The Interactive Advertising Bureau's general counsel Mike Zaneis caused a stir last week when he said that around
one in five Web users are sending do-not-track signals as they
surf the Web.
Zaneis told the Internet standards group World Wide Web Consortium that the proportion of users with do-not-track signals had grown so high that the ad industry couldn't stop serving
targeted ads to those people. The industry also believes that many of those signals are turned on by default, or by anti-virus software, and that the headers don't reflect users' actual
preferences.
Today, Mozilla's privacy chief Alex Fowler asked for proof of the IAB's contention. “I'm seeing more and more claims of the proliferation of DNT:1 [do-not-track on] online,
especially outside the browser context. Can someone point me to a published study or paper that makes this clear and the sources for these signals?” he said in public email to members of the World Wide Web Consortium's tracking protection group. “If we're going to
consider this as a factor for which signals are OK and also as a justification for which path we follow, it would be helpful for the basis for this claim to be incontrovertible.”
As of
Friday afternoon, no one had posted a public response to
Fowler's question.
Also on Friday, members of the W3C began voting on the ad industry's proposal about how to interpret do-not-track signals. (The vote isn't binding on the W3C leadership, but
gives the participants a chance to go on record with their objections to the various proposals.) The current industry view is that ad networks need not stop
targeting people in response to do-not-track signals. Instead, the industry says that companies should practice “data hygiene” when faced with a do-not-track header. While the concept of
data hygiene remains vague, one concrete proposal calls for companies to delete URLs of Web users, but retain information about the sites they visit.
Of course, that information can be
extremely detailed -- and even more valuable to marketers than the URLs, which arguably are irrelevant without more context. Privacy advocate Jonathan Mayer makes this point in an email to members of
the W3C. “The [ad industry] design misses the forest for the trees: There is nothing inherently problematic about URL data,” he writes. “Rather, privacy risks flow from what can be
learned from URL data.”
For now, the privacy advocates and ad industry representatives seem hopelessly at odds with each other. But whatever the outcome of the current talks, it's worth
noting that the browser manufacturers always have the option of preventing a prevalent form of tracking by blocking ad networks from setting cookies. Safari already does so by default, and Mozilla has
said it intends to do so. In other words, ad networks might have no choice but to stop tracking Web users without their explicit consent, regardless of what happens at the W3C.