More Choice and Control Over Online Tracking

Alex Fowler

1

Do Not Track: Mozilla’s latest effort to put users in control of their web experience.

The web is evolving quickly in how information about people is collected, used and shared online. We believe it’s crucial to put people in control of their personal web interactions and experiences, as previously articulated in my post on our draft Privacy & Data Operating Principles. In particular, we’re seeking ways to provide Firefox users a deeper understanding of and control over the flow of personal information online.

We’re pleased to be able to share one of these efforts today in the area known as “Do Not Track,” which is best understood in current policy discussions to provide a way for people to opt-out of online behavioral advertising (OBA).

As the first of many steps, we are proposing a feature that allows users to set a browser preference that will broadcast their desire to opt-out of third party, advertising-based tracking by transmitting a Do Not Track HTTP header with every click or page view in Firefox. When the feature is enabled and users turn it on, web sites will be told by Firefox that a user would like to opt-out of OBA. We believe the header-based approach has the potential to be better for the web in the long run because it is a clearer and more universal opt-out mechanism than cookies or blacklists.

The Do Not Track header builds on the work the advertising networks have done to date without the cookie-based systems they make available to people online. The advantages to the header technique are that it is less complex and simple to locate and use, it is more persistent than cookie-based solutions, and it doesn’t rely on user’s finding and loading lists of ad networks and advertisers to work. We’re not the only ones who think this approach makes sense. The FTC calls for a “more uniform and comprehensive consumer choice mechanism for online behavioral advertising. In addition, the HTTP header technique has been proposed before (see the good work by donottrack.us and the UBAO add-on).

The challenge with adding this to the header is that it requires both browsers and sites to implement it to be fully effective. Mozilla recognizes the chicken and egg problem and we are taking the step of proposing that this feature be considered for upcoming releases of Firefox.

My colleagues are posting our proposal to the Mozilla community today for discussion, along with the technical patch to be considered for implementation in Firefox. We are also committed to working with the technical community to standardize the header across the industry. We ask that sites and advertisers join with us to recognize this new header and honor people’s privacy choices just as they are with opt-outs for OBA.

Additional Posts from Mozilla on DNT

  • The technical proposal (available here and here) was posted by my colleague, Sid Stamm. He’s also blogged about the technical specs here
  • Another Mozilla colleague, Mike Hanson, has posted a technical analysis of Do Not Track problems and solutions
  • Mozilla’s FAQ on DNT

It’s important to reiterate that while our initial proposal does not represent a complete solution, this is one step of many for us to see if the header approach can work and confirm that it will provide our users a more nuanced, persistent tool for communicating privacy choices on the web. A recent op-ed in the Wall Street Journal echos this, “Technology that further customizes browsing to be responsive to user needs and preferences is a benefit to consumers and makes their online time more efficient.” We believe the HTTP header is a constructive approach and one of the many areas we’re exploring to put users in control of their web experience.

Alex Fowler
[Reposted]

One response

  1. Glenn wrote on :

    Your CSS restrictions concerning :visited links (only color mods allowed) = ZERO user choice. Mozilla says, “Do what we tell you.[period]” (And since Firefox “lies” to a site about what is/isn’t visited anyway, why do you bother to restrict a user from doing what he/she wants to do with these links to begin with? Thanks a lot for the accessibility issues caused by this, too.) Suggestion: give users a choice as to whether they think their “privacy” is being “violated” to the point that they wish to accept your control over their user/user-agent CSS options (and stick it in config). :D