A battle rages between advertisers and privacy advocates over access to online behavior. Ryan Goldberg reports.
It took Sid Stamm, the lead privacy engineer at Mozilla, a few minutes to create the first prototype of the Do Not Track header. Then came the hard part.
Do Not Track is a one-click, browser-based signal which users can turn on to tell websites not to track their online browsing habits. Websites use that behavioral data to create targeted advertising. Mozilla introduced Do Not Track in 2011 with Firefox 4, and now all the major browsers offer it. The Federal Trade Commission (FTC) has been an advocate.
Yet, while users can voluntarily enable the technology, advertising networks can choose whether to honor that request. So far few have. It's a signal with virtually no listeners. The reality is that users can be tracked no matter what they decide.
“It's still not clear exactly what the signal is supposed to mean globally,” says Stamm. The reason is that there is no current standard. Two years ago, the World Wide Web Consortium (W3C), an internet standards-setting group, became the venue for browser makers and advertisers to iron out any differences in understanding. However, the disparate interests have been unable to even agree to a definition of “tracking.”
A final deadline for producing standards is scheduled for this month. But the more likely outcomes are a meaningless document, or a punting of the the deadline, says privacy researcher Jonathan Mayer, a graduate student at Stanford University, in California, and a participant in the talks.
“After some two years of conversations, 75 conference calls and 10 meetings, we haven't made any meaningful progress on the big policy issues,” Mayer says. “I'm not sure what happens next. It concerns me.”
At stake is how far Do Not Track should go. Advertising on the internet is like a license-plate recognition system where everybody is uniquely followed. Do Not Track is meant to make a license plate harder to read, affording more privacy. But by how much?
“I think there's this bag gap...between what people think is happening online and what's actually happening,” Stamm says. “One of the ways to improve privacy is to close that gap.”
This gulf is most pronounced in the actions of third-party advertisers. These companies follow consumers' every online move, creating a profile of their actions and selling that data for targeted advertising. For instance, when someone about to be married shops for a wedding ring online, thereafter, a number of websites they visit offer ads for wedding venues. In other instances, an individual who visits Amazon, might be fine with the shopping site using their history to create focused ads. But how about third-party companies they never see and of which they have never heard? Should they be allowed to collect and then monetize that personal information?