In February of 2011, Mozilla's Firefox browser rolled out a "do not track" tool, which was aimed at giving users a simple way to opt out of all online tracking and behavioral advertising. Microsoft, Google and Apple soon followed suit.
But even though the do-not-track tools have been available for years, they have never been especially effective. That's because turning on do-not-track only sends a signal that users don't want to be followed, but doesn't prevent advertisers from tracking users or sending them targeted ads.
Instead, ad networks and publishers are free to decide whether or not to honor the do-not-track signals. A few high-profile companies, including Twitter and Pinterest, have publicly promised to honor the signals, but most have not.
One reason why do-not-track never gained broad support is that the ad industry and privacy advocates couldn't agree on how the signals should be interpreted. Some privacy advocates argued that people who say they don't want to be "tracked" don't want any information about their Web-surfing history compiled. But ad industry representatives said they were willing to stop serving targeted ads to people who turned on do-not-track, but wanted to continue to be able to collect data for purposes like market research and product development.
The Internet standards group World Wide Web Consortium recently unveiled a proposal that calls for ad networks and other companies to stop collecting data from users who have turned on the do-not-track signals, except for auditing, security, debugging and frequency capping purposes.
Today, the privacy group Electronic Frontier Foundation released its own proposed definition of do-not-track, which goes further than the World Wide Web Consortium's.
The EFF says that honoring do-not-track means refraining from collecting unique identifiers like cookies, digital fingerprints or "supercookies" from users without their explicit consent, except in extremely limited circumstances. They include situations where companies are required by law to retain data, need the information to respond to fraud suspicions, require the data to process a transaction, or need information about ad clicks for billing purposes.
The EFF also says that companies shouldn't retain IP addresses for longer than 10 days; after that period, the EFF says the data should be "de-identified."
The EFF's effort is backed by privacy software company Disconnect, publishing site Medium, analytics company Mixpanel, tracking-blocking extension AdBlock and search engine DuckDuckGo.
The organizations say Web companies will have an incentive to follow the new standards, because they will operate "in tandem" with ad blockers. The idea is that ad blockers like PrivacyBadger, AdBlock and Disconnect will examine publishers' sites to see whether they say they comply with the do-not-track standards set out by the EFF. If so, the software will not automatically block third-party material from those sites. (Users can still configure the software to block third-party material regardless of whether sites comply with the EFF's do-not-track standards.)
Peter Eckersley, chief computer scientist at the EFF, says that linking the standards to exemptions from ad-blocking software could encourage Web companies to stop gathering information about people who say they don't want to be tracked.
"There has been frustration, because it's obvious that the Web needs a strong privacy opt-out mechanism, but the attempt to build one by pure consensus has been profoundly unsuccessful," he tells MediaPost.