Do Not Track, Meet IETF

Original at the Stanford Center for Internet and Society.

Do Not Track is on its way to becoming an Internet standard. In collaboration with Sid Stamm at Mozilla we’ve submitted an Internet-Draft to the IETF, specifying both the HTTP header syntax and the requirements for compliance.

This is just the beginning of the IETF’s process and the evolution of the draft. But it’s a transformative moment for web privacy: Do Not Track is now a formal standards proposal. Every browser, advertising network, analytics service, and social plug-in provider has a clear instruction manual on how to implement Do Not Track.

We owe a tremendous debt of gratitude to the colleagues and friends whose efforts have made Do Not Track a reality: Alissa Cooper, Peter Eckersley, Alex Fowler, John Mitchell, Ashkan Soltani, Lee Tien, and Harlan Yu. And we particularly thank Chris Soghoian, Do Not Track’s unflagging champion for nearly two years.

Do Not Track FTC Comment: What It Means, How to Enforce It, and More

Original at the Stanford Center for Internet and Society.

Last Friday we submitted a comment to the FTC articulating our vision for Do Not Track. We expanded on a number of views already expressed on this blog: Do Not Track is about much more than behavioral advertising, an HTTP header is the right implementation, and Do Not Track is no threat to ad-supported businesses. Here are the new highlights. (For a fuller exposition of each, please see our comment.)

… 

Minor Updates to the Do Not Track Header

Original at the Stanford Center for Internet and Society.

We’re pleased to announce we’re beginning work on an IETF Internet-Draft for the Do Not Track header. We look forward to incorporating broad feedback.

In anticipation of the first version of the Internet-Draft, we’re making a few minor updates to the header. The reference implementations at DoNotTrack.Us will be revised shortly.

Dropping “X-“

Since Do Not Track is entering a standardization process, convention dictates dropping the prefix “X-“.

Abbreviating “DNT”

In keeping with header naming best practices, and to conserve network resources, we’re shortening the name.

Adding a “0” Value

There’s an important policy distinction between users who consent to third-party tracking and users who haven’t expressed a preference. To clarify this difference, the header now has three states:

“DNT: 1” – The user opts out of third-party tracking.

“DNT: 0” – The user consents to third-party tracking.

[No Header] – The user has not expressed a preference about third-party tracking.

Do Not Track Is No Threat to Ad-Supported Businesses

Original at the Stanford Center for Internet and Society.

“If you remove tracking, you remove advertisers.” “Stop [data] sharing and you put a stop to the Internet as we know it.” “Thousands of small websites may disappear.” “Would you like to pay $20 a month for Facebook?” A spate of such recent commentaries have speculated that Do Not Track could hobble advertising-supported businesses. Here’s why it won’t.

… 

Ending the Web Privacy Stalemate – DoNotTrack.Us

Original at the Stanford Center for Internet and Society.

The web privacy debate is stuck. Privacy proponents decry the diffusion of behavioral advertising and tracking services (1, 2, 3); industry coalitions respond by expounding the merits of personalized content and advertising revenue (1, 2). But for the average user, the arguments are academic: there is no viable technology for opting out of web tracking. A registry of tracking services, like privacy advocates proposed years ago, is cumbersome and unmanageable. Fiddling with cookies, as many advertising networks and anti-regulation advocates recommend, is an incomplete and temporary fix; both Google and NAI (an advertising industry association) have already moved away from opt-out cookies.

Do Not Track ends this standoff. It provides a web tracking opt-out that is user-friendly, effective, and completely interoperable with the existing web. The technology is simple: whenever your web browser makes a request, it includes an opt-out preference. It’s then up to advertisers and tracking services to honor that preference – voluntarily, by industry self-regulation, or by law.

Arvind Narayanan and I have been researching Do Not Track for several months, and are pleased to now introduce DoNotTrack.Us, a compilation of what we’ve learned. The resource explains Do Not Track, provides prototype implementations, and answers some common questions. We’ll be updating it in the coming months with new findings and responses to feedback.

Excited as we are about the Do Not Track technology, it is but a first step. Important substantive policy questions remain open: What tracking should be impermissible? When a user visits a site, what constitutes a third party? We look forward to collaborating with advertising networks, NGO’s, regulators, lawmakers, and other stakeholders in answering these crucial questions.