The demise of the Do Not Track (DNT) standard is a tale of“cynical” behavior from advertising companies that fought hard to undermine the standard, yet the growing mistrust of media platforms could yet see consumers given tools to fight back. Apple’s decision to remove DNT from its Safari browser is widely seen as the end of the standard that allowed browsers to send a notification to websites and advertising partners requesting that users are not tracked. In theory, it was the privacy tool that should have given consumers power to reduce intrusive cross-site data mining – but it was never widely adopted by the advertising firms. “The biggest issue for DNT was that it was not self-enforcing and had no regulatory teeth,” explained Alan Toner, a data protection special advisor to the Electronic Frontier Foundation. “From an ad-tech and analytics company point of view, every day that their use of user data is unencumbered is a good day for them. There’s money in advertising – most of that is Facebook and Google – but the other ad-tech companies are making money too, and they’re not going to voluntarily comply.”
DNT was first mooted as a solution to tracking ads more than a decade ago. With legislators threatening to force advertising companies and websites to stop tracking user behavior, the industry came together with privacy groups to work on DNT as a World Wide Web Consortium (W3C) standard in 2009. According to people associated with the negotiations at the time, the advertising industry scuppered DNT by introducing so many exemptions that privacy technicians working on the specification walked away. “I departed the W3C’s Do Not Track working group because progress had stalled, and I did not see a viable path forward,” said Jonathan Mayer, now an assistant professor at Princeton University, citing intransigence and obstructions from the advertisers. For example, in 2012 the Digital Advertising Alliance, an umbrella organization for several advertising-industry campaign groups, argued that “marketing should be added to the list of permitted uses for third parties and service providers” in the specifications. Advertising, too, should be added to the list of exemptions, the industry argued, which effectively undermined the entire process.
“So all advertising and marketing – the landscape where
all the practices which have raised privacy and consumer protection concerns – would not have to comply with DNT,” complained JeffChester, CEO of the Centre for Digital Democracy, at the time. “Forget about worries related to behavioral targeting, retargeting, social media influencer targeting, geolocation tracking and invisible scores about your finances – according to the values of the US industry lobbyists, these practices are merely harmless expressions of commerce.” According to advertisers, the proposals would have damaged the web economy and threatened content providers, but critics believe the ad-tech industry made spurious arguments in a bid to thwart DNT. “In the end, talks stalled over definitions,” said Toner. “What these companies claimed was, ‘We don’t know what DNT means – as the policy document at the W3C is not finalized, then it’s not clear what users mean when they turn it on’. So they decided that, until then, they could just continue tracking users as much as they liked. It was cynical.” In the end, many browsers did introduce tools for users to switch on DNT, but in the absence of any legally-binding agreement, the ad-tech industry simply ignored DNT requests, leading to accusations they were misleading consumers. Instead, ad companies pushed for a self-regulating approach, where the industry offered tools that users could use to limit what companies could do with their data. Either via browser cookies or ad-tech schemes such as AdChoices, the industry promised granular controls over tracking and how it would be used, but advertising companies admit they dismissed DNT requests. “Like most websites, Google does not respond to browser-based DNT headers,” a Google spokesperson told us. “Chrome already offers users the ability to control cookies and their online browsing experience.
“Users can also opt out of personalized ads via Ad Settings and the AdChoices industry program. The effect of the personalized ads opt-out is that a user will not have ads targeted based on inferred interests, and their user identifier will be redacted from the real-time bid request.” However, the schemes have done little to satisfy campaigners, who believe they don’t deliver the same robustness as DNT and are too easily manipulated. Self-regulation, they argue, has given the industry carte blanche to write its own rules. “They’ve persisted in trying to defend the really pathetic and inadequate self-regulatory schemes that revolve around incredibly cumbersome opt-outs, that require users to go through multiple different steps and end up needing you to install a cookie, and of course users were continually deleting cookies and things like that,” said Toner. “So almost nobody uses these schemes, and that’s the idea of them – they’re a fig leaf. “Users get to opt out of their information being used to target adverts at them, not from their information being collected. The privacy problem is still there.”
With privacy scandals and data leaks becoming a nearly daily occurrence, there is an increasing array of tools available for end users to take more control of who gets access to the browsing data. Disconnect relies on a blacklist of tracking companies to automatically detect when a browser tries to make a connection to anything other than the site being visited, blocking requests from alien sites and tracking companies.
Ghostery A stalwart of the privacy brigade, Ghostery blocks adverts but also blocks trackers on websites to control who can collect data. An enhanced Anti-Tracking the feature also anonymizes data to further protect privacy.
Apple’s Safari ITP2 Intelligent Tracking Prevention is an on-by-default tracking blocker in Safari that attempts to beat snoopers. Websites can send requests to be allowed to drop a cookie, allowing them to track users with permission. PrivacyBadger The Electronic Frontier Foundation’s Privacy Badger is a browser plugin created using underlying technology from Disconnect and has many of the same benefits. Its unique selling point in that it requires no custom configuration to block non-consensual trackers.