Google has finally added support for the DNT (Do Not Track) header to their latest developer build of Chrome. The modification is likely to make it into an official release of Google’s popular web browser before the end of the year.
Do Not Track is a feature that allows users to express a simple yes or no preference about being tracked online.
Chrome is the last of the major browsers to include support for Do Not Track and it means that 2013 is shaping up to be a very important year for web privacy.
The DNT preference tells browsers to send a signal (an HTTP header) to websites that says, simply,
DNT:1 for “it’s not OK to track me” and
DNT:0 for “it’s OK to track me”.
Currently websites are not obliged to obey these signals and at the moment it’s likely that most websites are functionally unable to obey them (with Twitter the honourable exception). So in practical terms DNT is not a viable way to protect your privacy online today and nor will it be in the near future.
As unpromising as that sounds Do Not Track has the backing of US and European governments and industry giants like Adobe, Microsoft, Google and Mozilla. For all it’s faults it is the only web privacy game in town.
Users can only express a DNT preference if they have the a browser that knows how to send the DNT header and that’s why support for DNT in Chrome, one the most popular browsers, is a small but important step forward.
So as of 2013 users of all the major web browsers will be capable of telling websites their tracking preference but only one browser, Microsoft’s IE10, will take the step of assuming users do not wish to be tracked by default.
Chrome, as well as other browsers like Safari and Firefox, will assume that you are expressing no preference about being tracked until you actively switch your DNT setting on or off. Expressing no preference leaves websites free to decide for you if you’d like to be tracked. At the time of writing the draft specification states (with my emphasis):
In the absence of regulatory, legal, or other requirements, servers may interpret the lack of an expressed tracking preference as they find most appropriate for the given user, particularly when considered in light of the user's privacy expectations and cultural circumstances.
Putting the choice in the hands of website owners instead of web users is exactly where we are today so it’s probably safe to assume that expressing no preference will continue to be treated as a de facto
However if you upgrade to IE10 your situation will be even worse.
The draft Do Not Track specification explicitly forbids vendors from creating products with a DNT preference set by default. In such a situation websites are free to ignore DNT signals completely.
Accordingly The Apache Software Foundation, suppliers of the world’s most popular web server, have responded to Microsoft’s initiative by announcing that newer versions of their httpd web server will ignore all DNT headers from IE10.
So just as we get to announce that Google has finally joined the Do Not Track club and it seems like we have all the major players signed up – Microsoft, albeit for all the right reasons, appears to be leaving by the back door.
Photo by CMEarnest (Own work) [CC-BY-SA-3.0], via Wikimedia Commons
Woman with laptop on mountain image, courtesy of Shutterstock.