New Apache 'Patch' Nixes Microsoft's Do-Not-Track Setting

privacy

A computer programmer has written a "patch" for Apache's software that renders Microsoft's upcoming do-not-track command ineffective.

Roy Fielding, a principal scientist at Adobe Systems, created the patch, which effectively nullifies the default do-not-track settings that are slated for Internet Explorer 10. If the patch becomes part of Apache, the move will have a wide-ranging effect because most Web publishers use Apache's open-source software.

Fielding, who previously served as chairman of the Apache Software Foundation, posted the patch last month. But it didn't draw much attention until late this week, when other programmers began discussing it online. CNET first published news of the program on Friday.

Fielding is among a group of computer programmers with "commit" privileges at Apache, which means that his patch will be incorporated in the next version of the software unless reversed.

Fielding indicated that he created the patch because he disapproved of Microsoft's controversial decision to enable do-not-track by default in the upcoming IE10. "Apache does not tolerate deliberate abuse of open standards," Fielding wrote on a message board for developers.

Microsoft's planned do-not-track settings have generated significant controversy since the company announced them earlier this year, but not everyone agrees that they violate "open standards."

The company said in May that it intended to activate do-not-track by default in the upcoming version of IE10. But last month, Microsoft announced a revision to the original plan. The company said in a blog post that Windows 8 will offer users two choices at installation: "express settings" or customized. Only the express settings will include do-not-track by default.

The headers themselves don't block tracking cookies. Instead, they serve as a signal that users don't want to be tracked. The patch strips out that signal from the server.

The Internet standards group World Wide Web Consortium -- which currently is trying to craft recommendations for how companies should respond to the headers -- says that users should give "explicit and informed consent" to do-not-track, but also says there's no agreement yet about how to define the term.

On Thursday, some other programmers involved with Apache said in comments that they disapproved of Fielding's patch, known as a "commit."

"There's just so many things wrong with this commit," wrote one critic. "You don't find it just a little wrong that users are going to think this is turned on, yet you guys are just turning it off?"

 

5 comments about "New Apache 'Patch' Nixes Microsoft's Do-Not-Track Setting".
Check to receive email when comments are posted.
  1. Robert Repas from Machine Design Magazine, September 10, 2012 at 11:33 a.m.

    And how does Mr. Fielding justify his position of forced cancelling of the do-not-track code as different than Microsoft's position of forced do-not-track? In fact, his position is WORSE than Microsoft's. Suppose I WANT the do-not-track code active? By cancelling it, you've just taken MY decision away from me -- without an option to reinstate it! Can you say hypocrite?

  2. Jeff Greenfield from C3 Metrics, September 10, 2012 at 11:50 a.m.

    It's a bit misleading to simply call Roy Fielding a 'computer programmer', he is one of the principal authors of the HTTP specification and co-founder of the Apache HTTP Server project.

    His response on GitHub sums up Apache's position:

    "Apache has a history of stepping in when vendors abuse HTTP. That is why HTTP survived the browser wars, and why the Web will continue to survive past the MS-GOOG war. I can assure you that GitHub would not exist now if Apache had not defended the Web's open standards over the past 17 years."

  3. Carl Ludewig from Ludewig Multimedia, Inc., September 10, 2012 at 1:01 p.m.

    There's the perception of impropriety here in that Mr. Fielding works for Adobe, which has a vested interest in preventing do-not-track in order to protect its Omniture product suite. Is he defending HTTP standards or protecting his employer? It doesn't look good, given the appearance of a conflict of interest.

  4. Russell Glass from Bizo, Inc., September 10, 2012 at 1:42 p.m.

    This is no different than what Microsoft did except actually adhering to standards instead of flouting them. My full opinion about DNT and Microsoft's stance is here: http://blog.bizo.com/blog/from-the-digital-c-suite/the-facade-of-safety-why-microsofts-approach-to-dnt-is-harmful-to-online-consumers-and-what-to-do-about-it. Simply, we need a better solution.

  5. Ray Kingman from Semcasting, September 11, 2012 at 10:13 a.m.

    Isn't a baseline tenant of the IAB Privacy policy "CONSUMERS SHOULD BE INFORMED OF THEIR CHOICES REGARDING INTERACTIVE ADVERTISING AND EMPOWERED TO EXERCISE THOSE CHOICES"? One hopes that this tactical move to disarm the IE 10 default will be reviewed carefully by Corporate stakeholders prior to distribution.

    This patch for Apache is just more PR gymnastics in order to protect behavioral targeting and maintain industry status quo. More to come I'm sure, but IMO some of this energy would be better spent on a more elegant solution that actually moves the online ad industry forward. Simple math says the future of behavioral targeting is bound to be limited. More blocking and duplication of cookies limits coverage of unique users to 30% or less already. Local and SMB campaigns can have less than 10% coverage. We need to innovate and stop fine tuning this leaking plumbing. New targeting technologies like IP Zones give us 100% reach, multi-variant targeting and double-blind, completely safe, audiences with no use, application, or dependency on cookies.: http://semcasting.com/component/k2/item/345-breaking-ranks-on-privacy.html

Next story loading loading..