Categories: Do Not Track privacy

Why we won’t enable DNT by default

As Do Not Track picks up steam and standardization is well underway in the W3C, people have begun asking, “If Do Not Track is so good for the web, why don’t you turn it on by default?”

Frankly, it becomes meaningless if we enable it by default for all our users. Do Not Track is intended to express an individual’s choice, or preference, to not be tracked. It’s important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it’s not Firefox being tracked, it’s the user.

Mozilla’s mission is to give users this choice and control over their browsing experience. We won’t turn on Do Not Track by default because then it would be Mozilla making the choice, not the individual. Since this is a choice for the user to make, we cannot send the signal automatically but will empower them with the tools they need to do it.

Do Not Track is not Mozilla’s position on tracking, it’s the individual’s — and that’s what makes it great! For that reason we have no plans to turn on Do Not Track by default.

Sid Stamm
Lead Privacy Engineer

16 comments on “Why we won’t enable DNT by default”

  1. Randall “Texrat” Arnold wrote on

    Sorry, that sounds really Orwellian. Especially since you repeated yourself three times in an attempt to make your point.

    If you really believe all that, though, why not poll your cmmunity to get our take on the best default mode? Sounds to me like you’re making a decision based on what we supposedly think and want without actually asking us what we think and want.

    1. Sid Stamm wrote on

      To be clear, not enabling the feature is different than saying the user accepts tracking. There are three states; user accepts tracking, user rejects tracking, user hasn’t decided.

      What this article intends to say is that the default state is “user hasn’t decided”, and we’re not going to decide for them. It’s not clear if tracking is okay with the user or not.

      When enabled by the user, the Do Not Track feature sends a signal saying the user doesn’t want to be tracked. When it’s not enabled, nothing is broadcast because we don’t know what the user wants, and so we don’t broadcast a decision to web sites. For these same reasons we won’t send a “Please Track Me” HTTP header by default if we put one in Firefox.

      1. Ogulbuk wrote on

        Replying to this now because I just saw this link:

        Just force the user to decide. Next time the browser launches, ask him to decide. Don’t provide a default. Don’t allow Esc or Enter to be mapped to any otpion. Force a click on “Allow Tracking” or “Dont Allow Tracking”.

        If the browser crashes or is terminated, ask again and don’t allow the user to contune until he decides. Do not allow the browser to continue running with a “user hasn’t decided” state.

  2. Lucian wrote on

    Your argument is of course nothing but well constructed BS. By keeping it off you make an opt-in decision (or at best maintain the inherited uninformed implicit “opt-in”) which does not give any choice or control to the user.

    The fact is that you need not make a decision for the user at all since, like you said it is not decision to make. Simply give the user a chance to make an informed decision about this as soon as the browser is started the first time.

    1. Sid Stamm wrote on

      The point of this post was that we indeed are not making a decision for the user at all. We’re not going to send the “DNT” header that indicates the user’s preference to not be tracked. We’re also not sending any other information that indicates the user’s acceptance of tracking.

      We could ask the users what they think the first time they launch Firefox, but there are lots of other decisions we’d like to ask them as well, so it’s not that simple. People don’t want to spend time setting up Firefox after they install it — they want to immediately start using the web. Perhaps we can launch some awareness campaigns or a snippet that tells people about the feature. (https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service).

      1. Randall “Texrat” Arnold wrote on

        But again: is that an assumption about what people want, or has it been validated with proper observation/feedback?

        This user wouldn’t mind the “burden” of that additional step. Am I in the minority or majority? It would be nice if Mozilla would find out, and proceed accordingly.

    2. chris wrote on

      Come on, THINK, you guys. Mozilla are right. If EVERYONE has it on, it’ll just be ignored. duh

  3. Ian Brown wrote on

    Have you read “Nudge” by Thaler and Sunstein, or indeed any behavioural economics literature whatsoever?

  4. Ben Adida wrote on

    What some folks may be missing is that the argument for web sites to comply with the DNT header is *much* stronger if users have voluntarily turned on the flag. Otherwise, web sites might simply assume that users don’t care and the value of the DNT header is badly degraded.

    To the behavioral economics point: that argument only applies if the header *by itself* prevented tracking. But in fact the DNT header is a declaration of intent that we need web sites to honor for it to be effective. Put yourself in the web site’s shoes: if you see this header, but you know that 90% of the time it just happens to be on but users haven’t actually expressed that preference explicitly, why would you honor it?

  5. zihum wrote on

    the missing argument here is that:

    the web didnt have DNT before, users are not used to DNT. The default standard is no DNT.
    Enabling DNT is therefore pushing the choice on the user.
    Making the user aware of it and letting them enabling it is the actual choice.

    hope that clears it up.

  6. Gabriella wrote on

    Assuming the user’s implicit consent to being tracked makes Firefox incompatible with EU law.

  7. Maxim Weinstein wrote on

    Ben and “zihum” do a good job explaining why, if you’re going to have a default, leaving the DNT header off is a sensible choice. That said, I second Ian’s recommendation of the book “Nudge.” Sid indicates that DNT is “a choice made by the person behind the keyboard.” However, Firefox does not present what Thaler and Sunstein call a “forced choice,” where the person behind the keyboard is compelled to choose. Instead, Mozilla establishes a silent default selection (DNT off) and then requires users who want to choose otherwise to know the DNT option exists and seek out how to enable it. As discussed in the book, such defaults have a big impact on user behavior, and result in very different choices than when users are forced to actively choose for themselves.

  8. John wrote on

    Okay, if that’s the case and you really believe that choice is the key, why not surface that option to consumers so they can make it for themselves? Just like you surfaced the options to remove old plugins in the most recent version of Firefox… seems like a good option to surface at least once, much in the way you surface things like remember password and warnings about posting over unencrypted forms for the first time….

    Not to give you ultimatums because I know you guys have a tough job, but if you don’t even surface the option it sounds an awful lot like you are cozying up too closely with the advertizing companies and not really caring about the consumer by burying an option so deeply that it takes experts just to find it. Microsoft did a lot of research on how many people clicked options buried in the hierarchy of their UI and understandably the number of people who clicked on those options ever drops off exponentially. How many clicks do I have to make to get to this option in your UI? And by answering that question you will know what percentage of people are even aware of the choice. Not good odds, my friend. How about some proactive pro-consumer action? Does Firefox really care about this or is all this just for show?

  9. Ovidiu P. wrote on

    If it’s a three-state option, why is it represented as a (two-state) checkbox in the options UI? Shouldn’t it be some sort of dropdown that defaults to “no decision” and has “yes” and “no” options? As it stands bwin, you have no way of distinguishing between users who have chosen to be tracked and users who haven’t chosen.

  10. May D wrote on

    I am just wondering…are you going to change or delete this feature (like Chrome is) now that the ‘power’ wants to enable Acta?

  11. Ping from Cookies en España, regulación adaptada a la legislación europea | on

    […] Pero tanto esta última opción, como la de que los navegadores restrinjan el uso la inclusión de cookies, no es bien vista por los fabricantes de los mismos. Y de muestra, una visita al blog de Mozilla. […]