
Microsoft sticks to its guns, keeps Do Not Track on by default in IE10 - iProject
http://arstechnica.com/information-technology/2012/08/microsoft-sticks-to-its-guns-keeps-do-not-track-on-by-default-in-ie10/
======
pilif
With the recent amendment ([http://www.wired.com/threatlevel/2012/06/default-
do-not-trac...](http://www.wired.com/threatlevel/2012/06/default-do-not-
track/)) to the spec of DNT that the header should only be honored if the user
has actively chosen not to be tracked, I guess we've just created more data
that is transmitted with every HTTP request and subsequently ignored on the
server.

As IE10 sending DNT isn't a response to a conscious user decision ("I accept
the defaults" is not consciously deciding "I don't want to be tracked"),
servers are basically free to ignore the header if the browser is IE10.

This also means that IE10 will for all intents and purposes always be tracked
regardless of what the setting is set to and whether the server in general
honors DNT or not (currently I know of only twitter to do so).

Way to go!

~~~
kenjackson
That's a mighty suspicious amendment to the spec. Its almost as if they want
to make sure you're tracked. Will they require certified mail and a witness to
verify you really really mean DNT next?

Can the W3C justify this amendment at all being for the good of the user?

~~~
j_s
This seems to be the issue in question: <https://www.w3.org/2011/tracking-
protection/track/issues/4>

Here's the working group:
[http://www.w3.org/2000/09/dbwg/details?group=49311&publi...](http://www.w3.org/2000/09/dbwg/details?group=49311&public=1)

I don't know enough to determine what % of companies represented on the panel
are ad-supported; per a comment on the Microsoft blog:

    
    
      > thank you for not folding to the corrupt w3c standards 
      > body that is setting the standards with a full deck of ad 
      > supported companies on the panel
    

[http://blogs.technet.com/b/microsoft_on_the_issues/archive/2...](http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/08/07/do-
not-track-in-the-windows-8-set-up-experience.aspx#3513055)

------
nathan_long
Although I appreciate the idea of a Do Not Track header, isn't it a bit like a
Do Not Steal sign? You don't use a sign; you use a lock.

It seems like it would be more productive to focus on helping users __not
disclose their identity __than helping them __ask sites to pretend they don't
see it __.

~~~
rickmb
You don't start with using a lock either.

You start with the general consensus that stealing is socially unacceptable,
and you make it illegal.

Which is exactly what will inevitably happen with tracking unless tracking
with permission becomes the exception rather than the rule.

It might even take a few decades, but being tracked by corporations anywhere
you go online is socially untenable in a free society.

Microsoft understands this, although their enthusiasm is probably more
inspired by the fact that a certain competitor that has a major part of its
business model depending on it than by ethical considerations.

~~~
nathan_long
>> You don't start with using a lock either. You start with the general
consensus that stealing is socially unacceptable, and you make it illegal.

And then, as a sensible person, knowing that there exist people who don't care
about laws, and knowing that law enforcement can't catch all criminals, you
also use a lock.

I would love to have laws and penalties for lawbreakers here, but this is the
internet: it spans many legal jurisdictions. Law is not a panacea, and it's
also much harder to get than a software patch.

------
Rudism
I'm not entirely sure the value of the DNT header in the first place, even if
Microsoft doesn't end up completely derailing it with this move... The kinds
of advertisers who would voluntarily opt out of tracking behaviors in response
to user preference probably aren't the kind of company who would do things
with that information that you need to worry about. I can appreciate the
intent behind it, and any move toward increased user privacy is a move in the
right direction, but I don't think that leaving it in the hands of the
advertisers is going to be a particularly effective approach. It may even be
detrimental in the sense that a naive user would turn that option on and get a
false sense of security.

~~~
leejw00t354
Personally I question whether Microsoft's main reason for enabling DNT is to
protect their user's privacy.

If Microsoft can look like the good guys while sticking a knife in Google's
back, preventing them tracking users and targeting ads, then they might as
well go for it.

IE on it's own won't do much damage but other browsers will be under pressure
now to also add DNT, after all, they don't want their users to think they're
privacy online is safer in IE's hands.

If all browsers slowly make this move Google could be affected quite badly.
And that is the logic I think Microsoft is using here.

~~~
pilif
The problem is that the spec of the DNT header says that the DNT header can
only be sent in response to a conscious decision on the users part. By turning
this on by default, the only thing MS accomplishes is that DNT will likely
never have an effect for IE10 users.

Which could also be exactly what they wanted: Get the good press for enabling
the header by default while ensuring that they and everybody else will be able
to track IE10 users normally, regardless of the setting being enabled or not.

~~~
leejw00t354
Maybe but I hope Google would take the higher moral ground and assume the user
has consciously decided to enable it as they have no way to tell otherwise.

It would look a little bad if Google just straight up ignored the DNT header
on IE10.

~~~
ralfn
This would singlehandedly kill 10-20% of Google's profits. Microsoft is
playing a smart game, now that they have accepted that they cant beat Google
in search/web-ads.

------
esolyt
Another pointless act which is simply for show. They want to be able market
Internet Explorer by saying "The Browser That Does Not Track You". W3C clearly
stated that this is considered an abuse of the DNT flag. As a result, thanks
to Microsoft, the flag will start to be ignored completely.

~~~
aggronn
Microsoft just can't win, can they?

~~~
qntm
This is the W3C's problem. "An ordinary user agent MUST NOT send a Tracking
Preference signal without a user’s explicit consent"? How, exactly, are they
intending to detect the user's explicit consent via the medium of HTTP
headers? Why introduce a header which almost everybody in the world would
probably want to use by default in every one of their HTTP requests and then
say that you can't do that? What if I chose my browser specifically because it
has DNT by default? Why introduce a header which doesn't do anything unless
you _really really want it to_?

The Explicit Consent Requirement is nonsensical. But then the DNT header
itself is also nonsensical, because there's no legislation or tangible benefit
to make request handlers respect it.

Nobody should be tracked unless they've explicitly asked for it.

~~~
huggyface
_Why introduce a header which almost everybody in the world would probably
want to use by default in every one of their HTTP requests and then say that
you can't do that?_

Ask everyone in the world if they "don't want to be tracked" and 100% will say
yes.

Ask everyone in the world if they "don't want to be tracked, understanding
that is the economic foundation for almost all of the content they enjoy and
thus they will either need to directly pay or go without" and somewhere
approaching 0% will say yes.

DNT is like commercial skippers on PVRs -- it's beneficial to most user's
experience if a small enough group of users partake, but very detrimental if a
large enough group uses it.

~~~
qntm
> Ask everyone in the world if they "don't want to be tracked, understanding
> that is the economic foundation for almost all of the content they enjoy and
> thus they will either need to directly pay or go without" and somewhere
> approaching 0% will say yes.

No, something approaching 100% of users will still say yes, adding that robust
economic foundation is the content providers' problem, not the users'.

The content providers will then close down or find alternative business
models.

~~~
huggyface
_No, something approaching 100% of users will still say yes, adding that
robust economic foundation is the content providers' problem, not the users'._

Who do you think "users" are? HN denizens?

Users -- most especially those using Internet Explorer -- are average people
who are entirely unconcerned about tracking cookies. They really aren't. They
don't care whether you know that they visit Facebook and TMZ. They care that
they can access those sites for free, and anything that threatened that would
be a threat to them.

There is a serious detachment from reality that occurs in discussions like
this.

~~~
jlarocco
I don't know where you're getting your data, but I don't think most people are
too concerned about paying for things.

Of course, if you ask them, "Do you want to pay for this or do you want it
free?", they'll choose free.

But if you don't ask and just charge for it, I don't think most people would
mind. It's the way things worked for thousands of years. It's the way things
_still_ work for every product in the world except online content. Maybe it's
a huge issue for you, but most people just don't mind paying for products and
content they find worthwhile.

~~~
huggyface
Virtually every paywall implementation has been a dismal failure. One of the
greatest ways to get a viral message on the move is to claim that a common
service will soon charge (see ICQ, Facebook, MSN Messenger, etc).

 _Maybe it's a huge issue for you_

Except that I've made the opposite painfully clear over and over again. But
you apparently thought this would work as some sort of position antidote,
pretending that I'm some sort of abnormally cheap person?

I am actually aware of the world around me. I watch how things work. I pay
attention. My observations are not personal.

~~~
jlarocco
It's a self-imposed problem. Of course people will object now that they're
used to getting a site's content for "free". The sooner those sites die, the
better, IMO. If there are costs associated with creating the content, then
it's a stupid idea to act like there aren't.

Sites and services that charge from the beginning, and/or offer a very clear
value added payment option from the beginning are usually successful. Success
being defined as self-sufficient without violating user privacy and whoring
themselves to advertisers.

------
powertower
Why is everyone here skipping the part in the first paragraph that says the
user will be provided with a dialog on first-run asking him/her whether they
want to turn on, turn off, or dismiss DNT?

~~~
artursapek
I have no idea. Wouldn't that validate it? I don't see why people are so upset
over this.

~~~
mccoyst
People are upset because they wanted to be part of the elite club that maybe
possibly would have had their DNT header honored, but now that it's likely
that a huge percentage of other people on the web will have the header
enabled, suddenly the header will be useless for sure.

If this header would have only been useful if it was only enabled by a small
set of people, then it has always been stupid, and is in no way Microsoft's
fault. Imagine a perfect world where everyone using IE organically decided to
poke around in their browser settings, find, understand, and enable DNT. Are
the trackers now somehow less justified when they ignore it in this perfect
world? No, the motivator is the same — they want to track as many people as
possible and "disabled by default" is just a thin excuse. People that are
defending the idea of trackers ignoring DNT because of IE are engaging in some
weird kind of corporatism.

------
Serplat
The DNT header was likely to be ignored to begin with, but this just seals it.

The only way that the DNT header even stood a chance was if it was only
enabled by a select few individuals who are greatly concerned with their
privacy. By defaulting it to 'on' for users who don't particularly care about
their privacy, or understand any of the implications, they essentially
guarantee that only a handful of sites will even consider honoring DNT.

Assuming they actually stick with this, DNT has lost all of the little meaning
it had to begin with.

~~~
randomfool
Not quite- this is a direct shot at Google's advertising revenue. Google
doesn't have the luxury of ignoring this.

Microsoft isn't doing this to protect users against nefarious trackers, it's
doing it to hurt Google's bottom line.

~~~
Serplat
I suppose that makes some sense.

However, it doesn't change the fact that by enabling it by default, most other
sites will likely end up just ignoring it, even if that isn't Microsoft's
intent.

------
mgkimsal
someone else pointed this out - if they do this during the initial
install/setup of the browser (first time it's run, for example), having
explanatory language and an option for DNT that defaults to something is 'good
enough'.

However... this possibly is too broad. "DNT" may not be something you want to
do for all sites/tracking-entities, and the 'experience' of the web as a whole
(untargeted ads vs targeted ads) may end up being degraded for IE10 users, who
may switch to something else and be less annoyed.

 _ALL_ of this would be wholly unnecessary if 'cookies' hadn't been (and
continued to be) treated as some sort of backroom black-magic that is
consistently hidden from users at every turn. A little extra chrome in the
browser that displays cookies being set/transmitted, along with an ability to
delete/block them - directly from the browser, without having to wade through
'advanced/privacy' menus - would go a long way to giving people easy control
and insight in to what's really going on.

Paranoid privacy nuts wouldn't trust it anyway, and would keep using hand-
compiled lynx or amaya, but the rest of us would be able to quickly see what's
going on and prevent things we weren't sure of.

------
jwblackwell
This is just a poor attempt to try and damage the biggest online advertising
network and their number one competitor - Google.

Realistically the DNT header will do nothing for user privacy.

Just when you think MS is making progress with IE and the web they pull this
stunt.

