Mozilla Proposes 'Do Not Track' HTTP Header

MozTrack writes "The emergence of data mining by third party advertisers has caused a national debate from privacy experts, lawmakers and browser supporters. Mozilla's Firefox, a popular browser company, has proposed a new feature that will prevent people's personal information from getting mined and sold for advertising. The feature would allow users to set a browser preference that will broadcast their desire to opt-out of third party, advertising-based tracking. It would do this via a 'Do Not Track' HTTP header with every click or page view in Firefox."

Great idea but not likely to happen

[InsaneProcessor]

Advertisers and tracking services will fight this to the bitter end.

Re:Great idea but not likely to happen

[ByOhTek]

Or ignore it. I'd think it'd be fairly trivial to ignore that header, especially if there is a least one country that doesn't legally require it to be honored (and even without that, they'll probably still ignore it in countries where it is illegal).

They won't fight it, they laugh at it.

Re:Great idea but not likely to happen

[gstoddart]

Advertisers and tracking services will fight this to the bitter end.

Or, ignore it and use it as one more piece of data about you.

They're more likely to disregard it than to fight it.

Re:Great idea but not likely to happen

[kellyb9]

Along the same lines, this would probably make the issue worse. Based on that tag, people are going to simply assume security and privacy where there is none.

Re:Great idea but not likely to happen

[fredjh]

Agreed... opt out is BS, it should ALWAYS be opt-in, and default browser behavior should be to NOT send such information at all.

Re:Great idea but not likely to happen

[Tisha_AH]

I see where Mozilla is coming from. They are looking at how many folks do not like being tracked and the popularity of programs like Adblock Plus, NoScript, etc...and are trying to add some of that functionality into the browser. Not a bad idea as there are significant numbers of folks who do not put any enhancements into their Firefox install other than some dumb toolbar. As Firefox will appeal to more and more non-technical types there would be some benefit to adding that functionality up front.

You can bet that the IE crowd will say that their browser works better and only compare the base load of Firefox.

The "do not track" header is a fine idea but it will only work for those sites that play by the rules.

Most don't.

Even with the additional "don't track header" capability I will not throw caution to the winds. I will continue to use Adblock Plus, NoScript and a few other tools.

Re:Great idea but not likely to happen

[geminidomino]

But you cannot deny this is a good start

Yes, you can. It'd be stillborn, at best.

If this gets implemented, the marketroids ignore it.
If it gets legislated, the marketroids pay the custom-built law fees to make sure it's completely useless (a la "[You ]CAN SPAM")

End result: Delta = 0

Re:Great idea but not likely to happen

[Nemyst]

It's ironic, though. It's indeed almost certain that header will never catch on, yet by doing so advertisers are just shooting themselves in the foot. They're giving AdBlock and NoScript traction. They're pissing off the geeks, who often have a sizable influence in the realm of technology within their circle of friends. Instead of having a header that would be normally disabled and would get turned on in specific cases (say, through private browsing options), they're getting people to use tools that are turned on by default and never get turned off.

It's their loss in the end.

Re:Great idea but not likely to happen

[icebike]

Objectively, if I'm funding my site with advertising and you block it, why should you be allowed to access my content?

Well its certainly your right to withhold the page until the ads are downloaded (even until they are displayed if you want a high rate of instant exits).

But this isn't a war you can win in the long run. Browsers or plugins will always find a way to defeat your ads, and the harder you try to push them into your reader's faces the less successful you will be.

Whether it the tools simply skip downloading your ads or downloads the ads in the background, people are not going to watch intrusive ads.

The "Skip this welcome page" ad sites have found their bandwidth utilization up, and their customer click-exits growing faster than their content delivery.

Not many people block Google Ads, because they are usually topical and un-intrusive. But any method to insure I read your ads is bound to fail.

Right...

[Pojut]

...because the do not call list totally works.

All kidding aside, I'm sure something like this would work for a little while, but just like the do not call list, advertisers will find some way around it. By the way...advertisers? When you call me or spam me via email, I make sure to AVOID your products...and I'm confidant I'm not the only one.

Pointless

[Angst+Badger]

All this will do is provide another data point for marketers.

Seriously?

[mounthood]

This seems like a bad joke - the "Evil bit" but for http headers. It must be a political move, trying to set the boundary for debate.

If this is serious it's a terrible idea: it'll be on by default for everything so it's not a compromise (and could therefore be done with laws banning the tracking); all older software that doesn't send this header would be fair game; sites will simply refuse content unless you turn it off (see AdBlock).

