Jump to content

Do Not Track: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Corrected statement to show that Microsoft announced DNT before Mozilla, followed by releasing the first DNT capable browser.
Adding {{pp-protected}}
Tags: Twinkle Reverted
(620 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
{{HTTP}}
{{Short description|HTTP header field}}
{{pp-protected|small=yes}}
The '''do not track''' header is a proposed [[List of HTTP header fields|HTTP header field]] that would request a [[web application]] to disable their tracking of a user. The "Do Not Track" header was originally proposed in 2009 by researchers [[Christopher Soghoian]], Sid Stamm and [[Dan Kaminsky]].<ref>{{cite web|url=http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html|title=The History of the Do Not Track Header|work=Slight Paranoia|last=Soghoian|first=Christopher|accessdate=22 February 2012}}</ref> It is currently being standardized by the [[W3C]].<ref>{{cite web|url=http://www.w3.org/2011/tracking-protection/|title=Tracking Protection Working Group|work=W3C|accessdate=22 February 2012}}</ref>
{{use mdy dates|date=July 2023}}


'''Do Not Track''' ('''DNT''') is a formerly official [[List of HTTP header fields|HTTP header field]], designed to allow internet users to opt out of [[Web tracking|tracking by websites]]—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.<ref name="Corbin-2010" />
In December 2010, [[Microsoft]] announced support for the DNT mechanism in its Internet Explorer 9 web browser.<ref>http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx</ref> Followed by Mozilla's Firefox,<ref>http://online.wsj.com/article/SB10001424052748704213404576100441609997236.html</ref>
Apple's Safari<ref>{{Citation
| title = Apple Adds Do-Not-Track Tool to New Browser
| url = http://online.wsj.com/article/SB10001424052748703551304576261272308358858.html
| year = 2011
| author = Nick Wingfield
| journal = Wall Street Journal
| accessdate = 2011-04-14
| date=2011-04-14
}}</ref> and Opera all later added support.<ref>{{Citation
|author=Opera Desktop Team
|title=Core update with Do Not Track, and mail and theme fixes
|url=http://my.opera.com/desktopteam/blog/2012/02/10/core-dnt-mail-themes
|publisher=Opera.com
|accessdate=2012-02-10
|authorlink=Opera Desktop Team
|date=2012-02-11
}}</ref>
It is not currently supported by Google Chrome, but will be incorporated by the end of 2012.<ref>{{Citation
|author=Ryan Singel
|title=Google Holds Out Against ‘Do Not Track’ Flag
|url=http://www.wired.com/epicenter/2011/04/chrome-do-not-track/
|work=Epicenter|publisher=Wired.com
|accessdate=2011-09-01
|authorlink=Ryan Singel
|date=2011-04-15
}}</ref><ref>{{cite web|url =http://browserfame.com/478/google-chrome-support-do-not-track |title = Google and Chrome To Support Do Not Track|accessdate =March 3, 2012}}</ref>


The Do Not Track header was originally proposed in 2009 by researchers Christopher Soghoian and Sid Stamm.<ref name="Fleishman-2024">{{Cite news |last=Fleishman |first=Glenn |date=2019-03-07 |title=How the tragic death of Do Not Track ruined the web for everyone |url=https://www.fastcompany.com/90308068/how-the-tragic-death-of-do-not-track-ruined-the-web-for-everyone |work=[[Fast Company]]}}</ref> Mozilla Firefox became the first browser to implement the feature. The header failed to find widespread success due to the lack of legislation requiring companies to legally respect the Do Not Track header; and most companies and websites not respecting the header when sent by the user.<ref>{{Cite web |last=Goodrich |first=Ben |date=1 May 2012 |title=An Analysis of the 'Do Not Track' Header |url=https://www.cs.tufts.edu/comp/116/archive/bgoodrich.pdf}}</ref>
The header currently accepts three values, '''1''' in case the user does not wish to be tracked ''(opt out)'', '''0''' in case the user does ''(opt in)'', or null (no header sent) if the user has not expressed a preference. The default is to not send the header, until the user chooses to enable the setting via their browser.


In 2020, a coalition of US-based internet companies announced the '''Global Privacy Control''' header that succeeds Do Not Track header. The creators hope that this new header will meet the definition of "user-enabled global privacy controls" defined by the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR). In this case, the new header would be automatically strengthened by existing laws and companies would be required to honor it.
==History of Do Not Track==


== Operation ==
In 2007, several consumer advocacy groups asked the [[Federal Trade Commission]] to create a Do Not Track list for online advertising. The proposal would have required that online advertisers submit their information to the FTC, which would compile a machine readable list of the domain names used by those companies to place cookies or otherwise track consumers.<ref>{{cite web|url=https://www.cdt.org/privacy/20071031consumerprotectionsbehavioral.pdf|title=The History of the Do Not Track Header|work=Center for Democracy and Technology|date=2007-10-31|accessdate=22 February 2012}}</ref>
The DNT header accepts three values: <code>1</code> in case the user does not want to be tracked ''(opt-out)'', <code>0</code> in case the user consents to be tracked ''(opt-in)'', or ''null'' (no header sent) if the user has not expressed a preference. The default behavior required by the standard is not to send the header unless the user enables the setting via their browser or their choice is implied by the use of that specific browser.<ref name="DNT">{{Cite web |title=DNT - HTTP|url=https://devdoc.net/web/developer.mozilla.org/en-US/docs/Web/Security/Do_not_track_field_guide.html|access-date=2024-10-13}}</ref>


== History ==
In July, 2009, researchers [[Christopher Soghoian]] and [[Sid Stamm]] created a prototype add-on for the Firefox web browser implementing support for the Do Not Track header. Stamm was at the time, a privacy engineer at [[Mozilla]], while Soghoian soon after started working at the [[FTC]].<ref>{{cite news | url=http://www.wired.com/threatlevel/2009/08/soghoian-joins-ftc/ | title=Outspoken Privacy Advocate Joins FTC | work=Wired News | first=Kim| last=Zetter| date=2009-08-17 | accessdate=2009-11-20}}</ref> One year later, during a [[US Senate]] privacy hearing, [[FTC]] Chairman [[Jon Leibowitz]] told the Senate Commerce Committee that the commission was exploring the idea of proposing a "do-not-track" list.<ref>{{cite news | url=http://www.internetnews.com/ec-news/article.php/3895496/FTC+Mulls+BrowserBased+Block+for+Online+Ads.htm | title=FTC Mulls Browser-Based Block for Online Ads | work=Internet News | first=Kenneth| last=Corbin| date=2010-07-28 | accessdate=2009-11-20}}</ref>
In 2007, several consumer advocacy groups asked the U.S. [[Federal Trade Commission]] (FTC) to create a Do Not Track list for online advertising. The proposal would have required that online advertisers submit their information to the FTC, which would compile a machine-readable list of the [[Domain name|domain names]] used by those companies to place cookies or otherwise track consumers.<ref>{{cite web|url=https://www.cdt.org/privacy/20071031consumerprotectionsbehavioral.pdf|title=The History of the Do Not Track Header|work=Center for Democracy and Technology|date=2007-10-31|access-date=22 February 2012}}</ref>


In July 2009, researchers Christopher Soghoian and Sid Stamm implemented support for the Do Not Track header in the Firefox web browser via a prototype add-on. Stamm was, at the time, a privacy engineer at Mozilla, while Soghoian soon afterward started working at the FTC.<ref>{{cite news | url=https://www.wired.com/threatlevel/2009/08/soghoian-joins-ftc/ | title=Outspoken Privacy Advocate Joins FTC | work=Wired News | first=Kim| last=Zetter| date=2009-08-17 | access-date=2009-11-20}}</ref> One year later, during a U.S. Senate privacy hearing, FTC Chairman Jon Leibowitz told the Senate Commerce Committee that the commission was exploring the idea of proposing a "do-not-track" list.<ref name="Corbin-2010">{{cite news | url=http://www.internetnews.com/ec-news/article.php/3895496/FTC+Mulls+BrowserBased+Block+for+Online+Ads.htm | title=FTC Mulls Browser-Based Block for Online Ads | work=Internet News | first=Kenneth| last=Corbin| date=2010-07-28 | access-date=2009-11-20}}</ref>
In December 2010, the [[FTC]] issued a privacy report that called for a "do not track" system that would enable people to avoid having their actions monitored online.<ref>{{cite news|url=http://online.wsj.com/article/SB10001424052748704594804575648670826747094.html|title=FTC Backs Do-Not-Track System for Web|last=Angwin|first=Julia|work= Wall Street Journal|date=2010-12-02|accessdate=22 February 2012}}</ref>
One week later, [[Microsoft]] announced that its next browser would include support for Tracking Protection Lists, that block tracking of consumers using blacklists supplied by third parties.<ref>{{cite news|url=http://online.wsj.com/article/SB10001424052748703296604576005542201534546.htmll|title=Microsoft to Add 'Tracking Protection' to Web Browser|last=Angwin|first=Julia|work= Wall Street Journal|date=2010-12-07|accessdate=22 February 2012}}</ref> In January, 2011, [[Mozilla]] announced that its Firefox browser would soon provide a Do Not Track solution, via a browser header.<ref>{{cite news|url=http://online.wsj.com/article/SB10001424052748704213404576100441609997236.html|title=Web Tool On Firefox To Deter Tracking|last=Angwin|first=Julia|work= Wall Street Journal|date=2011-01-21|accessdate=22 February 2012}}</ref> Microsoft's Internet Explorer,<ref>{{cite news|url=http://online.wsj.com/article/SB10001424052748703363904576200981919667762.html|title=Microsoft Adds Do-Not-Track Tool to Browser|last=Angwin|first=Julia|work= Wall Street Journal|date=2011-03-15|accessdate=22 February 2012}}</ref>
Apple's Safari<ref>{{Citation
| title = Apple Adds Do-Not-Track Tool to New Browser
| url = http://online.wsj.com/article/SB10001424052748703551304576261272308358858.html
| year = 2011
| author = Nick Wingfield
| journal = Wall Street Journal
| accessdate = 2011-04-14
| date=2011-04-14
}}</ref> and Opera<ref>{{Citation
|author=Opera Desktop Team
|title=Core update with Do Not Track, and mail and theme fixes
|url=http://my.opera.com/desktopteam/blog/2012/02/10/core-dnt-mail-themes
|publisher=Opera.com
|accessdate=2012-02-10
|authorlink=Opera Desktop Team
|date=2012-02-11
}}</ref> all later added support for the header approach. Google Chrome supported by its official extensions.<ref>{{Citation
|author=Sean Harvey and Rajas Moonka
|title=Google Public Policy Blog: Keep your opt-outs
|url=http://googlepublicpolicy.blogspot.com/2011/01/keep-your-opt-outs.html
|work=Epicenter|publisher=Google.com
|accessdate=2011-01-24
|authorlink=Google Product Managers
|date=2011-01-24
}}</ref>


In December 2010, the FTC issued a privacy report that called for a "do-not-track" system that would enable people to avoid having their actions being monitored online.<ref>{{cite news|url=https://www.wsj.com/articles/SB10001424052748704594804575648670826747094|title=FTC Backs Do-Not-Track System for Web|last=Angwin|first=Julia|work= Wall Street Journal|date=2010-12-02|access-date=22 February 2012}}</ref>
==How it works==
When a [[web browser]] requests content or sends data using HTTP it can optionally include extra information in one or more items called "headers". ''Do not track'' adds a header (DNT: 1) indicating that the user does not wish to be tracked.<ref>{{Citation
| title = Do Not Track- Universal Web Tracking Opt-Out
| url = http://donottrack.us/
| accessdate = 2011-04-11
}}</ref> The execution of this non-tracking directive can only be implemented on the part of the HTTP server, so its enforcement is effectively on the honor system. In this regard, ''do not track'' is similar to the Robots Exclusion standard, which provides a mechanism for HTTP servers to communicate to automatic web-traversing client programs whether those programs are granted permission to access the servers, but entirely relies upon honor and etiquette on the part of the client for compliance.


One week later, Microsoft announced that its next browser would include support for Tracking Protection Lists that block tracking of consumers using blacklists supplied by third parties.<ref>{{cite news|url=https://www.wsj.com/articles/SB10001424052748703296604576005542201534546|title=Microsoft to Add 'Tracking Protection' to Web Browser|last=Angwin|first=Julia|work= Wall Street Journal|date=2010-12-07|access-date=22 February 2012}}</ref> In January 2011, Mozilla announced that its Firefox browser would soon provide a Do Not Track solution, via a browser header.<ref name="online">{{cite news |author=Julia Angwin |author-link=Julia Angwin |date=2011-01-21 |title=Web Tool On Firefox To Deter Tracking |url=https://www.wsj.com/articles/SB10001424052748704213404576100441609997236 |access-date=2012-02-22 |work=Wall Street Journal}}</ref> Microsoft's [[Internet Explorer 9]],<ref>{{cite news|url=https://www.wsj.com/articles/SB10001424052748703363904576200981919667762|title=Microsoft Adds Do-Not-Track Tool to Browser|last=Angwin|first=Julia|work= Wall Street Journal|date=2011-03-15|access-date=22 February 2012}}</ref> Apple's Safari,<ref name="Nick Wingfield">{{Cite journal|author=Nick Wingfield|date=2011-04-14|title=Apple Adds Do-Not-Track Tool to New Browser|url=https://www.wsj.com/articles/SB10001424052748703551304576261272308358858|journal=Wall Street Journal|access-date=2011-04-14}}</ref> Opera<ref name="Opera">{{Cite web|author=Opera Desktop Team |date=2012-02-11|title=Core update with Do Not Track, and mail and theme fixes |url=http://my.opera.com/desktopteam/blog/2012/02/10/core-dnt-mail-themes |archive-url= https://web.archive.org/web/20130310122003/http://my.opera.com/desktopteam/blog/2012/02/10/core-dnt-mail-themes |archive-date=2013-03-10 |url-status=dead |access-date=2012-02-10|work=Opera blog}}</ref> and Google Chrome<ref name="longerbattery">{{Cite web| title=Longer battery life and easier website permissions |url= https://chrome.googleblog.com/2012/11/longer-battery-life-and-easier-website.html |work=Chrome blog |access-date=2012-11-07 |date=2012-11-06}}</ref> all later added support for the header approach.
Currently, websites are not legally required to comply with ''do not track'' requests, neither by law nor by broad social consensus, and therefore very few websites recognize and respect this privacy signal.


In August 2015 a coalition of privacy groups led by the Electronic Frontier Foundation using [[World Wide Web Consortium|W3C]]'s Tracking Preference Expression (DNT) standard proposed that "Do not track" be the goal for advocates to demand of businesses.<ref>{{cite web |url= http://www.consumeraffairs.com/news/privacy-groups-offer-do-not-track-compromise-will-online-advertisers-and-publishers-accept-it-080615.html |title=Privacy groups offer "Do Not Track" compromise; will online advertisers and publishers accept it? |first=Jennifer |last=Abel |work=[[ConsumerAffairs]] |date=6 Aug 2015 |access-date=10 Aug 2015}}</ref>
== See also ==
* [[List of HTTP header fields]]
* [[List of HTTP header fields#Common_non-standard_request_headers|Common non-standard request headers]]


In January 2019, the W3C Tracking Protection Working Group was disbanded, citing "insufficient deployment of these extensions" and lack of "indications of planned support among user agents, third parties, and the ecosystem at large".<ref name="GitHub note W3C DNT disbanded">{{Cite web|url=https://github.com/w3c/dnt/commit/5d85d6c3d116b5eb29fddc69352a77d87dfd2310|title=WG closed · w3c/dnt@5d85d6c|website=GitHub|language=en|access-date=2019-02-07}}</ref><ref name="Gizmodo Apple Removing Do Not Track">{{Cite web|url=https://gizmodo.com/apple-is-removing-do-not-track-from-safari-1832400768|title=Apple Is Removing 'Do Not Track' From Safari|last=Hill|first=Kashmir|website=Gizmodo|date=2019-02-06 |language=en-US|access-date=2019-02-07}}</ref> Beginning the following month, Apple removed DNT support from Safari, citing that it could be used as a "[[browser fingerprinting|fingerprinting]] variable" for tracking.<ref name="apple fingerprinting">{{Cite web|url=https://www.macworld.com/article/3338152/apple-safari-removing-do-not-track.html|title=Apple is removing the Do Not Track toggle from Safari, but for a good reason|date=2019-02-07|website=Macworld|language=en|access-date=2019-10-24}}</ref>
== References ==
{{Reflist|30em}}


=== Internet Explorer 10 default setting controversy ===
== External links ==
When using the "Express" settings upon installation, a Do Not Track option is enabled by default for [[Internet Explorer 10]] and [[Windows 8]].<ref>{{cite news |url= https://www.pcmag.com/article2/0,2817,2412077,00.asp |title=Internet Explorer 10 Released for Windows 7 |access-date=22 Dec 2012 |date=13 Nov 2012 |work=PC Magazine}}</ref> Microsoft faced criticism for its decision to enable Do Not Track by default<ref>{{cite web|url=http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/08/07/do-not-track-in-the-windows-8-set-up-experience.aspx|archive-url=https://web.archive.org/web/20120808130947/http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/08/07/do-not-track-in-the-windows-8-set-up-experience.aspx|url-status=dead|archive-date=2012-08-08|title=Do Not Track in the Windows 8 Setup Experience|author=Brendon Lynch |date=2012-08-07|work=Microsoft on the issues blog}}</ref> from advertising companies, who say that use of the Do Not Track header should be a choice made by the user and must not be automatically enabled. The companies also said that this decision would violate the [[Digital Advertising Alliance]]'s agreement with the U.S. government to honor a Do Not Track system, because the coalition said it would only honor such a system if it were not enabled by default by web browsers.<ref>{{cite web|title=Microsoft ticks off advertisers with IE10 'Do Not Track' policy|url=http://news.cnet.com/8301-10805_3-57445568-75/microsoft-ticks-off-advertisers-with-ie10-do-not-track-policy/|date=1 Jun 2012 |website=CNET|access-date=8 Sep 2012}}</ref> A Microsoft spokesperson defended its decision however, stating that users would prefer a web browser that automatically respected their privacy.<ref name=dig-msdnt>{{cite news|title=Microsoft's "Do Not Track" Move Angers Advertising Industry |url=https://blogs.wsj.com/digits/2012/05/31/microsofts-do-not-track-move-angers-advertising-industry/|work=Digits|publisher=The Wall Street Journal|access-date=8 Sep 2012}}</ref>
* http://donottrack.us/
* http://tools.ietf.org/html/draft-mayer-do-not-track-00


On September 7, 2012, [[Roy Fielding]], an author of the Do Not Track standard, [[Commit (version control)|committed]] a patch to the source code of the [[Apache HTTP Server]], which would make the server explicitly ignore any use of the Do Not Track header by users of Internet Explorer 10. Fielding wrote that Microsoft's decision "deliberately violates" the Do Not Track specification because it "does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization". The Do Not Track specification did not explicitly mandate that the use of Do Not Track actually be a choice until after the feature was implemented in Internet Explorer 10.<ref>{{cite web |url=https://arstechnica.com/information-technology/2012/08/microsoft-sticks-to-its-guns-keeps-do-not-track-on-by-default-in-ie10/ |title=Microsoft sticks to its guns, keeps Do Not Track on by default in IE10 |website=Ars Technica |date=8 Aug 2012 |access-date=14 May 2013}}</ref> According to Fielding, Microsoft knew its Do Not Track signals would be ignored, and that its goal was to effectively give an illusion of privacy while still catering to their own interests.<ref name=cnet-apachednt>{{cite web |first=Stephen |last=Shankland |title=Apache Web software overrides IE10 do-not-track setting |url=https://www.cnet.com/tech/services-and-software/apache-web-software-overrides-ie10-do-not-track-setting/ |website=CNET |date=7 September 2012|access-date=13 April 2024}}</ref> On October 9, 2012, Fielding's patch was [[comment (computer programming)|commented out]], restoring the previous behavior.<ref>{{cite web|title= Apache Won't Override Do-Not-Track Headers |url= http://www.mediapost.com/publications/article/184855/apache-wont-override-do-not-track-headers.html |date=9 Oct 2012 |publisher= MediaPost Communications |access-date=22 Dec 2012}}</ref><ref>{{Cite web|title=Keep this in, but commented out: also provide a little · apache/httpd@3dd6fb6|url=https://github.com/apache/httpd/commit/3dd6fb6882ae2b453c90d51e777e88bc420a0cb1|website = GitHub|access-date = 4 Jul 2017}}</ref>
{{internet-stub}}


On April 3, 2015, Microsoft announced that starting with [[Windows 10]], it would comply with the specification and no longer automatically enable Do Not Track as part of the operating system's "Express" default settings, but that the company will "provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so".<ref name=cw-dntdisabledms>{{cite web|title=Microsoft rolls back commitment to Do Not Track |url=http://www.computerworld.com/article/2905551/microsoft-rolls-back-commitment-to-do-not-track.html|website=Computerworld|date=3 Apr 2015 |publisher=IDG |access-date=3 Apr 2015}}</ref>
[[Category:HTTP headers]]

== Adoption ==
Very few advertising companies actually supported DNT, due to a lack of regulatory or voluntary requirements for its use,<ref name=bi-gapingflaw>{{cite web|title=Here's The Gaping Flaw in Microsoft's 'Do Not Track' System For IE10|url=http://www.businessinsider.com/heres-the-gaping-flaw-in-microsofts-do-not-track-system-for-ie10-2012-8|website=Business Insider|access-date=8 Sep 2012}}</ref> and unclear standards over how websites should respond to the header. Websites that honor DNT requests include [[Medium (website)|Medium]] and [[Pinterest]].<ref>{{cite web |last1=Bacchus |first1=Arif |title=Millions of People Use 'Do Not Track' Tool Which Does Nothing |url=https://www.digitaltrends.com/computing/do-not-tracking-tools-do-nothing/ |website=Digital Trends |date=15 Oct 2018 |publisher=Designtechnica Corporation |access-date=1 Nov 2019}}</ref> Despite offering the option in its Chrome web browser, [[Google]] did not implement support for DNT on its websites, and directed users to its online privacy settings and opt-outs for interest-based advertising instead.<ref name="gizmodo-doesntdoanything"/> The [[Digital Advertising Alliance]], [[Council of Better Business Bureaus]] and the [[Data & Marketing Association]] does not require its members to honor DNT signals.<ref name="DAA-position">{{cite web|title=Digital Advertising Alliance Gives Guidance to Marketers for Microsoft IE10 'DO NOT TRACK' Default Setting|url=http://www.aboutads.info/blog/digital-advertising-alliance-gives-guidance-marketers-microsoft-ie10-%E2%80%98do-not-track%E2%80%99-default-set|access-date=10 Oct 2012}}</ref>

Use of [[ad blocking]] software to block web trackers and advertising has become increasingly common (with users citing both privacy concerns and performance impact as justification), while Apple and Mozilla began to add privacy enhancements (such as "tracking protection") to their browsers, that are designed to reduce undue cross-site tracking. In addition, laws such as the European Union's [[General Data Protection Regulation]] (GDPR) have imposed restrictions on how companies are to store and process personal information.<ref name="gizmodo-doesntdoanything">{{Cite web|url=https://gizmodo.com/do-not-track-the-privacy-tool-used-by-millions-of-peop-1828868324|title='Do Not Track' Privacy Tool Doesn't Do Anything|website=Gizmodo|date=2018-10-15 |access-date=2019-10-24}}</ref><ref name="Fleishman-2024" />

[[Princeton University]] associate professor of computer science [[Jonathan Mayer]], who was a member of the W3C's working group for DNT, argued that the concept is a "failed experiment".<ref name="gizmodo-doesntdoanything"/>

== Global Privacy Control ==
'''Global Privacy Control''' (GPC) is a proposed [[List of HTTP header fields|HTTP header field]] and [[Document Object Model|DOM property]] that can be used to inform websites of the user's wish to have their information not be sold or used by ad trackers.<ref>{{Cite web |title=Global Privacy Control (GPC) |url=https://privacycg.github.io/gpc-spec/ |access-date=2024-08-17 |website=privacycg.github.io}}</ref> GPC was developed in 2020 by privacy technology researchers such as [[Wesleyan University]] professor [[Sebastian Zimmeck]] and former Chief Technologist of the [[Federal Trade Commission]] [[Ashkan Soltani]], as well as a group of privacy-focused companies including the [[Electronic Frontier Foundation]], [[Automattic]] (owner of [[Tumblr]] and [[WordPress]]), and more.<ref>{{Cite web |title=Frequently Asked Questions {{!}} Global Privacy Control |url=https://globalprivacycontrol.org/faq |access-date=2024-08-17 |website=globalprivacycontrol.org |language=en |quote="Who is supporting the development of GPC?"}}</ref>

The signal has been implemented by [[DuckDuckGo]]'s [[DuckDuckGo Private Browser|private browser]] and extension, ''[[The New York Times]]'', and privacy browser [[Brave (web browser)|Brave]] and is supported by [[Firefox]] creator, [[Mozilla]]<ref>{{Cite web |title=Founding Organizations {{!}} Global Privacy Control |url=https://globalprivacycontrol.org/orgs |access-date=2024-08-17 |website=globalprivacycontrol.org |language=en}}</ref> as well as the [[Attorney General of California|California Attorney General]].<ref name="State-of-California-Department-of-Justice-Office-of-the-Attorney-General-2018">{{Cite web |date=2018-10-15 |title=California Consumer Privacy Act (CCPA) |url=https://oag.ca.gov/privacy/ccpa |access-date=2024-08-17 |website=State of California - Department of Justice - Office of the Attorney General |language=en}}</ref> Notably, [[Google Chrome]] has not yet implemented the signal,<ref>{{Cite web |title=Chrome Privacy Now! |url=https://chromeprivacy.org/ |access-date=2024-08-17 |website=Chrome Privacy Now! |language=en-US}}</ref> despite still allowing users to enable the now depreciated Do Not Track header.<ref>{{Cite web |title=Turn "Do Not Track" on or off |url=https://support.google.com/chrome/answer/2790761 |website=Google Chrome Help |publisher=Google Inc.}}</ref> However, there are third-party extensions available for Chrome if users want to send the GPC header with their requests, including the [[Privacy Badger]] extension by [[Electronic Frontier Foundation|The Electronic Frontier Foundation]],<ref>{{Cite web |title=Privacy Badger |url=https://privacybadger.org/#What-is-Global-Privacy-Control |access-date=2024-08-17 |website=Electronic Frontier Foundation |language=en |quote="What is Global Privacy Control (GPC)?"}}</ref> the [[DuckDuckGo]] Privacy Essentials add-on,<ref>{{Cite web |date=2021-01-28 |title=Global Privacy Control (GPC) Enabled by Default in DuckDuckGo Apps & Extensions |url=https://spreadprivacy.com/global-privacy-control-enabled-by-default/ |access-date=2024-08-17 |website=Spread Privacy |language=en}}</ref> and more.

One key difference between the Do Not Track header and GPC is that GPC is a valid do-not-sell-my-personal-information signal according to the [[California Consumer Privacy Act]] (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.<ref name="State-of-California-Department-of-Justice-Office-of-the-Attorney-General-2018" /> In July 2021, the [[Attorney General of California|California Attorney General]] clarified through an FAQ that under law, the Global Privacy Control signal must be honored.<ref name="State-of-California-Department-of-Justice-Office-of-the-Attorney-General-2018" />

On August 24, 2022, the [[Attorney General of California|California Attorney General]] announced [[Sephora]] paid a $1.2-million settlement for allegedly failing to process opt-out requests via a user-enabled global privacy control signal.<ref>{{Cite news |last=Merken |first=Sara |date=2022-08-24 |title=Sephora to pay $1.2 mln in privacy settlement with Calif. AG over data sales |url=https://www.reuters.com/legal/litigation/sephora-pay-12-mln-privacy-settlement-with-calif-ag-over-data-sales-2022-08-24/ |url-status=live |archive-url=https://web.archive.org/web/20230510060201/https://www.reuters.com/legal/litigation/sephora-pay-12-mln-privacy-settlement-with-calif-ag-over-data-sales-2022-08-24/ |archive-date=2023-05-10 |access-date=2024-06-13 |work=[[Reuters]]}}</ref>

== See also ==
* [[Blur (browser extension)]]
* [[P3P]]
* [[Evil bit]]
* {{Slink|List of HTTP header fields|Common non-standard request headers}}
* {{Slink|HTTP cookie|Privacy|Third-party cookie}}
* [[Better Business Bureau]]
* [[Data & Marketing Association]]

== References ==
{{reflist|30em}}


[[Category:Hypertext Transfer Protocol headers]]
[[it:Do Not Track Header]]
[[Category:Internet privacy]]

Revision as of 05:26, 4 November 2024

Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.[1]

The Do Not Track header was originally proposed in 2009 by researchers Christopher Soghoian and Sid Stamm.[2] Mozilla Firefox became the first browser to implement the feature. The header failed to find widespread success due to the lack of legislation requiring companies to legally respect the Do Not Track header; and most companies and websites not respecting the header when sent by the user.[3]

In 2020, a coalition of US-based internet companies announced the Global Privacy Control header that succeeds Do Not Track header. The creators hope that this new header will meet the definition of "user-enabled global privacy controls" defined by the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR). In this case, the new header would be automatically strengthened by existing laws and companies would be required to honor it.

Operation

The DNT header accepts three values: 1 in case the user does not want to be tracked (opt-out), 0 in case the user consents to be tracked (opt-in), or null (no header sent) if the user has not expressed a preference. The default behavior required by the standard is not to send the header unless the user enables the setting via their browser or their choice is implied by the use of that specific browser.[4]

History

In 2007, several consumer advocacy groups asked the U.S. Federal Trade Commission (FTC) to create a Do Not Track list for online advertising. The proposal would have required that online advertisers submit their information to the FTC, which would compile a machine-readable list of the domain names used by those companies to place cookies or otherwise track consumers.[5]

In July 2009, researchers Christopher Soghoian and Sid Stamm implemented support for the Do Not Track header in the Firefox web browser via a prototype add-on. Stamm was, at the time, a privacy engineer at Mozilla, while Soghoian soon afterward started working at the FTC.[6] One year later, during a U.S. Senate privacy hearing, FTC Chairman Jon Leibowitz told the Senate Commerce Committee that the commission was exploring the idea of proposing a "do-not-track" list.[1]

In December 2010, the FTC issued a privacy report that called for a "do-not-track" system that would enable people to avoid having their actions being monitored online.[7]

One week later, Microsoft announced that its next browser would include support for Tracking Protection Lists that block tracking of consumers using blacklists supplied by third parties.[8] In January 2011, Mozilla announced that its Firefox browser would soon provide a Do Not Track solution, via a browser header.[9] Microsoft's Internet Explorer 9,[10] Apple's Safari,[11] Opera[12] and Google Chrome[13] all later added support for the header approach.

In August 2015 a coalition of privacy groups led by the Electronic Frontier Foundation using W3C's Tracking Preference Expression (DNT) standard proposed that "Do not track" be the goal for advocates to demand of businesses.[14]

In January 2019, the W3C Tracking Protection Working Group was disbanded, citing "insufficient deployment of these extensions" and lack of "indications of planned support among user agents, third parties, and the ecosystem at large".[15][16] Beginning the following month, Apple removed DNT support from Safari, citing that it could be used as a "fingerprinting variable" for tracking.[17]

Internet Explorer 10 default setting controversy

When using the "Express" settings upon installation, a Do Not Track option is enabled by default for Internet Explorer 10 and Windows 8.[18] Microsoft faced criticism for its decision to enable Do Not Track by default[19] from advertising companies, who say that use of the Do Not Track header should be a choice made by the user and must not be automatically enabled. The companies also said that this decision would violate the Digital Advertising Alliance's agreement with the U.S. government to honor a Do Not Track system, because the coalition said it would only honor such a system if it were not enabled by default by web browsers.[20] A Microsoft spokesperson defended its decision however, stating that users would prefer a web browser that automatically respected their privacy.[21]

On September 7, 2012, Roy Fielding, an author of the Do Not Track standard, committed a patch to the source code of the Apache HTTP Server, which would make the server explicitly ignore any use of the Do Not Track header by users of Internet Explorer 10. Fielding wrote that Microsoft's decision "deliberately violates" the Do Not Track specification because it "does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization". The Do Not Track specification did not explicitly mandate that the use of Do Not Track actually be a choice until after the feature was implemented in Internet Explorer 10.[22] According to Fielding, Microsoft knew its Do Not Track signals would be ignored, and that its goal was to effectively give an illusion of privacy while still catering to their own interests.[23] On October 9, 2012, Fielding's patch was commented out, restoring the previous behavior.[24][25]

On April 3, 2015, Microsoft announced that starting with Windows 10, it would comply with the specification and no longer automatically enable Do Not Track as part of the operating system's "Express" default settings, but that the company will "provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so".[26]

Adoption

Very few advertising companies actually supported DNT, due to a lack of regulatory or voluntary requirements for its use,[27] and unclear standards over how websites should respond to the header. Websites that honor DNT requests include Medium and Pinterest.[28] Despite offering the option in its Chrome web browser, Google did not implement support for DNT on its websites, and directed users to its online privacy settings and opt-outs for interest-based advertising instead.[29] The Digital Advertising Alliance, Council of Better Business Bureaus and the Data & Marketing Association does not require its members to honor DNT signals.[30]

Use of ad blocking software to block web trackers and advertising has become increasingly common (with users citing both privacy concerns and performance impact as justification), while Apple and Mozilla began to add privacy enhancements (such as "tracking protection") to their browsers, that are designed to reduce undue cross-site tracking. In addition, laws such as the European Union's General Data Protection Regulation (GDPR) have imposed restrictions on how companies are to store and process personal information.[29][2]

Princeton University associate professor of computer science Jonathan Mayer, who was a member of the W3C's working group for DNT, argued that the concept is a "failed experiment".[29]

Global Privacy Control

Global Privacy Control (GPC) is a proposed HTTP header field and DOM property that can be used to inform websites of the user's wish to have their information not be sold or used by ad trackers.[31] GPC was developed in 2020 by privacy technology researchers such as Wesleyan University professor Sebastian Zimmeck and former Chief Technologist of the Federal Trade Commission Ashkan Soltani, as well as a group of privacy-focused companies including the Electronic Frontier Foundation, Automattic (owner of Tumblr and WordPress), and more.[32]

The signal has been implemented by DuckDuckGo's private browser and extension, The New York Times, and privacy browser Brave and is supported by Firefox creator, Mozilla[33] as well as the California Attorney General.[34] Notably, Google Chrome has not yet implemented the signal,[35] despite still allowing users to enable the now depreciated Do Not Track header.[36] However, there are third-party extensions available for Chrome if users want to send the GPC header with their requests, including the Privacy Badger extension by The Electronic Frontier Foundation,[37] the DuckDuckGo Privacy Essentials add-on,[38] and more.

One key difference between the Do Not Track header and GPC is that GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.[34] In July 2021, the California Attorney General clarified through an FAQ that under law, the Global Privacy Control signal must be honored.[34]

On August 24, 2022, the California Attorney General announced Sephora paid a $1.2-million settlement for allegedly failing to process opt-out requests via a user-enabled global privacy control signal.[39]

