Will Do Not Track make a difference to web privacy?

Private sign

Private signEarlier this week the World Wide Web Consortium (W3C) released the first drafts of two new privacy standards aimed at simplifying and standardising how websites read and comply with web users’ privacy settings.

The Tracking Preference Expression and Tracking Compliance and Scope standards define a ‘Do Not Track’ (DNT) mechanism that will allow users to opt out of the sort of tracking increasingly used for web analytics and behavioural advertising.

The W3C working group who produced the draft included representatives from some of the web’s biggest companies including Apple, Google and Facebook.

It’s not unusual for these organisations to take part in drafting W3C standards but I wonder if some of them are feeling a slight conflict of interest. Agreeing to a Do Not Track standard could obviously have a negative impact on organisations like Google and Facebook who rely on targeted advertising.

Perhaps they feel it’s better to be inside the tent or perhaps, as the draft suggests, DNT is in the interests of advertisers because annoying their users is counter-productive.

Or perhaps, as some cynics suggests, an answer can be found in the timing of the release of the finished version of the DNT standard.

European CommissionBack in June the European Commission told the technology industry in no uncertain terms that if it didn’t agree a Do Not Track standard by the midde of 2012, it would be forced to act.

Coincidentally the final recommendation of the DNT standard is scheduled for 2012.

A slew of controversies across Europe and the US may also have convinced the industry that it is better off regulating itself than being policed or dictated to by law makers.

So will the advent of DNT-enabled browsers usher in an age of web browsing without being tracked and targeted?

The new standard says that if a browser is incapable of issuing Do No Track instructions then it should be handled as if it has opted-out of Do Not Track rather than opted-in. So users will need to upgrade to a new generation of DNT compliant browsers to get the ball rolling.

Of course just because a browser can do something it doesn’t mean it will. I don’t know yet if the browser vendors are intending to switch DNT on by default but Firefox, which already implements its own version of DNT, currently has it off by default.

Firefox do not track option - off by default

And then finally, once we have a generation of DNT browsers in-the-wild we’ll need a generation of DNT compliant websites and applications to go with them. Perhaps once there is final recommendation in place the law makers will do us all a favour and rattle their sabres again.

You can probably tell that I’m not holding my breath on this one.

When DNT does become commonplace there will surely be a lot of money to be made in successfully working around it.

We’ve already seen some very inventive tactics from advertising and analytics companies looking to work around users who who delete their cookies.

CookiesSince tracking tends to rely on cookies you might think that deleting them would be enough to prevent it. Sadly it’s not. Researchers have shown that advertisers can work around users who delete their cookies by using Flash cookies or HTML 5 storage for the same purpose. Most creepily they can even resurrect delete cookies zombie-like using ETags.

However rocky the road to adoption is though the W3C and the organisations in the working group deserve praise for delivering a simple standard.

At its heart DNT is a simple on/off toggle. Hopefully this will make it easy for privacy concious web-users to define the information they want to share with advertisers and online business. As Lisa Vaas explained earlier this month current privacy tools fail users not because they don’t work, but because they are incredibly difficult to use.