Size matters

It doesn't have to be 100% effective. The biggest trackers are Google and Facebook. They are large companies that need to comply with the law and with standards.

Obviously something like this is useless if even Facebook ignores it but otherwise it would be quite a handy supplement to my array of NoScript/Adblock+/Ghostery. Sure, many smaller, less reputable companies will ignore it but when it comes to tracking, size matters.

Re:Already exists.

[Mr.+Slippery]

If, for example, every store you visit tracked your comings & goings and your purchase history, would you still scream bloody murder? NO, because they all already do this and nobody seems to give a rat's ass.

Pardon? I would indeed be upset if every store I visited tracked my comings and goings and purchase history, especially of they coordinated with other stores to build a profile in order to figure out how best to manipulate my purchasing preferences. That's why I usually pay cash, and never use one of those "please spy on me" (a.k.a. "customer loyalty") cards at any chain store.

There are a handful of independent businesses that I frequent where I know the owners or employees and they know me and my preferences -- great, that's a symmetric and respectful relationship. Doubleclick sneaking cookies on to my browser so they can sell my habits to the highest bidder, is not.

It's a politcial solution, not a technical one

[guanxi]

This is a great idea. Other posters are right that website operators won't be technically forced to respect the Do Not Track request, but this is a political solution, not a technical solution, and politics is how this needs to be resolved.

Currently, users have no voice. They can't tell websites not to track them except by cumbersome means such as sending emails to the operators. Even then, it's only one email from one user. Website operators can assume that there's no desire for privacy -- in fact it's something they publicly argue.

But clicking the DNT checkbox is much easier. Now the websites are confronted with millions of users, maybe hundreds of millions, requesting 'Do Not Track me'. Ignoring their reasonable requests would be bad for business, for reputation, and most importantly, for politics. If the websites don't comply to a reasonable request from a large number of their constituents, legislators will pass laws to force them. If most websites do comply, then the few who don't will be the odd ones out and face even greater risks to their business.

Just as importantly, DNT raises awareness. I know of few typical end users who are aware of tracking or understand its importance and implications. DNT will at least make them aware that tracking is an issue and that it's important enough that somebody with authority someplace thought they should be able to opt out of it.

(I don't think there's a technical solution to tracking. The value of tracking the (1 billion?) people on the web is great enough that any security measure will be overcome.)

Time for the checklist!

[Safety+Cap]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) crowd-sourced

approach to preventing users from being tracked. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which will vary from state to state and country to country)

(x) It does not provide an adequate method of enforcement
( ) Nobody will spend eight months sitting in dull planning meetings to do it
( ) No one will be able to find the guy
(x) It is defenseless against rogue websites
(x) It tries to stop a fundamentally broken cookie model
(x) Users of the web will not put up with it
( ) The government will not put up with it
(x) Advertisers will not put up with it
( ) Requires too much cooperation from unwilling sources
(x) Requires immediate total cooperation from everybody at once
( ) Many advertisers cannot afford to lose what little business they have left
( ) Anyone could anonymously destroy anyone else's career or business
( ) Users are too stupid to know they're being tracked anyway

Specifically, your plan fails to account for

(x) Browsers' unwillingness to change to suit something that will be circumvented in days
( ) The existence of programmers for hire
(x) The W3C
( ) Sources' proven unwillingness to "go direct"
( ) The difficulty of changing all those websites
( ) How few people actually care
(x) The vast majority of "programmers" are unable to even code in semantically-correct HTML
( ) Unpopularity of weird new headers
(x) Unstoppable moneyed Kung-Fu
( ) Legal liability of vigilante sites
( ) The training required to be even an craptaculous web monkey
(x) Users hate pop-ups
( ) The necessity of ignoring laws from other countries
(x) Americans' huge distrust of anyone not from their country/state/city/block
( ) Reluctance of governments and corporations to be held to account by two guys with a blog
( ) Inability of random people on the internets to demand anything
( ) How easy it is for corporations to manipulate unemployed sweaty shut-ins
( ) Rupert Murdoch
( ) Pron
( ) Hulu
(x) Technically illiterate politicians
( ) The tragedy of the commons
(x) Craigslist

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to visit Drudge, Slashdot and Democracy Now without seeing those Cash for Gold ads
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatibility with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don’t think it would work.
(x) This is a stupid idea, and you’re a stupid person for suggesting it.
( ) Maybe you should actually visit reality every fortnight or so