, but it’s fatal flaw is that it depends on the Web sites in question to A) be looking for the HTTP header data, and B) be reputable enough to honor the “do not track” request. Those are some major hurdles that make Mozilla’s technical elegance impractical in function.
Doug Wolfgram, CEO of IntelliProtect, an online privacy management company, agrees that the Mozilla solution is flawed. Wolfgram e-mailed me to say, “The Mozilla solution is only as effective as the companies who embrace it which so far is none. It appears as though it sets a header, meaning opt out of ALL sites who embrace it or none, no real consumer choice for whom they want to allow to track.”
In response to my criticisms of the Mozilla approach, the EFF spokesperson explained, “The tracking we’re most worried about is conducted by large third-party domains. These are giant sites that are tracking most of us, most of the time, but we never see them because they’re hidden inside iframes and JavaScript beacons in the pages we’re looking at. Among those very large domains, we believe it will be comparatively easy to determine which ones do and don’t respect the Do Not Track header.”
Wolfgram also pointed out another serious obstacle. “Many behavioral targeting companies are based outside the US–making legislation ineffective. Right now, those within the US must voluntarily comply.” Wolfgram added that solutions which take an all or nothing approach don’t give consumers enough control.
The good news is that the FTC and the major browser vendors are aware that there is a problem and are all actively working on solving it. The bad news is that these initial stabs fall short of the goal, and that it would be better if all parties would agree on a single, standard solution.