Can Apache's Do-Not-Track Killer Survive?

Roy Fielding, an influential computer programmer who helped found Apache, has taken it upon himself to create a "patch" that prevents publishers from ever seeing the do-not-track settings in Internet Explorer 10.

Fielding says he did so because he disapproves of Microsoft's decision to enable do-not-track by default for IE10. "Apache does not tolerate deliberate abuse of open standards," Fielding says in a post about the patch.

But many observers argue that Microsoft's latest version of IE10 complies with standards of the World Wide Web Consortium -- a broad-based group that is working to set guidelines for do-not-track.

Microsoft said in May that IE10 would ship with do-not-track set to "on" by default. The company later backtracked and said that Windows 8 will offer users two choices at installation: "express settings" or customized. Only the express settings will include do-not-track by default.

The W3C has said that users should give "explicit and informed consent" to do-not-track; some members of W3C have said that the Windows 8 installation process meets that standard, though others disagree.

Regardless of whether people approve of Microsoft's settings, this much is clear: The do-not-track header doesn't in itself change whether users are tracked. All the setting does is send a signal to publishers and ad networks. It's those companies who interpret the signal and decide whether to ignore it or honor the request.

Fielding's patch for Apache -- the open source software used by around 60% of Web publishers -- takes away that choice from companies by stripping out the header at the server level.

At the same time, publishers who dislike Fielding's patch can themselves override it. Some might have good reason to. For instance, if they say in their privacy policies that they honor do-not-track headers, they might have to change Apache's settings in order to comply with their own privacy policies.

Meantime, one critic of the patch, privacy advocate and Stanford grad student Jonathan Mayer, has reported it as a "bug" -- which means that there's a chance it will be reversed in the next version of Apache. The company ships new versions regularly. "I would wager this is not going to stay in Apache," he tells MediaPost.

Tags: privacy
Recommend (2)
1 comment about "Can Apache's Do-Not-Track Killer Survive?".
  1. Robert Repas from Machine Design Magazine , September 11, 2012 at 10:28 a.m.
    If anyone has abused the standard, it's Fielding himself. He has taken away the choice of the consumer by stripping the header, even if that consumer wanted the Do-Not-Track active. He should reverse his own actions immediately, and issue an open apology to Microsoft and every user of Apache for his flagrant abuse of his position. If I were the Apache Foundation, I would seriously consider banning him from ever working on the web server again, even if he WAS one of its creators.