Do Not Track is the name given to a set of standards that will allow users to specify whether their web surfing can be tracked by third parties, such as the advertising industry. The idea has been around for some time, but was given traction when the FTC recommended its development in 2010. The implication is that if the industry doesn’t do it voluntarily; the legislators will make it compulsory ("Such a universal mechanism could be accomplished by legislation or potentially through robust, enforceable self-regulation," said the FTC). The idea being developed by W3C is a header in the browser that can be set to either do not track me, you may track me, or I have no preference. Websites will read this header in the browser and respond accordingly.
But while privacy advocates and security professionals largely welcome this move, the advertising industry does not. At base lies a current shift in advertising methodologies, from ‘contextual’ to ‘re-targeting’. Contextual is what we’ve had for years. Advertisements are placed where ‘visitors’ are likely to be relevant to the product; sports goods on a sports site; food advertisements on a food television program. The new approach is re-targeting; aiming an advertisment at someone who is known to be interested in the subject. This is generally considered to be many times more effective than contextual advertising – and depends almost entirely on tracking users to know what they like and what they’ve been looking at.
The two sides in the debate are fairly clear. “Web advertising is almost entirely dependent on the ability to track users and make targeted guesses about their interests. Billions of dollars in spending and revenue rely almost entirely on tracking data. DNT threatens it all,” wrote Jim Edwards in Business Insider. He went further, suggesting that Microsoft’s decision to make DNT the default state for its mobile, “could eventually kill off Windows Phone.”
Eric Wheeler (CEO of 33Across, and thus with a vested interest) writing in c/net, comes to a similar conclusion: “Taken as a whole, the potentially dire impact of Do Not Track is clear: the end of a free Internet and a crippling blow to the technology industry.”
Sarah Downey, privacy analyst for online privacy company Abine (and thus with her own vested interest), disagrees with this doom and gloom. “This is the same industry that gave us invasive pop-ups and spam, and advertisers made the same claims about them: that they need these tactics to support their business model and ‘free content’ online,” she recently blogged. “Defending the use of pop-ups in 2000, ad executive Michael Tchong said that ‘All this free content isn’t going to continue to be free unless users pay for it somehow, and the payment is advertising.’ It sounds a lot like what we’re hearing today about online tracking.”
“I'm not buying Eric Wheeler's doom-laden future,” concluded Mark Stockley in the Sophos NakedSecurity blog yesterday, quoting his colleague Paul Ducklin: “Do Not Track is sort of like IPv6. A great idea which will eventually happen, years after some people thought the world would end if we didn't do it within weeks, in a completely different form, and probably for completely different reasons. And at the end we'll say the same thing as we often do. Plus ça change, plus c'est la même chose.”