Mozilla Publishes Developer Guide on DNT; Releases DNT Adoption Numbers

Alex Fowler

14

As many people know, Mozilla jumped into Do Not Track (DNT) in a big way earlier this year by providing Firefox users on desktop and mobile with a simple way to tell companies to stop tracking them online. We did this before knowing exactly how sites and advertisers would respond. We believed we had to do something to advance the debate and we counted on developers seeing the technical advantages to our approach over current proposals and practices.

Over the past six months, we’ve worked closely with developers at leading advertising, publishing and technology companies to implement DNT. Today we’re publishing our first edition of the The Do Not Track Field Guide.

Based on interactions with developers from leading companies that support DNT today, The Do Not Track Field Guide contains case studies, tutorials and sample code. We’ve also included a background section on our view of what the debate over DNT is all about. We hope that the Guide inspires  developers around the world to embrace the technology and also leads to subsequent editions with new tutorials and sample code.

Why developers care about DNT:

  • Browser Support: Mozilla, Microsoft and Apple include DNT in their browsers.
  • User Adoption: Millions of people are sending the DNT:1 signal today.
  • Better Opt-out: Persistent user preference that can be used to support most opt-out use cases.
  • Easy to Implement: Sites with existing opt-outs are reporting straightforward integration of the DNT header into their systems.

With the exceptions of Google Chrome and Opera, all the other major web and mobile browsers support DNT. We’ve had DNT in full production releases of Firefox and Firefox on Android since version 4. Microsoft’s IE9 includes the DNT header with its Tracking Protection List feature. Apple’s Safari added support for the DNT header in the release of Lion this summer.

Our Metrics team has been following adoption (in a privacy friendly way) over the past few months and we’re seeing almost 5% of our user base with DNT enabled (see today’s companion post from the Metrics team on the details). It’s been fascinating to watch the almost .01% increase each day. Another study published a few weeks ago looked at 100 million Firefox users and reported a slightly higher adoption rate of more than 6%. We’ve heard from publishers that they are seeing 1-3% higher rates than ours. If you have a web site, then you, too, can see how many people are asking you not to track them!

One of the most important things we learned in writing The Do Not Track Field Guide is that the companies that offer opt-outs for various tracking and profiling activities today have an easier time implementing changes to look for and respond to a user’s DNT signal. For instance, we spoke with an engineer who implemented DNT at an advertising company. He came to work one morning, read about DNT in Slashdot, wrote a few lines of code and was done before lunch. The advertising company already had an existing code base to support opt-out cookies so he was able to reuse existing code.

Another key learning is that not all opt-outs are created equal. We heard from developers who are excited to support the DNT header because it may someday soon enable them to remove ineffective cookie-based privacy opt-outs that did little to engender trust and sustain a user’s choice across their many desktop and device browsers. Not only is putting the control in the hands of the user better for the user, but it’s also better for the sites and apps from a technical and compliance perspective.

Here’s the introduction with links to each section and a PDF version of The Do Not Track Field Guide or you can click on the cover image above. Also, the sample code from the tutorials is available as a Zip file. Finally, you can find the Guide on the Mozilla Developer Network here, where we hope developers will begin to contribute additional implementations for the community.

Alex Fowler

Acknowledgments: This Guide is the result of substantial contributions from Aleecia M. McDonald, Sid Stamm, and our graphic designer Ty Flanagan. We’re grateful to the engineers who shared their implementations with us, as well as the many colleagues who provided us with input on the various drafts.

Update: I removed the statement that more people have DNT on than are using Adblock Plus. We took another look at the numbers and were concerned that we’d compared apples to oranges.

14 responses

  1. Nate wrote on :

    Looking at “DNT” on the website, I had no idea what it was.
    Now that I have drilled down a bit and discovered this preference, my DNT box is checked.

    – A Firefox User

  2. Anonymous wrote on :

    Does DNT automatically sync via Firefox Sync, so the user only has to turn it on once in one instance of Firefox and have that automatically express the same preference across all instances of Firefox that they run?

    1. Sid Stamm wrote on :

      yep! (see this bug for technical info)

  3. Satish wrote on :

    Does session cookies are a violation to DNT? Session cookies are used in may applications for stateful HTTP sessions etc. where, for example, in J2EE we use a JSESSIONID. Is this OK to use even when DNT is on?

  4. skeptic wrote on :

    So… why would a website choose to honour the do-not-track header? If I understand correctly, it simply requests the publisher (website) to provide the same service, but not receive add revenue.

  5. the_dees wrote on :

    What is a “privacy friendly way” to get such information?

  6. bmuon wrote on :

    Working as a developer in an ad network I’m very interested in implementing this. However, said ad network doesn’t currently provide an opt-out mechanism. What arguments do you think I should use when I take this to management to convince them that a DNT opt-out is something they want?

    1. forteller wrote on ::

      I think Congress and/or FTC is talking about making it mandatory to adhere to it, so it’s a good thing to be on top of this. Also less than 5% of ad revenue comes from behavioral ads. More info at: http://donottrack.us/

  7. Anonymous wrote on :

    I had no idea the feature was there. Thanks!

  8. Shirt Junkie wrote on :

    Can you help settle an argument between me and a buddy? This is different thn “Private Browsing” on Safari, correct?

    Also, does it block all cookies or only certain data and tracking ones? Do any sites lose functionality when this is turned on?

  9. Jill wrote on :

    Does DNT get applied automatically if it’s in incognito mode?

  10. luis| dinero urgente wrote on ::

    Do the other browsers publish the same kind of guide??

  11. shobo wrote on :

    When a Firefox user selects the “Do Not Track” option, the browser sends out a DNT “header” – a sort of electronic beacon – from a consumer’s web browser to every website he or she visits. I’m not sure I undertand why!

    Oh, and btw, somebody asked before – what is a “privacy friendly way” to get such information?

  12. Pingback from Mozilla publica una guía de campo de 'Do Not Track' on ::

    [...] guía propuesta por Mozilla ocupa 29 páginas -en inglés- a través de las cuales es posible conocer el problema en toda su [...]