The DNT Rope-a-Dope
Even us folks that don’t follow boxing know the infamous rope-a-dope. Show them one thing and then deliver another. The classic, you never saw it coming. So what does this have to do with Do Not Track?
In theory, the DNT effort of the W3C is about defining the technical standards to support the ability of a user to request that a website not share their information with any other party. It is in response to consumer, government and privacy advocate’s requests (and EU regulations) to give consumers a deliberate choice in determining how their personal information is used and shared.
Unfortunately, things are not going well, as summarized in this PCWorld article about IE10 Privacy Settings. But are we really looking at the right things or is all this finger pointing simply a distraction from the real issues?
- DNT has no clear definition. Do Not Track is really Do Not Share, so the name of the standard is misleading.
- DNT has a misleading objective. There is nothing in the standard that prohibits a website from collecting data about its visitors and using that data to deliver personalized content or advertising.
- DNT has no teeth. It is voluntary, so even if a user sets a preference in their browser, the US websites and services are not obligated to honor it.
- DNT offers minimal consumer recourse. The FTC only gets involved if a site or service is not fulfilling it’s commitment to the user.
- DNT lacks transparency. While this is a public forum, most people wouldn’t know where to look for information. The standard is being used to define the policy, rather than reflect the policy, which means non-obvious exceptions can be built-in.
So whether or not Microsoft has DNT turned on or off by default, or Apple hides it’s selection within the greater “Private Browsing” settings of iOS, so the user is unaware of what they have or haven’t selected, what does it matter? The standard is a long way away from approval.
So all this hullabaloo about IE10 is a distraction. DNT has no clear definition and is self-regulated with the biggest wallet at the standards development table being the same organizations who profit the most from tracking. So while companies point fingers at Microsoft for “not adhering to” a yet to be approved standard, regardless of it’s original intent, DNT is starting to look and feel like the rope-a-dope, with a knock-out blow to privacy.