It might seem like having privacy turned on by default would be a good feature, a major selling point for a browser. This is what Microsoft touted, and though when they enabled Do Not Track (DNT) by default in Internet Explorer 10.
For those who aren’t aware of this setting, it is a recent addition to web standards that allows a user to express their preference for privacy. It is a way of telling the web server that the user does not want to be tracked for targeted advertisements and such.
Unfortunately Microsoft’s Privacy-by-Default stance With Internet Explorer 10 doesn’t seem to sit well with Roy Fielding. In fact it compelled him to create a patch for Apache that would ignore this setting if it detected that the user was using Internet Explorer 10.
As expected this has sparked off a debate about over the standard, whether Microsoft’s approach is in compliance with it and whether Apache’s move—or at least the patch—is justified. There are good points on either side but a few facts about this standard are important to know.
Firstly, it is up to the advertisement service in question to even follow the user’s preference, it is entirely up to them. Having that setting on does not magically make all user tracking go away.
If all browsers were to turn on the Do Not Track setting by default, it would render the setting meaningless, since it is no longer a user preference, but just an extra bit of text being sent to all servers. If do not track has to be the default setting then it needs to be part of law, not part of a standard that can be ignored at will.
It is true that Microsoft shows a screen that lets you either use the express default IE 10 setting, or customize settings, including whether do not track is on. However is that enough? Arguably it is not.
There needs to be a level of understanding between advertisers and browsers that the user expressed a personal preference for privacy over personalization, so advertisers have a good reason to honour it. So it isn’t even about following the standard to the letter, but of creating a reasonable expectation that the do not track setting is a personal preference and not a default.
In the end it doesn’t matter if a user feels better by clicking on a checkmark that says “Do Not Track”, because it is pointless if the setting is ignored. To have the setting honoured, advertisers need to know that it is the user’s choice. If they feel that it is not the users choice, they can ignore it anyway, and if they have no way of knowing whether it is the user’s choice or not, then they can ignore it as well.
Many people are responding negatively to this change, saying that it favours advertisers over consumers. The bigger picture however is that the Apache web server is open source, so this change could have been made by anyone for their private Apache server instance anyway, in the same way people can build and provide a version of Apache server without this “feature”.
In a lane of cars with everyone following rules, a reckless driver can always get ahead by breaking rules, dodging between cars and getting ahead. That is what Microsoft is doing. If everyone were to break the rules and drive however they want though, you can imagine what would happen.
