Why 'Do Not Track' doesn't change much about web privacy

IE10 is doing it. Firefox is doing it. Chrome just followed suit. "Do Not Track" is the latest step into a more privacy-oriented web. Can it work?

By  

Cookies were originally used to make logging into websites easier and make the day-to-day browsing experience more convenient for users. These days, only a fraction of the cookies stored inside your browser's cache are used for logons or your convenience. The vast majority are dropped by ad servers when they place ads on your favorite websites to track your usage history.

[ Everything you always wanted to know about Web tracking (but were too paranoid to ask) ]

If you think this sounds like an invasion of privacy, you're not alone. The makers of all the leading browsers agree and offer Do Not Track settings as a way to give users more control over the information that is collected about them.

How it works: When you set your browser to 'Do Not Track', the DNT=1 bit is sent by your browser with every HTTP request for a website, telling the website that you don't want to be tracked by third-party cookies before it even loads. This should prevent the storage of third-party cookies and only allow cookies of the website you actually visited to be saved. The header clearly states that you're opting out of analysis and, thus, behavioral ads. But DNT is not an ad blocking mechanism: Once enabled (and if a website supports it), it's not going to turn your web into an ad free zone.

What's wrong with DNT?

As I see it, there are four problems with DNT currently.

1. Once you enable DNT, you'll see the real problem with it: You're going to have the same old browsing experience you always had. Browsers can send the DNT=1 header until the cows come home, but if websites don't accept it, there's little to prevent the ad servers from dropping cookies.

The FTC urged ad companies to set up DNT and -- to everyone's surprise -- the DAA (Digital Advertising Alliance) followed. But currently, Twitter is one of the few websites that actively respect DNT. Most websites see DNT as what it is: a voluntary setting.

2. Users may find the web a more annoying place to be with DNT enabled. For example, I saw car rental ads on the tech websites I visit regularly just because I browsed for rental cars a few days ago -- that's creepy and unwanted, yes, but at least it's relevant. With DNT enabled, I still get ads, they're just less targeted.

3. As I previously mentioned, Microsoft decided to enable DNT by default when the user opts for the "Express Settings" in the Windows 8 setup wizard. This move led Apache (which is used by 65% of website all around the world) to ignore the DNT header send by IE10.

4. And last but not least: While the intent of Do Not Track is pretty clear (cookies from a website that the user actively opens is ok, third-party cookies are not), the definition of what exactly a third-party cookie is is open for interpretation. Is a Microsoft ad cookie on a Microsoft website a third-party cookie? Or is it first party? I don't have the answers. Neither does the W3C committee or any of its partners.

Setting Do Not Track in your browser

Don't take my word for how well Do Not Track works (or doesn't, as the case may be). Try it yourself. Here's how to enable it in IE, Firefox, Chrome, and Safari:

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness