Do Not Track: Difference between revisions
→References: multicolumned |
→How it works: typo |
||
Line 71: | Line 71: | ||
| url = http://donottrack.us/ |
| url = http://donottrack.us/ |
||
| accessdate = 2011-04-11 |
| accessdate = 2011-04-11 |
||
}}</ref> The execution of this non-tracking directive can only be implemented on the part of the HTTP server, so its enforcement is effectively on the honor system. In this regard, ''do not track'' is similar to the Robots Exclusion standard, which provides a mechanism for HTTP servers to communicate to automatic web-traversing client programs whether those programs are granted permission to access the servers, but entirely relies upon honor and |
}}</ref> The execution of this non-tracking directive can only be implemented on the part of the HTTP server, so its enforcement is effectively on the honor system. In this regard, ''do not track'' is similar to the Robots Exclusion standard, which provides a mechanism for HTTP servers to communicate to automatic web-traversing client programs whether those programs are granted permission to access the servers, but entirely relies upon honor and etiquette on the part of the client for compliance. |
||
Currently, websites are not legally required to comply with ''do not track'' requests, neither by law nor by broad social consensus, and therefore very few websites recognize and respect this privacy signal. |
Currently, websites are not legally required to comply with ''do not track'' requests, neither by law nor by broad social consensus, and therefore very few websites recognize and respect this privacy signal. |
Revision as of 16:43, 4 May 2012
HTTP |
---|
Request methods |
Header fields |
Response status codes |
Security access control methods |
Security vulnerabilities |
The do not track header is a proposed HTTP header field that would request a web application to disable their tracking of a user. The "Do Not Track" header was originally proposed in 2009 by researchers Christopher Soghoian, Sid Stamm and Dan Kaminsky.[1] It is currently being standardized by the W3C.[2]
In January, 2011, Mozilla announced support for the DNT mechanism in its Firefox web browser.[3] Microsoft's Internet Explorer,[4] Apple's Safari[5] and Opera all later added support.[6] It is not currently supported by Google Chrome, but will be incorporated by the end of 2012.[7][8]
The header currently accepts three values, 1 in case the user does not wish to be tracked (opt out), 0 in case the user does (opt in), or null (no header sent) if the user has not expressed a preference. The default is to not send the header, until the user chooses to enable the setting via their browser.
History of Do Not Track
In 2007, several consumer advocacy groups asked the Federal Trade Commission to create a Do Not Track list for online advertising. The proposal would have required that online advertisers submit their information to the FTC, which would compile a machine readable list of the domain names used by those companies to place cookies or otherwise track consumers.[9]
In July, 2009, researchers Christopher Soghoian and Sid Stamm created a prototype add-on for the Firefox web browser implementing support for the Do Not Track header. Stamm was at the time, a privacy engineer at Mozilla, while Soghoian soon after started working at the FTC.[10] One year later, during a US Senate privacy hearing, FTC Chairman Jon Leibowitz told the Senate Commerce Committee that the commission was exploring the idea of proposing a "do-not-track" list.[11]
In December 2010, the FTC issued a privacy report that called for a "do not track" system that would enable people to avoid having their actions monitored online.[12] One week later, Microsoft announced that its next browser would include support for Tracking Protection Lists, that block tracking of consumers using blacklists supplied by third parties.[13] In January, 2011, Mozilla announced that its Firefox browser would soon provide a Do Not Track solution, via a browser header.[14] Microsoft's Internet Explorer,[15] Apple's Safari[16] and Opera[17] all later added support for the header approach. It is not supported by Google Chrome.[18]
How it works
When a web browser requests content or sends data using HTTP it can optionally include extra information in one or more items called "headers". Do not track adds a header (DNT: 1) indicating that the user does not wish to be tracked.[19] The execution of this non-tracking directive can only be implemented on the part of the HTTP server, so its enforcement is effectively on the honor system. In this regard, do not track is similar to the Robots Exclusion standard, which provides a mechanism for HTTP servers to communicate to automatic web-traversing client programs whether those programs are granted permission to access the servers, but entirely relies upon honor and etiquette on the part of the client for compliance.
Currently, websites are not legally required to comply with do not track requests, neither by law nor by broad social consensus, and therefore very few websites recognize and respect this privacy signal.
See also
References
- ^ Soghoian, Christopher. "The History of the Do Not Track Header". Slight Paranoia. Retrieved 22 February 2012.
- ^ "Tracking Protection Working Group". W3C. Retrieved 22 February 2012.
- ^ Angwin, Julia (2011-01-21). "Web Tool On Firefox To Deter Tracking". Wall Street Journal. Retrieved 22 February 2012.
- ^ Angwin, Julia (2011-03-15). "Microsoft Adds Do-Not-Track Tool to Browser". Wall Street Journal. Retrieved 22 February 2012.
- ^ Nick Wingfield (2011-04-14), "Apple Adds Do-Not-Track Tool to New Browser", Wall Street Journal, retrieved 2011-04-14
{{citation}}
: CS1 maint: date and year (link) - ^ Opera Desktop Team (2012-02-11), Core update with Do Not Track, and mail and theme fixes, Opera.com, retrieved 2012-02-10
- ^ Ryan Singel (2011-04-15), "Google Holds Out Against 'Do Not Track' Flag", Epicenter, Wired.com, retrieved 2011-09-01
- ^ "Google and Chrome To Support Do Not Track". Retrieved March 3, 2012.
- ^ "The History of the Do Not Track Header" (PDF). Center for Democracy and Technology. 2007-10-31. Retrieved 22 February 2012.
- ^ Zetter, Kim (2009-08-17). "Outspoken Privacy Advocate Joins FTC". Wired News. Retrieved 2009-11-20.
- ^ Corbin, Kenneth (2010-07-28). "FTC Mulls Browser-Based Block for Online Ads". Internet News. Retrieved 2009-11-20.
- ^ Angwin, Julia (2010-12-02). "FTC Backs Do-Not-Track System for Web". Wall Street Journal. Retrieved 22 February 2012.
- ^ Angwin, Julia (2010-12-07). "Microsoft to Add 'Tracking Protection' to Web Browser". Wall Street Journal. Retrieved 22 February 2012.
- ^ Angwin, Julia (2011-01-21). "Web Tool On Firefox To Deter Tracking". Wall Street Journal. Retrieved 22 February 2012.
- ^ Angwin, Julia (2011-03-15). "Microsoft Adds Do-Not-Track Tool to Browser". Wall Street Journal. Retrieved 22 February 2012.
- ^ Nick Wingfield (2011-04-14), "Apple Adds Do-Not-Track Tool to New Browser", Wall Street Journal, retrieved 2011-04-14
{{citation}}
: CS1 maint: date and year (link) - ^ Opera Desktop Team (2012-02-11), Core update with Do Not Track, and mail and theme fixes, Opera.com, retrieved 2012-02-10
- ^ Ryan Singel (2011-04-15), "Google Holds Out Against 'Do Not Track' Flag", Epicenter, Wired.com, retrieved 2011-09-01
- ^ Do Not Track- Universal Web Tracking Opt-Out, retrieved 2011-04-11