The drive to create a “Do Not Track” mechanism to protect consumers’ online privacy as they surf the Web is gaining momentum. Companies like like Google, fearing the passage of necessary privacy laws, are scrambling to offer their versions on a voluntary basis.
Last week the Internet giant made a big deal of a new add-on for its Chrome browser called “Keep My Opt-Outs.” Google wants you do believe it’s a Do Not Track function. Google is getting good press, but it’s not really Do Not Track.
I put the question to Chris Soghoian, a privacy and security researcher, who said:
“Google and other ad networks will continue to track you everywhere you go on the Web even when you use their add-on. To call it a do not track mechanism is simply deceptive.”
Soghoian has an excellent discussion of Do Not Track on his blog, “slight paranoia.”
Here’s how the Google add-on works. The National Advertising Initiative has a Website where consumers can opt out of receiving behaviorally targeted ads from NAI’s members. It’s a “cookie” based system where a cookie, or small bit of computer code, is downloaded to the browser that tells an advertisering network not to serve “behavioral ads.” The problem is that if you regularly clear your cookies, as privacy experts suggest, you delete the opt-out preferences.
While the opt-out cookies remain on your browser you’ll avoid the creepy feeling of seeing ads based on what you’ve been doing on the Web, at least from members of NAI. However, your activities continue to be tracked. In some ways it’s more insidious. You’re being tracked, but you don’t see any sign of it.
All Google’s highly touted add-on does is permanently keep your NAI “opt-out” options permanently in the browser.
Meanwhile, Mozillla announced plans to incorporate a meaningful Do Not Track feature in its next browser release, Firefox 4.1. When turned on, it will send a clear and unambiguous message to all Websites that the user does not wish to be tracked. It’s essentially posting a do not trespass sign on your browser.
Websites would then have to honor that request. Some industry apologists claim that companies could be persuaded to honor those requests on a voluntary, self-regulatory basis.
Based on the way Google is claiming its new feature is a Do Not Track function, I’d say there is no real chance of that happening.
I think regulations will be required, probably implemented by the Federal Trade Commission after authorizing legislation is passed, to spell out exactly what the Website’s obligations would be with real penalties if there were violations.
Our friends at the Electronic Frontier Foundation have an excellent discussion of the mechanisms. The beauty of the browser header is that it is not tied to a particular technology. Consumers can signal their preferences and Websites would either be honor bound or legally bound to follow them.