Phuket Live Wire: The real meaning of ‘Do Not Track’

PHUKET: Professionally, I live in a world that’s just about equally divided between people who run around with tin foil hats on their heads, and people who don’t particularly care about internet privacy.

In 1999, Scott McNealy, the former CEO of Sun Microsystems, famously said, “You have zero privacy anyway. Get over it.” Steve Manes, the guy who wrote the original article quoting Scott, continued, “He’s right on the facts, wrong on the attitude… Instead of ‘getting over it,’ citizens need to demand clear rules on privacy, security and confidentiality.”

Times have changed a bit. Scott spent more than 20 years as head of Sun. He’s not in the computer business any more; he’s the commissioner of the Alternative Golf Association. Larry Ellison’s Oracle bought Sun in 2010. Steve Manes (“man-iss”) – who’s a great guy, in addition to being a tremendous writer – realized a long-held dream and started writing kids’ books, movie scripts and non-fiction.

So who’s right? Scott or Steve? I’m inclined to agree with Steve, but Scott certainly does have a point.

One month ago today, Microsoft made a huge step in the direction of helping to protect consumer privacy. Yes, that Microsoft.

To explain exactly what Microsoft did, I have to dig a bit into the technology, so bear with me.

Whenever you go to a web site, your browser leaves certain fingerprints: the name of your browser, your operating system, your IP address, time zone, screen size, whether cookies are enabled, the address of the last web site you visited, that kind of thing. I’m not talking about cookies. I’m talking about data that’s inside the “header” at the beginning of the interaction with every web page.

Even if you go “incognito” (in Chrome), “private” (in Firefox), or “In Private” (in Internet Explorer), your browser still sends all of that information to every site, every time you visit.

The Do Not Track proposal – and it’s only a proposal at this point – would assign one more bit in the header that says, “The person using this browser requests that you not track anything they are doing.”

Do Not Track (DNT to its friends) was originally developed by Firefox. You can turn on DNT in any recent version of Firefox by clicking the Firefox button, Options, Privacy, and checking the box that says “Tell web sites I do not want to be tracked.”

At this point, Twitter and Yahoo state categorically that they support Do Not Track: if you have the DNT bit set in your browser, those sites promise that they won’t track you at all. Google and AOL have also committed to supporting DNT although, as of this writing, I don’t think either of them has actually implemented it.

Here’s what Microsoft did that’s so revolutionary: In the test version of the upcoming, new Internet Explorer 10 browser, Microsoft turned on the DNT bit by default. If you want to turn off DNT, you can, but if you don’t do anything, IE 10 signals to every site that you visit that you don’t want to be tracked.

As with everything internet related, DNT isn’t cut-and-dried. There are lots and lots of nuances.

First and foremost, it’s entirely voluntary: Web sites can ignore the DNT bit if they want to. Second, the precise definition of “track” can get a little squishy.

Third, there’s no possible way to enforce the DNT settings – no way to tell which of the billions of web sites now readily accessible even claim to have a DNT policy, much less implement it.

Eighteen months ago, the US Federal Trade Commission published a report (W: 1.usa.gov/hUv6qF) that endorsed the idea, but didn’t fill out the details.

Since then, the major tracking companies and browser manufacturers (Google happens to fall into both camps, as does Microsoft) have been negotiating and fleshing out the details of a possible DNT approach.

Eighteen months later, we still don’t have anything definitive – no proposals, no regulations. While the rest of the world runs on internet time, the W3C – the internet standards body, which has representatives from both the tracking companies and the browser companies – runs in very slow motion.

The W3C came out in opposition to Microsoft’s move. Their opinion is that users need to express their own preference, and the browser maker should not make the decision for them.

Some members of the W3C committee on DNT wanted the group to go on record as saying that websites should ignore IE 10’s DNT setting because users had not been forced to make the decision themselves. Of course, the same group is quiet about Firefox’s decision to make DNT a rather obscure option.

Microsoft certainly has ulterior motives in all of this, but that doesn’t lessen the impact of their decision to enable DNT by default in their next browser. Suddenly, DNT is front and center on the political agenda – not just among geeks, and not just in the US – and with a bit of luck we’re going to see some movement on the topic.

Will DNT spell the end of advertising as we know it? Of course not. But, it probably will lessen the tracking companies’ ability to target ads.

Last week, the European Commission asked W3C to require browser makers to offer DNT as an option when the browser is installed or used for the first time. Microsoft’s shot across the bow has brought some action, at long last.

Of course, it doesn’t really say anything about how DNT should be enforced on web sites, if at all. But it is a step in the right direction. Even for the folks who wear tin foil hats.

If you have a browser that supports DNT, you can check to see if it’s working at my browser testing site.

Woody’s Sandwich Shoppes hold computer sessions under the tutelage of Seth Bareiss every other Wednesday afternoon, from 1 to 3pm. If you have a Windows problem that needs to be solved, drop by one of Seth’s free afternoon sessions. Details in the Phuket Gazette Events Calendar.

Follow him on Twitter: @PhuketLiveWire, and “like” the pages at facebook.com/SandwichShoppe and facebook.com/phuketgazette.net.

— Woody Leonhard