Web Policy

Original at the Stanford Center for Internet and Society.

Joint post with Arvind Narayanan.

Earlier today Mozilla announced support for Do Not Fool, a proposed mechanism for opting out of April Fools’ pranks. We cannot support this misguided effort.

First, Do Not Fool would require fundamentally reengineering the Internet, the HTTP protocol, and countless websites. Many of your favorite web destinations like The Onion rely on fooling.

Second, fooling is integral to the American competitive landscape and to innovation. In fact, Do Not Fool would demolish the web’s revenue channels. Don’t just take our word for it—industry-funded, non-peer reviewed, quasi-relevant research proves that fooling accounts for over 99.9% of online revenues.

Third, self-regulation is working. Every time you get fooled today, you have the opportunity to click a tiny icon—on sites that support it—to learn more about how you’ve been fooled. And over fifty major pranksters already allow you to set a cookie to opt out of getting fooled by them, once you figure out who they are. (Though roughly half are just fooling you with that opt out.)

Don’t enable this dangerous new feature. Don’t be fooled by Do Not Fool.

Original at the Stanford Center for Internet and Society.

Late last week FTC Commissioner Rosch penned a column in which he repeated a number of hackneyed criticisms of Do Not Track. Senators McCaskill and Pryor articulated similar concerns at a recent hearing. This piece sequentially deconstructs Rosch’s column and replies to each of his substantive critiques.

… →

Original at the Stanford Center for Internet and Society.

Do Not Track is on its way to becoming an Internet standard. In collaboration with Sid Stamm at Mozilla we’ve submitted an Internet-Draft to the IETF, specifying both the HTTP header syntax and the requirements for compliance.

This is just the beginning of the IETF’s process and the evolution of the draft. But it’s a transformative moment for web privacy: Do Not Track is now a formal standards proposal. Every browser, advertising network, analytics service, and social plug-in provider has a clear instruction manual on how to implement Do Not Track.

We owe a tremendous debt of gratitude to the colleagues and friends whose efforts have made Do Not Track a reality: Alissa Cooper, Peter Eckersley, Alex Fowler, John Mitchell, Ashkan Soltani, Lee Tien, and Harlan Yu. And we particularly thank Chris Soghoian, Do Not Track’s unflagging champion for nearly two years.

Original at the Stanford Center for Internet and Society.

Last Friday we submitted a comment to the FTC articulating our vision for Do Not Track. We expanded on a number of views already expressed on this blog: Do Not Track is about much more than behavioral advertising, an HTTP header is the right implementation, and Do Not Track is no threat to ad-supported businesses. Here are the new highlights. (For a fuller exposition of each, please see our comment.)

… →

Original at the Stanford Center for Internet and Society.

We’re pleased to announce we’re beginning work on an IETF Internet-Draft for the Do Not Track header. We look forward to incorporating broad feedback.

In anticipation of the first version of the Internet-Draft, we’re making a few minor updates to the header. The reference implementations at DoNotTrack.Us will be revised shortly.

Dropping “X-“

Since Do Not Track is entering a standardization process, convention dictates dropping the prefix “X-“.

Abbreviating “DNT”

In keeping with header naming best practices, and to conserve network resources, we’re shortening the name.

Adding a “0” Value

There’s an important policy distinction between users who consent to third-party tracking and users who haven’t expressed a preference. To clarify this difference, the header now has three states:

“DNT: 1” – The user opts out of third-party tracking.

“DNT: 0” – The user consents to third-party tracking.

[No Header] – The user has not expressed a preference about third-party tracking.

Original at the Stanford Center for Internet and Society.

“If you remove tracking, you remove advertisers.” “Stop [data] sharing and you put a stop to the Internet as we know it.” “Thousands of small websites may disappear.” “Would you like to pay $20 a month for Facebook?” A spate of such recent commentaries have speculated that Do Not Track could hobble advertising-supported businesses. Here’s why it won’t.

… →

Original at the Stanford Center for Internet and Society.

Since our introduction of DoNotTrack.Us last week we’ve received a deluge of questions. This post answers some of the most common inquiries. If we haven’t covered an issue you’d like a response on, shoot us an email and stay tuned – more Q & A posts are in the pipeline.

… →

Original at the Stanford Center for Internet and Society.

The web privacy debate is stuck. Privacy proponents decry the diffusion of behavioral advertising and tracking services (1, 2, 3); industry coalitions respond by expounding the merits of personalized content and advertising revenue (1, 2). But for the average user, the arguments are academic: there is no viable technology for opting out of web tracking. A registry of tracking services, like privacy advocates proposed years ago, is cumbersome and unmanageable. Fiddling with cookies, as many advertising networks and anti-regulation advocates recommend, is an incomplete and temporary fix; both Google and NAI (an advertising industry association) have already moved away from opt-out cookies.

Do Not Track ends this standoff. It provides a web tracking opt-out that is user-friendly, effective, and completely interoperable with the existing web. The technology is simple: whenever your web browser makes a request, it includes an opt-out preference. It’s then up to advertisers and tracking services to honor that preference – voluntarily, by industry self-regulation, or by law.

Arvind Narayanan and I have been researching Do Not Track for several months, and are pleased to now introduce DoNotTrack.Us, a compilation of what we’ve learned. The resource explains Do Not Track, provides prototype implementations, and answers some common questions. We’ll be updating it in the coming months with new findings and responses to feedback.

Excited as we are about the Do Not Track technology, it is but a first step. Important substantive policy questions remain open: What tracking should be impermissible? When a user visits a site, what constitutes a third party? We look forward to collaborating with advertising networks, NGO’s, regulators, lawmakers, and other stakeholders in answering these crucial questions.