Mozilla Questions IAB's Do-Not-Track Estimates
Zaneis told the Internet standards group World Wide Web Consortium that the proportion of users with do-not-track signals had grown so high that the ad industry couldn't stop serving targeted ads to those people. The industry also believes that many of those signals are turned on by default, or by anti-virus software, and that the headers don't reflect users' actual preferences.
Today, Mozilla's privacy chief Alex Fowler asked for proof of the IAB's contention. “I'm seeing more and more claims of the proliferation of DNT:1 [do-not-track on] online, especially outside the browser context. Can someone point me to a published study or paper that makes this clear and the sources for these signals?” he said in public email to members of the World Wide Web Consortium's tracking protection group. “If we're going to consider this as a factor for which signals are OK and also as a justification for which path we follow, it would be helpful for the basis for this claim to be incontrovertible.”As of Friday afternoon, no one had posted a public response to Fowler's question.
Also on Friday, members of the W3C began voting on the ad industry's proposal about how to interpret do-not-track signals. (The vote isn't binding on the W3C leadership, but gives the participants a chance to go on record with their objections to the various proposals.) The current industry view is that ad networks need not stop targeting people in response to do-not-track signals. Instead, the industry says that companies should practice “data hygiene” when faced with a do-not-track header. While the concept of data hygiene remains vague, one concrete proposal calls for companies to delete URLs of Web users, but retain information about the sites they visit.
Of course, that information can be extremely detailed -- and even more valuable to marketers than the URLs, which arguably are irrelevant without more context. Privacy advocate Jonathan Mayer makes this point in an email to members of the W3C. “The [ad industry] design misses the forest for the trees: There is nothing inherently problematic about URL data,” he writes. “Rather, privacy risks flow from what can be learned from URL data.”
For now, the privacy advocates and ad industry representatives seem hopelessly at odds with each other. But whatever the outcome of the current talks, it's worth noting that the browser manufacturers always have the option of preventing a prevalent form of tracking by blocking ad networks from setting cookies. Safari already does so by default, and Mozilla has said it intends to do so. In other words, ad networks might have no choice but to stop tracking Web users without their explicit consent, regardless of what happens at the W3C.