See also

References

  1. ^ a b Corbin, Kenneth (July 28, 2010). "FTC Mulls Browser-Based Block for Online Ads". Internet News. Retrieved November 20, 2009.
  2. ^ a b Fleishman, Glenn (March 7, 2019). "How the tragic death of Do Not Track ruined the web for everyone". Fast Company.
  3. ^ Goodrich, Ben (May 1, 2012). "An Analysis of the 'Do Not Track' Header" (PDF).
  4. ^ "DNT - HTTP". Retrieved October 13, 2024.
  5. ^ "The History of the Do Not Track Header" (PDF). Center for Democracy and Technology. October 31, 2007. Retrieved February 22, 2012.
  6. ^ Zetter, Kim (August 17, 2009). "Outspoken Privacy Advocate Joins FTC". Wired News. Retrieved November 20, 2009.
  7. ^ Angwin, Julia (December 2, 2010). "FTC Backs Do-Not-Track System for Web". Wall Street Journal. Retrieved February 22, 2012.
  8. ^ Angwin, Julia (December 7, 2010). "Microsoft to Add 'Tracking Protection' to Web Browser". Wall Street Journal. Retrieved February 22, 2012.
  9. ^ Julia Angwin (January 21, 2011). "Web Tool On Firefox To Deter Tracking". Wall Street Journal. Retrieved February 22, 2012.
  10. ^ Angwin, Julia (March 15, 2011). "Microsoft Adds Do-Not-Track Tool to Browser". Wall Street Journal. Retrieved February 22, 2012.
  11. ^ Nick Wingfield (April 14, 2011). "Apple Adds Do-Not-Track Tool to New Browser". Wall Street Journal. Retrieved April 14, 2011.
  12. ^ Opera Desktop Team (February 11, 2012). "Core update with Do Not Track, and mail and theme fixes". Opera blog. Archived from the original on March 10, 2013. Retrieved February 10, 2012.
  13. ^ "Longer battery life and easier website permissions". Chrome blog. November 6, 2012. Retrieved November 7, 2012.
  14. ^ Abel, Jennifer (August 6, 2015). "Privacy groups offer "Do Not Track" compromise; will online advertisers and publishers accept it?". ConsumerAffairs. Retrieved August 10, 2015.
  15. ^ "WG closed · w3c/dnt@5d85d6c". GitHub. Retrieved February 7, 2019.
  16. ^ Hill, Kashmir (February 6, 2019). "Apple Is Removing 'Do Not Track' From Safari". Gizmodo. Retrieved February 7, 2019.
  17. ^ "Apple is removing the Do Not Track toggle from Safari, but for a good reason". Macworld. February 7, 2019. Retrieved October 24, 2019.
  18. ^ "Internet Explorer 10 Released for Windows 7". PC Magazine. November 13, 2012. Retrieved December 22, 2012.
  19. ^ Brendon Lynch (August 7, 2012). "Do Not Track in the Windows 8 Setup Experience". Microsoft on the issues blog. Archived from the original on August 8, 2012.
  20. ^ "Microsoft ticks off advertisers with IE10 'Do Not Track' policy". CNET. June 1, 2012. Retrieved September 8, 2012.
  21. ^ "Microsoft's "Do Not Track" Move Angers Advertising Industry". Digits. The Wall Street Journal. Retrieved September 8, 2012.
  22. ^ "Microsoft sticks to its guns, keeps Do Not Track on by default in IE10". Ars Technica. August 8, 2012. Retrieved May 14, 2013.
  23. ^ Shankland, Stephen (September 7, 2012). "Apache Web software overrides IE10 do-not-track setting". CNET. Retrieved April 13, 2024.
  24. ^ "Apache Won't Override Do-Not-Track Headers". MediaPost Communications. October 9, 2012. Retrieved December 22, 2012.
  25. ^ "Keep this in, but commented out: also provide a little · apache/httpd@3dd6fb6". GitHub. Retrieved July 4, 2017.
  26. ^ "Microsoft rolls back commitment to Do Not Track". Computerworld. IDG. April 3, 2015. Retrieved April 3, 2015.
  27. ^ "Here's The Gaping Flaw in Microsoft's 'Do Not Track' System For IE10". Business Insider. Retrieved September 8, 2012.
  28. ^ Bacchus, Arif (October 15, 2018). "Millions of People Use 'Do Not Track' Tool Which Does Nothing". Digital Trends. Designtechnica Corporation. Retrieved November 1, 2019.
  29. ^ a b c "'Do Not Track' Privacy Tool Doesn't Do Anything". Gizmodo. October 15, 2018. Retrieved October 24, 2019.
  30. ^ "Digital Advertising Alliance Gives Guidance to Marketers for Microsoft IE10 'DO NOT TRACK' Default Setting". Retrieved October 10, 2012.
  31. ^ "Global Privacy Control (GPC)". privacycg.github.io. Retrieved August 17, 2024.
  32. ^ "Frequently Asked Questions | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024. Who is supporting the development of GPC?
  33. ^ "Founding Organizations | Global Privacy Control". globalprivacycontrol.org. Retrieved August 17, 2024.
  34. ^ a b c "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. October 15, 2018. Retrieved August 17, 2024.
  35. ^ "Chrome Privacy Now!". Chrome Privacy Now!. Retrieved August 17, 2024.
  36. ^ "Turn "Do Not Track" on or off". Google Chrome Help. Google Inc.
  37. ^ "Privacy Badger". Electronic Frontier Foundation. Retrieved August 17, 2024. What is Global Privacy Control (GPC)?
  38. ^ "Global Privacy Control (GPC) Enabled by Default in DuckDuckGo Apps & Extensions". Spread Privacy. January 28, 2021. Retrieved August 17, 2024.
  39. ^ Merken, Sara (August 24, 2022). "Sephora to pay $1.2 mln in privacy settlement with Calif. AG over data sales". Reuters. Archived from the original on May 10, 2023. Retrieved June 13, 2024.