Washington State

Office of the Attorney General

Attorney General

Bob Ferguson

If the Federal Trade Commission has its way, Web browsers will include a “Do Not Track” setting that lets you decide if data on your Web surfing activities can be collected. Think of it as the techno-savvy sibling to the “Do Not Call” registry that allows you to avoid telemarketers.

The FTC issued a privacy report on Dec. 1 that’s a hit with privacy advocates but not with the $23 billion online ad industry. It's a timely discussion. Consumers have told us that when their personal information is packaged, bought and sold without their consent, they feel violated.

David Vladeck, director of the FTC’s Bureau of Consumer Protection, told the U.S. House Committee on Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection that while some in the industry have taken steps to improve consumer control of behavioral advertising, industry efforts have largely fallen short.

“The FTC has been calling on industry to implement innovations such as 'just-in-time' choice for behavioral advertising since 2008. Although there have been developments in this area as described above, an effective mechanism has yet to be implemented on an industry-wide basis. Second, to the extent that choice mechanisms exist, consumers often are unaware of them, and click-through rates remain low,” Vladeck testified.

computereyeFTC Commissioner Julie Brill discussed the push last week during a National Association of Attorneys General conference in Ft. Lauderdale and the topic is creating lots of netizen buzz.

Microsoft was the first to respond by announcing yesterday it will roll out a new version of Internet Explorer with an optional “Tracking Protection” feature. Here’s an explanation from Microsoft’s blog. (Note: If you don’t have the latest version of Silverlight when you click on the blog link, a pop-up will ask  you to install it. If you choose not to install the video software, you can still view the text of the post.)

Today, consumers share information with more websites than the ones they see in the address bar in their browser. This is inherent in the design of the web and simply how the web works, and it has potentially unintended consequences. As consumers visit one site, many other sites receive information about their activities (you can read more details here). This situation results from how modern websites are built; typically a website today might bring together content from many other websites, leaving the impression that the website appears to be its own entity. When the browser calls any other website to request anything (an image, a cookie, HTML, a script that can execute), the browser explicitly provides information in order to get information. By limiting data requests to these sites, it is possible to limit the data available to these sites for collection and tracking.

A Tracking Protection List (TPL) contains web addresses (like msdn.com) that the browser will visit (or “call”) only if the consumer visits them directly by clicking on a link or typing their address. By limiting the calls to these websites and resources from other web pages, the TPL limits the information these other sites can collect.

Forbes reports that the feature was previously developed for Internet Explorer 8 but was killed under pressure from the advertising industry.

Mozilla devised a “Do Not Track” tool for Firefox but also killed it. DailyTech.com claims Mozilla caved to pressure but the company told the Wall Street Journal it was concerned that advertisers would use even sneakier techniques and could slow down the performance of some sites.

I didn’t find any information online about Google’s Chrome and Apple’s Safari, but it’s safe to assume they’ll hatch similar sleuth-busters. The sticky wicket isn’t creating the technology, say experts, but rather that most of the companies that make Web browsers are supported by online advertising.

Chris Soghoian is the creator of Taco, a free plug-in for Firefox and IE that removes tracking programs, and is now affiliated with Indiana University. He's worked with the FTC and spoke last week at the "Future of Online Consumer Protections" conference hosted by the Consumer Watchdog advocacy organization in Washington, D.C. Soghoian praised Microsoft on his blog:

This is a very savvy, strategic decision on Microsoft's part. I think that the company probably thinks its own advertising business (or at least, its own overall bottom line) will suffer less than its competitors. After all, Google gets most of its money from online advertising, whereas Microsoft still earns a vast sum of money from Office and Windows.

Some data miners are also trying to get in front of federal regulations. The Better Advertising Open Data Partnership will allow consumers to see info collected about them from eight firms including BlueKai, eXelate, 33Across, Lotame and others with more expected to join later, according to Gigaom.com. Google, Yahoo and many others, however, are not current partners. And the Interactive Advertising Bureau believes the industry's Self-Regulatory Program for Online Behavioral Advertising will provide a sufficient opt-out mechanism.

Steve Sullivan, president of the Interactive Advertising Bureau, played the "big brother" card in a USA Today editorial to argue that consumers would be better off without government involvement. His cry that "Consumers who participate in a Do Not Track solution could soon find themselves the targets of cheap and irrelevant advertising," will no doubt outrage the throngs who log on to see their personalized selection of expensive, targeted spam.

Yet another question is whether anyone will actually use the privacy tools.

Says Forbes, “Of course, since ‘Do Not Track’ will most likely be opt-in features for all the browsers, its efficacy depends on people caring enough about their privacy to make the effort and spend the time to opt-in. In addition to depending on people to download the latest versions of these browsers. So yeah, good luck with that.”

On a related note, the folks behind Data Privacy Day want me to remind you that it occurs on Jan. 28.

Related Blog Posts: Cookie Monsters

Privacy 3.0: How your actions can violate your privacy 

Speak Out: Would you use an Internet “Do Not Track” tool if it were included in your Web browser?



Recent Posts

Blogroll & Consumer News

Product Recalls