Breaking News: Firefox ‘Do Not Track’ Advances

Breaking News: Firefox ‘Do Not Track’ Advances

Future of Privacy Forum comments on Firefox’s plans to implement a Do Not track feature in Firefox 4:

“Firefox is advancing the “Do Not Track” concept by providing a simpler and more effective way to opt-out of behavioral ads, but in a way that is likely to allow most ad networks to continue to deliver relevant ads.  Businesses would be well advised to agree  respect the preference expressed by users who select this new option, as it could be also useful for mobile users and for apps.  This is a prime opportunity for a multi-stakeholder group, such as the Commerce Department has proposed, to work out details like whether the preference could also result in collection or retention of less data about privacy sensitive users.”

Mozilla’s discussions of its plans are spread over a series of blogs.

https://firstpersoncookie.wordpress.com/2011/01/23/more-choice-and-control-over-online-tracking/

 http://blog.sidstamm.com/2011/01/opting-out-of-behavioral-ads.html

 http://www.open-mike.org/entry/thoughts-on-do-not-track

As so often is the case, Julia Angwin is the first media reporter  to break the story.  And props to Chris Soghoian for his long leadership on this issue. 

Background Information

The amorphous concept but catchy terminology  of Do Not Track (“DNT”) has dominated much of the public discussion about what should be done about online privacy in recent months.  Much of this discussion has been unproductive, with some in industry suggesting that DNT would bring an end to ad- supported online content, and some privacy advocates viewing it as a silver bullet solution for online privacY.  Very little constructive dialogue has occurred across stakeholder groups.  Browser companies, online businesses and advocates have by and large formulated their views without collaboration.

In 2009, the Future of Privacy Forum, in cooperation with the Center for Democracy and Technology, launched an effort to improve the current cookie based opt-out mechanism offered by many online behavioral advertising companies.  Aware of the fact that many opt-out cookies are deleted by consumers or their anti-spyware programs, we convened companies, trade groups, advocates and technologists for a number of discussions aimed at formulating a more reliable process for providing consumers with options to limit the web tracking taking place for behavioral advertising purposes.  At the meeting, technologist Chris Soghoian made the case for a Do Not Track browser header that he had coded, but few were open to the idea at this time.

In December 2010,   FPF responded to the FTC’s formal DNT proposal by convening a panel which included representatives from browser companies, consumer and privacy organizations, technologists, ad networks, supporters of a DNT browser header and policy groups. Although no consensus emerged, we were convinced that a properly tailored and practically designed DNT browser header proposal was feasible.  At the panel we suggested that if companies treated an opt-out header like a more permanent version of a behavioral advertising opt-out cookie, consumers would gain a new privacy control that would be easy to use.  And since ad networks and trade associations have already agreed to provide consumers with the ability to opt-out of behavioral ads with one click  (via the Network Advertising opt-out pages or the new Digital Advertising Association opt-out page), the policy choice was one that had already been made.

As a result, we are delighted that Firefox has just announced that in the new version of its browser,  consumers will have  an option in the preferences panel of the browser that would enable a special  Do Not Track browser HTTP header. 

Ad Networks:

Servers that are sent this header should recognize that the consumer has indicated that they do not want their activity online used to tailor advertising to them across unrelated web sites.  We hope that services that offer consumers a cookie based opt-out should treat consumers presenting the header in the same manner they treated consumers relaying an opt-out cookie.  Since opt-out cookies are often deleted inadvertently by consumers, this header will provide greater stability and a more reliable means of recognizing consumer choices.

For users who present the header, we think that companies should recognize the header to indicate “no targeting” based on previous unrelated activity, whether tracked via cookies, device fingerprinting, local shared objects, or other identifiers. Such header shall not affect tailoring of advertising for a user based on inferences made about a user based on the presentation of browser information or activity during a consumers visit to a particular web site.  Thus geo-targeting based on IP address or tailoring of ads based on a consumers previous visit to the same web site shall be permitted.

Consumers:

Consumers today can technically prevent tracking by using cookie settings or browser based options or third party browser plug-ins which limit the data that is shared by their browsing activity.  But these options are unable to provide high degrees of nuance tha can distinguish between the various types of uses of data by sites.  These tools either underblock, overblock or prevent the delivery of any third party content or ads. Although P3P in theory could provide greater nuance, the manner in which it has been implemented in browsers and the  distinctions between types of data use it provides often don’t map easily to the prevalent business models in use.  Many consumers who today take steps to block cookies are likely expressing their opposition to behavioral advertising.  An opt-out/DNT header provides those consumers with a more nuanced opportunity to express their choice.

 Government:

What data should not be collected when a consumer has selected the opt-out header? Just the behavioral tracking cookie? Any unique tracking cookie? Other data? The most productive way to reach consensus on a proposal such as this is to convene a multi-stakeholder group that can work through the necessary cooperation between browser companies, ad networks, consumer representatives, government and policy groups. No system requiring nuanced cooperation and technology development across business models and government policy will spring into existing without interactions which can address the concerns of the key stakeholders.  We suggest that Firefox convene such a multi-stakeholder group, including representatives from the FTC, Commerce and international stakeholders, in a process much as the Department of Commerce has called for in its report.

Kudos to the Firefox team and good luck to Alex Fowler, Mozilla’s new global privacy and policy who has just come on board.  And huge credit to Chris Soghoian (who coded the first proof of concept of a DNT header and Arvind Narayanan of www.donottrack.us) along with Sid Stamm and others of the Mozilla team. We look forward to working with you on advancing consumer trust online.

Check out Chris Soghoian’s detailed history of the inception of the opt-out header concept and how it has developed.


Leave a Reply


Privacy Calendar

Oct
21
Tue
6:00 pm Consumer Action’s 43rd Annual Aw... @ Google
Consumer Action’s 43rd Annual Aw... @ Google
Oct 21 @ 6:00 pm – Oct 21 @ 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of individual and small group trainings, Consumer Action each year is[...]
Oct
24
Fri
9:00 am Web Privacy & Transparency Confe... @ Princeton University
Web Privacy & Transparency Confe... @ Princeton University
Oct 24 @ 9:00 am – 4:00 pm
On Friday, October 24, 2014, the Center for Information Technology Policy (CITP) at Princeton University is hosting a public conference on Web Privacy and Transparency. It will explore the quickly emerging area of computer science research that[...]
Oct
29
Wed
4:00 pm Big Data and Privacy: Navigating... @ Schulze Hall
Big Data and Privacy: Navigating... @ Schulze Hall
Oct 29 @ 4:00 pm – 7:00 pm
The rapid emergence of “big data” has created many benefits and risks for businesses today. As data is collected, stored, analyzed, and deployed for various business purposes, it is particularly important to develop responsible data[...]
Oct
30
Thu
9:00 am The Privacy Act @40: A Celebrati... @ Georgetown Law
The Privacy Act @40: A Celebrati... @ Georgetown Law
Oct 30 @ 9:00 am – 5:30 pm
The Privacy Act @40 A Celebration and Appraisal on the 40th Anniversary of the Privacy Act and the 1974 Amendments to the Freedom of Information Act October 30, 2014 Agenda 9 – 9:15 a.m. Welcome[...]
Nov
7
Fri
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
Nov
11
Tue
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
Nov
12
Wed
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]

View Calendar