Developers of the major browsers — Microsoft, Google and the Mozilla Foundation — plan to implement so-called do-not-track features into their browsers so consumers can indicate when they don’t want their movements online to be observed and recorded by site hosts, which generally use the information to strengthen their advertising systems.
The inclusion of such a feature is the result of considerable consumer resentment over tracking, leading to calls by the Federal Trade Commission for action and to hearings in Congress.
Here’s why: Someone who tracks you wherever you go and gleans information about everything you do, wherever you visit, is called a stalker, and in the physical world, it’s against the law to stalk someone. In any event, it also makes you feel really, really creepy.
Online advertisers are doing just that — stalking people online — so they can serve up ads to them.
How much do consumers dislike what’s going on? A poll conducted jointly by Gallup and USA Today in December found that 67 percent of those surveyed don’t think advertisers should be allowed to match ads to their specific interests based on websites they have visited.
Can we create a strong do-not-track system, or is that just wishful thinking?
User Relationships With Websites
When you visit a website, you establish a relationship with that site. In all but inimical relationships where you set out to attack the site, you either set up a first-party or a third-party relationship with the website.
A first-party relationship is where the user knows about, and presumably consents to, the relationship. This occurs when you visit a site or take things one step further, creating an account and logging into the site, Mozilla Labs Principal Engineer Michael Hanson contended.
A third-party relationship is established between you and a website because of actions taken by another website. When you visit a news site, for example, and that site directs your browser to open an image from an ad network’s site, you have established a third-party relationship with that ad network. Often, you don’t know that the third-party relationship exists, Hanson explained.
That gives rise to first-party and third-party tracking, Hanson said. The former aims at preserving your first-party relationship by, for example, tracking your sessions within a single site or across multiple servers at a site like Yahoo.com, or across multiple properties of a single company, or a federated login system such as Facebook Connect.
Third-party tracking provides some persistence to a third-party relationship, such as where your search keywords are identified and communicated to an ad server.
So, perhaps first-party tracking is fine because you more or less know what’s going on, and you’re being tracked across websites you choose, while third-party tracking might be the problem.
“With targeting, we’re concerned about our privacy and the potential misuse of stockpiles of information about us,” stated Jeff Greenhouse, cofounder of Glowbug.com, which was acquired by About.com. “On the other hand, without targeting, we are more likely to be assailed by ads that have absolutely no relevance to us.”
Technical Approaches to Do-Not-Track
In December, the FTC issued a privacy report that offered a framework for consumers, businesses and policymakers. This suggested the implementation of a do-not-track mechanism.
Microsoft responded by announcing that its upcoming Internet Explorer 9 browser will offer consumers an opt-in mechanism to identify and block many forms of undesired tracking and that tracking protection lists will let consumers control what third-party site content can track them online.
Microsoft declined comment when approached.
Mozilla’s attempt to offer users a do-not-track option is to implement an HTTP do-not-track request header that the Firefox browser will transmit every time users’ data is requested online. The Mozilla Foundation also declined comment when approached.
Google’s answer is to let consumers using its Chrome browser permanently opt out of tracking from all companies that offer opt-outs through the industry self-regulation programs.
“As our first step in addressing these concerns, we have created Keep My Opt-outs, which allows users to opt out of the vast majority of interest-based and behavioral advertising today,” Google spokesperson Christine Chen told TechNewsWorld. “This is a real tool in the marketplace that people can use right now.”
Can We Solve the Tracking Problem?
Congress has repeatedly expressed concern about online data collection and has tried to introduce bills to control it. Why haven’t these gone anywhere? More importantly, will the do-not-track initiative mean anything?
“The idea of do-not-track is interesting, but there doesn’t seem to be wide consensus on what tracking really means, or how new proposals could be implemented in a way that respects people’s current privacy controls,” Google’s Chen pointed out.
“Any regulatory system is only as good as the level of compliance by the regulated entities,” Greenhouse pointed out. “Without any meaningful enforcement, the do-not-track system will not be very effective.”
Further, the requirements of do-not-track guidelines might create problems, Greenhouse told TechNewsWorld.
“An ad that is well-targeted based on other factors that don’t fall under do-not-track could be misinterpreted by the consumer as a violation,” Greenhouse explained. “I would anticipate that anyone responsible for enforcement will have to wade through mountains of false positives.”
There will be ample incentive for advertisers to find workarounds or to ignore do-not-track requirements altogether — the online ad industry is worth at least US$1.1 billion.
Further, blocking all tracking of data could lead to many websites failing to function properly, Greenhouse warned.
“Ultimately, someone who’s very technology-savvy will have to draft a very clear, detailed set of guidelines that are mindful of the realities of Web application architecture,” Greenhouse said.
Those guidelines will still depend on implementation by websites and ad networks, Greenhouse remarked. “It’s just not something that a Web browser can accomplish on its own,” he added.