Mozilla Raises Stakes On Do-Not-Track Headers

Two years ago, Mozilla announced that Firefox would offer do-not-track headers that, theoretically, enable people to opt out of online behavioral advertising.

The headers don't actually block the tracking cookies that allow ad networks to determine which sites users visit and serve them personalized ads. But Mozilla -- and others, including the Federal Trade Commission -- clearly hoped that publishers and ad networks would honor the signals.

Instead, privacy advocates, industry representatives and computer scientists in the World Wide Web Consortium have spent much of the last two years debating the best way to respond to the signals. Privacy advocates say that ad networks should stop collecting information about the sites that users visit, if their do-not-track headers are turned on. Web companies say they're prepared to stop serving those users personalized ads, but still want to collect information about the sites they visit and the ads they see.

The upshot is that do-not-track headers, now offered by every major browser, remain purely symbolic.

Now, Mozilla is raising the stakes by announcing that its Firefox browser -- which accounts for around 20% of the desktop market -- will soon start blocking third-party tracking cookies by default. Privacy advocate Jonathan Mayer, a Stanford grad student and author of the new no-tracking patch, announced the move Friday on his blog. He said the patch will bring Firefox's settings closer to Safari's settings by blocking third parties that users have no relationship with, but not first parties.

Mozilla privacy head Alex Fowler confirmed today that the company plans to deploy Mayer's patch. "Many years of observing Safari’s approach to third party cookies, a rapidly expanding number of third party companies using cookies to track users, and strong user support for more control is driving our decision to move forward with this patch," he wrote.

At the same time, Fowler says the patch is only in what he calls a "very early developer build of Firefox," adding that it will undergo "Mozilla’s usual vetting process."

That statement implies that there could be significant changes to the patch before it's released. Mayer himself -- who is participating in W3C's efforts to develop guidelines interpreting do-not-track headers -- hints that the browser's settings might be tweaked in the future, if companies start honoring do-not-track commands. He blogs that he's interested in pursuing several courses of action in the future, including "relaxing the cookie policy for websites that honor Do Not Track."

Privacy advocates and ad industry executives had very different reactions to the news.

Jeff Chester, a longtime privacy proponent, says that it shows Mozilla's "serious commitment" to addressing online profiling and privacy. He adds that the move shows that people are losing patience with the W3C's efforts to reach a consensus. "Browsers like Mozilla will try to take matters in their own hands," he says.

Chester adds that others are contemplating "countermeasures" to the ad industry -- including blocking technologies.

Not surprisingly, the ad industry isn't taking the news well. Stu Ingis, counsel to the self-regulatory group Digital Advertising Alliance, warns that the patch would "negatively impact the entire Internet ecosystem."

Ingis adds that he considers the patch merely a "proposal." But, he says, should it come about, the development "would be a horrible thing for consumers."

He says that the default settings would remove some anonymous click-stream data from the online ecosystem -- which, in turn, could result in a drop in the ad dollars that finance a good deal of online content. "Is everybody just going to work for free?" he asks.

Of course, publishers can always set first-party cookies -- which will still allow the biggest companies to track people across a wide swath of sites. Also, ad networks might turn to new tracking methods if they can't use cookies.

Still, there's no question that many online ad companies view the prospect of cookie-blocking as a significant threat. Whether that will be enough to spur agreement on do-not-track headers remains to be seen.

Tags: privacy
Recommend (2)
2 comments about "Mozilla Raises Stakes On Do-Not-Track Headers".
  1. Steve MC from GRUNI , February 27, 2013 at 6:11 a.m.
    Kudos to Jonathan Mayer and Mozilla for taking matters into their own hands. The value of targeted ads is low compared to the value of the data being collected. Consumers want to control their personal info that's being collected and distributed. The DAA's argument is lame. Ethical companies always find a way to adapt to broad consumer demand. So, the impact to the Internet ecosystem will only be felt by the companies that fail to adapt to the will of the people. In the end, its always about win - win. Right?
  2. Domenico Tassone from Viewthrough Measurement Consortium , February 27, 2013 at 2:43 p.m.
    Steve, your argument makes no sense. The value of targeted ads is actually pretty high and is only possible to do when you are able to collect data. Consumers want free stuff and only a small group actually proactively take steps to control their personal info. This whole discussion is an another overreach by the Feds. A much bigger problem is credit bureaus and with all the regulation and money wasted on just a few companies you would think the bureaucrats would be able to make it work right. And, an incorrect credit file can really hurt people...how is online ad information actually harming anyone? I'd like to see publishers limit content to users that insist on blocking ads and 3rd party cookies. There is no such thing as a free lunch.