Firefox Do-Not-Track Feature Seen as Toothless
Jan 24, 2011 1:56 PM PT
Like the Incredibles, facing down a nefarious, subterranean villain called "the Underminer" at the end of their debut movie, Mozilla is facing down data miners by giving Firefox users a new, albeit less-than-incredible power.
The browser feature will give users the ability to opt out of behavior-based advertising. Websites and ad servers will get a "do not disturb" message via a click-transmitted "do not track HTTP header," a better approach, Mozilla claims, than cookies or user-blacklists of advertisers.
As a non-standard platform, the header approach will rely not only on Firefox, but on websites for implementation. It follows a December 2010 call from the U.S. Department of Commerce for an "online privacy bill of rights" and an Internet data collection "code of conduct" -- red flags that suggest the new tool may simply be an attempt to fend off future privacy legislation.
"That has to be a major motivating factor," Jennifer Bayuk, program director of Systems Security Engineering at Stevens Institute of Technology (SIT), told TechNewsWorld.
Mozilla may also be fending off competitors "by allowing more customization," said Darren Hayes, Ph.D, chair of the computer information systems program at Pace University.
"This could be seen as a reaction to Microsoft Internet Explorer's In-Private Browsing and Google's customization options," he told TechNewsWorld.
Fox on Fire?
While the new Firefox feature won't block all ads, it will block the personalized ads that have helped carve a unique advertising niche for Internet advertising giants such as Google.
The user-specific ad niche often relies on user ignorance of a "third party relationship," Mozilla Labs principal engineer Mike Hanson explained in a blog post to which Mozilla spokesperson Shannon Prior referred TechNewsWorld.
"For instance, when a user visits a news site which directs the user's browser to open an image from an ad network's site, the relationship is third-party," Hanson explained. "In many cases, the user does not know that the relationship exists."
User-tracking is similarly defined. "Third-party tracking is intended to provide some persistence to a third-party relationship," Hanson explained. "The use most people think of is behavioral advertising, in which a user's search keywords are identified and communicated to an ad server, where they are used to select a display ad."
To escape third-party behavioral advertising, Internet surfers have several options: opt-out registries; Web browser modifications designed to prevent tracking; cookie blocking and disabling.
Those methods suffer serious flaws, though, Hanson wrote. Opt-out registry data, for instance, is itself stored on a cookie. Clearing cookies clears the opt-out, and the ads start popping once again.
Firefox's do-not-track header, Hanson explained, solves these problems by broadcasting "a clear statement of user intent," automatically activating "tracking opt-out" mechanisms Web-wide in easy-to-implement fashion.
The concept is "nothing out of the ordinary" and represents a "typical integration challenge," SIT's Bayuk explained. "Developers interface between different software all the time."
Firefox's "powerful new tool" persists across cookie deletion, requires no central registry or blacklist, and "gives good actors the information they need to treat users with respect," Hanson claimed.
At the top of Hanson's "con" list, however: "It has no effect until sites are incentivized to adopt it."
Incentives may be elusive.
"I see no incentive to participate without legislation," Pace University's Hayes explained. "It's hard to see companies who also advertise trying to provide full cooperation to make this a success for Mozilla."
History tends to agree, SIT's Bayuk Observed. "Other consortiums, like a group that promised to report security bugs in 30 days or so, have petered out. I don't see any inducement to use the Firefox do-not-track header except the good press that might come with it."
To put it bluntly, "this is a public relations ploy by Firefox's parent (the Mozilla Foundation)," said technology public relations specialist Richard Laermer.
It's unlikely to receive widespread adoption, he told TechNewsWorld, "because most people don't even comprehend what tracking is."