Will Industry Agree to a Meaningful Do Not Track?

Friday, April 27, 2012

Article by Peter Eckersley

The fifth W3C meeting on Do Not Track was held in Washington DC recently.

While progress has been made on many aspects of the standard for Do Not Track, several deep disagreements remain between privacy advocates and representatives of the online tracking industry.

Most seriously, ad industry representatives maintain that they need to be allowed to continue setting third-party tracking cookies on browsers that send the Do Not Track HTTP header.

This coalition of companies say they "only" want to track opted-out users for security purposes, market research, testing and improving their various advertising and tracking products, auditing, copyright enforcement and other "legal compliance" purposes, and "frequency capping" in order to manage online advertising campaigns — but not any other purposes.

Privacy advocates have offered to make enormous concessions in order to make Do Not Track adoption practical for Internet advertisers.

Most extremely, this could allow companies to retain IP addresses and User Agents for short periods — and for a number of months in order to defend against clickfraud, "impression fraud," and security attacks, provided it is kept separate from other data.[1]

Despite these extreme concessions, most of the third-party tracking companies in the W3C process have demanded the right to keep setting unique ID cookies and using them for almost any purpose.

Unless this situation changes, the W3C will be unable to set a policy standard for "Do Not Track" that actually offers any meaningful privacy for Internet users' reading habits.

In short, industry is trying to twist "Do Not Track" around so that it only means "Do Not Target".

If things turn out that way, Internet users who do not want their online reading habits recorded by invisible tracking companies will have only one choice: use ad blocking tools to stop online tracking code themselves.

In order for this to work, they will have to block a huge portion of the advertising on the Web, too.

[1] These practices are already used by some ad companies, but many others lag behind.

Cross-posted from Electronic Frontier Foundation

Possibly Related Articles:
General Legal
Legal Privacy Marketing internet Cookies Tracking Electronic Frontier Foundation Do Not Track W3C
Post Rating I Like this!
Brian Blank And it is exactly why tools like AdBlock continue to be used around the world.
Michael Johnson Past experience tells us they will track people without their permission or consent, and if the above article's correct, there's an admission the purpose of tracking extends far beyond targeted advertising. That's reason enough to use AdBlock, Ghostery, NoScript, BetterPrivacy, et. al.

I understand that sites need revenue to keep operating, but the privacy invasions, the amount of ads we're bombarded with, and the bandwidth wasted on useless data has become excessive. And it's bandwidth we get billed for, if our browsers must pull all this crap off a dozen other servers each time we visit a web page.
e. charles sterling CISSP This is like the misinterpretation of "one's rights" when one person does something in the name of their "rights" but does so at the loss of someone else's rights. Do Not should mean "do not".
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.