A W3C committee examining online privacy will meet at Princeton University on Thursday and Friday to discuss some of the key issues raised by proposals for universal do-not-track mechanisms. Topics up for discussion range from fundamental matters like the definition of do-not-track to operational questions like how cookie-based opt-outs can work in conjunction with browser tools to communicate users' preferences. Almost 60 Web companies, academics and others -- including Google, Yahoo, Microsoft and Facebook -- submitted position papers in advance of the conference.
Carnegie Mellon University computer science professor Lorrie Cranor, who is co-chairing the workshop, says it could ultimately lead to standards for implementing browser-based do-not-track headers -- but, she adds, only if the participants can forge a consensus. "W3C has not yet formally taken on the task of formalizing do-not-track or any of the other consumer protection technologies in the tracking space, but are looking at it and trying to determine if there's a role for them and, if so, what direction to go in," she says.
Currently, three major browser developers -- Mozilla, Microsoft and Apple -- have said they intend to offer a do-not-track header. When activated by users, the header will inform Web sites that users do not wish to be tracked as they surf the Web, but won't block content. Google is the only major browser manufacturer that has not yet said it will offer a do-not-track header for Chrome.
But even with most browser companies offering do-not-track, it's not yet known whether the major ad networks will honor it. While self-regulatory groups have said for more than 10 years that Web users should be able to opt out of behavioral targeting -- or being served ads based on sites users have visited -- those groups have not yet endorsed the concept of a browser-based opt-out. Instead, they have been focused on building out mechanisms that allow users to opt out of targeting by ad networks by setting cookies.
So far, however, a few Web companies are expressing support for browser-based headers. Chitika, for one, recently has promised to honor do-not-track. In addition, BlueKai says in a paper it submitted for the upcoming conference that it is creating a tool to allow publishers to recognize a do-not-track header while also allowing consumers the ability to disable the header in order to access content.
Yahoo says in a paper it submitted to the workshop that it supports a "hybrid" approach, which involves ad networks honoring users' opt-out cookies as well as any do-not-track headers.
Google, by contrast, did not endorse a browser-based header in its comments. Instead, the company emphasized that tracking can benefit Web users. "Advertising may be less annoying or intrusive if it is useful and relevant to the user," the company states in its comments. "To ask a user to make a decision about tracking without incorporating both sides of the equation -- the value they get from advertising-supported content as well as their concerns about tracking -- would put at risk aspects of the online experience that millions of users have come to expect and value."
Many of the companies and individuals to submit papers agree that the word "tracking" could have many different definitions, but beyond that there appears to be little consensus about what the word means. Wendy Seltzer, a fellow at Princeton's Center for Information Technology Policy as well as Harvard's Berkman Center for Internet & Society, proposes several possibilities. "Is it following a user across multiple sites or multiple sessions, or does it include watching repeat intra-session visits to the same website? Is it correlating browsing behavior with personally identifying information gained from user input or environment?" she asks in her written comments. "Unless all sites respond using the same definitions, the header will operate differently from site to site."