Chalk up another victory for corporate surveillance: Five years after advocates came up with an easy way to let you browse the Web with just a little privacy, the Do Not Track system is in tatters and that pair of boots you looked at online last month is still stalking you from website to website.
In 2009, a few Internet privacy advocates developed an idea that was supposed to give people a way to tell websites they don't want to be monitored as they move from website to website. The mechanism, which would eventually be built into all the major browsers, was called Do Not Track.
With a single browser setting, these advocates thought, users would be able to communicate a preference for their privacy. It would be easier than downloading add-on software or creating a blacklist of specific companies to block. Do Not Track, or DNT, would be the Web's version of the telemarketer Do Not Call list.
But today, DNT hangs by a thread, neutered by a failure among stakeholders to reach agreement. Yes, if you turn it on in your browser, it sends a signal in the form of an HTTP header to Web companies' servers. But it probably won't change what data they collect.
That's because most websites either don't honor — it's currently a voluntary system — or they interpret it in different ways. Another — perhaps the biggest — is that Web companies, ad agencies and the other stakeholders have never reached agreement on what "do not track" really means.
"It was conceived to be a uniform signal," said Sid Stamm, one of DNT's three founders. But, "part of the problem is there's a wide range of expectations," said Stamm, who is senior manager of security and privacy engineering at Mozilla. Mozilla's Firefox browser has the DNT tool, as do Safari, Internet Explorer, Chrome and Opera.
Web users who are hopeful about DNT got a small boost Wednesday in California. State Attorney General Kamala Harris issued guidelines to help companies comply with a new state law requiring them to disclose whether they honor users' DNT requests. But the law doesn't force them to use the system.
Today, with the exception of a few companies that act on DNT requests, its inclusion in browsers is essentially cosmetic. "The original idea was to replace a variety of opt-out mechanisms with a browser preference," said Arvind Narayanan, a computer science professor at Princeton who worked with others on developing a standard around DNT. "But opt out of what? That's where there's disagreement," he said.
Is the user opting out of being tracked altogether, being tracked for advertising purposes, or being tracked for some other reason? There is no agreement among those involved.
Sign up for Computerworld eNewsletters.