Whenever an average consumer is confronted with the idea of "opting in," typically they don't bother. They are not aware they have a choice, it's too complicated to follow through or they simply don't understand the importance.
A great example of this is Facebook's introduction of HTTPS via opt-in back in January. In a post on the Facebook developer blog, Naitik Shah points out that 9.6 million Facebook users are now using HTTPS on the service.
This sounds like a big number, but it is less than two percent of Facebook users, a rather dismal example of why security and privacy should be the default, not the alternative.
Similarly this week there has been talk of the ad industry's voluntary do-not-track HTTP header. At a privacy conference Mozilla's Alex Fowler noted that only one to two percent of Firefox users have enabled the do-not-track option.
Introduced in Firefox 4, the do-not-track option is rather difficult to locate. Fowler said that in future updates the do-not-track option will "be much more prominently displayed."
Internet Explorer 9 includes a do-not-track feature that is even better hidden. To enable this functionality, you need to click the Sprocket -> Safety -> Tracking Protection -> Your Personalized List -> Enable.
Chrome users are on their own and don't have an integrated option to enable do-not-track. Keith Enright, Google's senior privacy counsel, said to the Wall Street Journal, "I don’t know what a do-not-track header is, I don’t know what it means."
Mozilla announced that the new beta version of Firefox for Google Android will support do-not-track, making it the first mobile browser to support the option. The question is, does it matter?
Currently less than ten percent of ads are displaying an icon indicating to users that their personal information is being collected. Very few advertising companies seem to be voluntarily honoring the do-not-track headers, which may stymie the industry's efforts to avoid government regulation.
Senators Kerry and McCain are co-sponsoring a bill in the US Senate titled "Commercial Privacy Bill of Rights Act of 2011" which would require advertisers to respect users' privacy or find themselves in violation of the law.