The movement towards industry agreement on a do-not-track feature in browsers has hit several speed bumps -- or perhaps they are brick walls.
Developers need to be aware of user concerns over privacy, and the currents of industry self-regulation and government regulation regarding behavioral tracking are part of this needed awareness. Mobile developers especially are going to have to keep user privacy sensitivities front-of-mind, as we have discussed recently.
The current frontier in attempts to balance commercial and privacy interests is the do-not-track standard now being negotiated under the auspices of the World Wide Web Consortium.
For more than a year the W3C's Tracking Protection Working Group has been meeting to iron out a definition of exactly how a DNT signal will work and what Web sites and advertisers must do -- and refrain from doing -- when they receive such a signal from a user. The working group is made up of privacy experts, researchers, and representatives from the ad industry and technology companies. In February of this year, the advertising industry vowed to honor users' do-not-track signals. (All major desktop browsers now or soon will offer users a DNT choice, though in the case of Google's Chrome it is in the beta channel.)
As I mentioned in a recent post about Apple's iOS 6 "Advertising Identifier," the current condition of the working group's Editor's Draft (part 1; part 2), the various sides in this negotiation are far from consensus. Privacy experts want the DNT signal to mean "do not track" plain and simple. The ad industry wants wide latitude to record and store data about users' habits even when DNT=1 is sent from the browser.
Microsoft's incendiary move
The debate was inflamed during the summer when Microsoft announced that version 10 of its Internet Explorer browser, which will be included with Windows 8 later this month, would have DNT=1 set by default. The Tracking Protection Working Group had already agreed that browsers should not set DNT on by default, but should require users to select DNT=1 themselves if that is their desire. So Microsoft was on a path, alone among browser makers, to be out of compliance with the industry consensus and the emerging standard.
Microsoft fielded a great deal of negative publicity for its stance -- including the Apache Foundation's patch to make sure their Web server, the most widely used in the world, would ignore DNT=1 if it came from a Microsoft browser. Microsoft finally agreed to explain the DNT=1 choice to users in the setup process for Windows 8. Users would have the opportunity at that time to choose tracking and targeted ads if that is what they wanted.
Perhaps because of Microsoft's move, the ad industry has lately gone on a scorched-earth offensive against do-not-track. They sent an incendiary letter to Microsoft, which included phrases such as "fundamentally bad for consumers," "undermines consumer interest," and "cheat society," according to PCAdvisor.co.uk (I have been unable to find a copy of the advertisers' letter online).
The industry also lobbied members of Congress, who sent a bafflingly wrongheaded letter (PDF) to the FTC asking pointed questions about why they were working with a foreign organization -- i.e., the W3C!
The chairman of the FTC accused the ad industry of backing away from their pledge to support do-not-track. And privacy experts fired back at the ad industry with strong words of their own as positions hardened. One Stanford researcher accused the industry of having "dropped its facade of negotiating Do Not Track in good faith," according to Computerworld.
And now, a patent
As if polarization weren't enough of an obstacle to throw in do-not-track's road, now there's a patent as well. A company called 3PMobile received US patent number 8,156,206, one of whose claims reads almost exactly like a DNT header. The company claims that it has offered a royalty-free license to the patent to both Mozilla and the W3C, but both organizations have rebuffed the overture, according to ZDNet. The W3C has instead formed a Patent Advisory Group to look into the matter. The convening of a PAG pretty much guarantees that any planned schedule for progress towards a do-not-track standard are on indefinite hold.