DNT: No Teeth, No Benefits–DOA

The W3C published the first draft specification for “Do Not Track” (DNT) in an attempt to addresses online privacy. The document proposes an official specification for a mechanism that allows users (via browsers) to broadcast tracking preferences to websites.

The intent of DNT is fantastic. Users should be empowered with the ability to opt-in or -out of being tracked on a website, or across sites, and this specification would achieve exactly that. However, it’ll never catch on. One of two things need to be in place for something like this to take hold.

1) Both Sides Benefit

In this case “both sides” are the users and the advertisers who collect tracking data. The benefit to users is obvious: They gain control over their privacy. But what do the advertisers gain? According to the draft:

Since advertisers desire an audience that is receptive to whatever they happen to be advertising, a significant premium is assigned to sites that can demonstrate a favorable target audience, and even more so for sites that are able to identify their audience dynamically and adjust the advertising displayed to be specific to the interests of that user.
That sounds good, but it just doesn’t hold water. It’s commonly stated that people hate advertising, yet advertisers keep at it. Why? Because it works, that’s why. The dichotomy between people hating it, but it works anyway, virtually eliminate any hope that advertisers will risk letting everyone just opt-out of being targeted.

2) Fear of Enforcement

The other option is enforcement, and that isn’t anywhere in the document nor does the W3C have the authority to enforce anything in any case. Without the threat of enforcement DNT is just a suggestion that’s not likely to be take seriously.

All Hope is Not Lost Though

There is one other hope. The specification lays out a handful of methods for the server to communicate back to the browser what it intends on doing with the DNT header. When all is said and done that could be the missing enforcement piece.

Giving the browser the option to report back to the user whether the DNT preferences are being respected or not by a particular site empowers the user to make a decision to visit or not. If a large enough percentage of users opt not to visit sites that don’t affirmatively respond about respecting DNT settings then that will give advertisers a real reason to follow this specification. It’s a weak enforcement method but it is the only one.

In closing I should state that I am decidedly in favor of DNT and the user empowerment it brings. I also appreciate all of the work Mozilla and others have put in to this specification. However, unlike others, I still believe this is DOA.

One unrelated note: In the specification it says this about the DNT header: “The remainder of the DNT field-value after the initial character is reserved for future extensions.” I’m going to be the first to predict this detail will allow for the first security vulnerability with DNT. It is marked as an issue.


Now read this

Privacy Considerations with Mixpanel People Analytics

Mixpanel just announced People Analytics. This service promises that, “you can tie any kind of data to your users to see exactly who they are and what they have done.” The analytics geek in my loves that idea. Directly tying everything... Continue →