Robert Leeper

Robert Leeper
Front End Engineer

<- Thoughts

Do not track

What does Do Not Track mean? How is it enforced? How do users express their preference? Should that choice be made for them? There has been a huge response to Microsoft announcing that Internet Explorer 10 will have DNT turned "on" by default and the reactions have ranged everywhere between elation and outright rage.

I'll be the first to admit that I'm no expert on DNT, the W3C, or privacy for that matter. I may be ignorant of some very important facts, and would be glad to hear differing opinions on the matter, but I do have some thoughts.

I can't give due attention to the full range of reactions in a single post, but I'll start with the Mozilla foundation's DNT opinion and go from there.

At its foundation, DNT is intended to express an individual’s choice, or preference, to not be tracked. It’s important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it’s not the browser being tracked, it’s the user.

Default settings by definition make choices for users, rather than force them choose all the settings up-front for themselves. The preference to download images is already turned on. Why? Because the browser developer decided that most users want to download images. I also assume most users, when asked, would say they don't want to be stalked across the internet.

Also, a study found that less than 5% of users bother changing default preferences in their applications. The only exceptions to this rule are programmers and developers; the rest of the population is unlikely to bother changing anything from the default. What good is a choice if 95% of users don't change it? Mind you, they aren't changing it because they either don't know it's there, or they assume it's the default for a good reason (i.e. they assume browser developers would know better what the default should be than they would.)

There are three different signals to consider in broadcasting the user’s preferences for tracking:

  1. User says they accept tracking
  2. User says they reject tracking
  3. User hasn’t chosen anything

Firefox defaults to state 3: we don’t know what the user wants, so we’re not sending any signals to servers. This causes the presence of the signal to mean more — the signal being sent should be the user’s choice, not ours. Therefore, Firefox doesn’t broadcast anything until our user has told us what to send.

If the default for a browser is to set DNT to "off"—or in Mozilla's case, "User hasn't chosen"—will the actions of advertisers be any different? Maybe it's for legal mumbo-jumbo, but the "hasn't chosen" preference may as well not exist if there is no change in advertisers' actions. 

DNT is not an off switch for a particular technology, rather it is the expression of an individual user’s desire being reflected in code…

The entire DNT framework relies upon advertisers honoring users' preferences. Users are supposed to assume their request will be honored, but Yahoo has already floated the idea of ignoring Internet Explorer 10's DNT settings because they don't like the proposed default setting.

Why make DNT an optional preference that is inactive by default and doesn't technically have the power to do anything? It comes down to priorities. If the priority is the user, DNT should be turned on, or users should be required to decide before being able to browse. If the priority is advertising companies, you'll use every trick you can to keep the majority of people from using DNT, but the only trick you really need is to tuck an inactive DNT option into a preferences panel.