------
mcovey
Did anyone think that sending a little DNT header was going to keep them safer
or better off in the first place? It is an idea that I would call "cute".

------
4ad
Ah, just a new incarnation of the evil bit[1].

<http://en.wikipedia.org/wiki/Evil_bit>

~~~
ConstantineXVI
Closer to a "Please don't be evil, kind sir" bit.

~~~
eli
Worse, it conveys the intent of "Please don't be evil and/or I never change my
default settings"

------
drcube
This shouldn't be necessary. The default behavior of web services should be no
tracking, whatsoever, unless specifically agreed to in writing by the user.
This should be enforced by laws, not a toothless organization like W3C, and
there should be real punishments for disobeying.

However, this is a good PR move by Microsoft. They don't make too many of
them, so congrats.

~~~
simonbrown
What would you count as tracking? Would websites only have analytics or A/B
test results on users that have printed, signed and sent them consent forms?

~~~
Dylan16807
I haven't thought of every corner case but I would set up something like this:

You can track a user during a single session on a single site.

To track across multiple visits the user must set up an account of some sort.

To track across multiple sites the user must provide some kind of explicit
permission.

Anonymize any session records that don't have this kind of permission.

------
rm999
Microsoft is being overly aggressive and has ulterior motives that don't align
with their users. Very typical of their short-term Machiavellian style of
thinking. Tactically they are making a questionable decision.

They are trying to break a very reasonable compromise that would have
benefited almost everyone. Instead, as one of the largest tech companies that
doesn't depend on advertising revenue, they are trying to use their power to
cripple competitors. They won't win. Online advertisers are too powerful (and
drive too much of the growth in the economy nowadays), legislation won't
regulate the industry in a way that will hand Microsoft a victory. Meanwhile,
IE's users will lose because their choice to be tracked will be ignored.

~~~
Spooky23
Should Microsoft not act in it's self-interest? If you are critiquing
Microsoft for doing that, you should be critical of Google for tracking you --
after all, couldn't they just charge for services?

At the end of the day, consumers will know that "Do Not Track" is on, and that
big advertising networks are igorning it. They won't know or care about the
T's and C's of some agreement.

They'll also know (because Microsoft will tell them) that Bing, Outlook.com,
etc will respect DNT.

~~~
rm999
> Should Microsoft not act in it's self-interest

Only if it benefits them or their users, which it almost certainly won't.
Hurting your competitor is not the same thing as competing with them.

------
Tooluka
I wish someone made a virus which installed tons of anti-adware programs and
plugins on target machines. Imagine - every single PC with adblock loaded with
rules, wouldn't that be cool :) .

inb4: "but ads fund free open web" - I can live with paying subscription for
every single site I really want to visit (even huge subscriptions if the site
is that good). There are very few of those. AND many "free open" sites do not
have ads even now.

~~~
jiggy2011
Not everyone is rich enough to pay a "huge subscription" to every website they
want to visit. In fact many of those who could benefit most from the
information on the web are people without much monetary resources (developing
countries , students etc)

~~~
Tooluka
Yeah, I know this argument - if ads are removed that EVERYTHING would be soo
expensive and children in Africa are dying etc. etc. World is not black and
white.

And by the way, please define "rich" and "rich enough".

~~~
jiggy2011
A lot of small websites , phpBB communities etc are entirely ad supported
because the owner may not be doing it as a money making exercise, the ads just
cover the hosting costs.

The fact that results from these smaller sites show up in google searches (i.e
not behind a paywall) is a good thing for the web in general as they often
have good content, a few non obtrusive banners at the bottom seems like a
small price to pay. If a site just bombards me with aggressive advertising I
simply don't go back, these sites rarely have good content anyway.

I think that having access to free high quality information for people of
modest means is a big net win for society at large, but maybe I'm just a
socialist..

~~~
Tooluka
Small sites will just require small fee, one time or recurring. You see, we
can't take all site, multiply them by some price and add all results to
receive some ridiculous number and declare that man just can't pay that much.
Because a single human can't visit all sites on the Internet, physically.

One individual has at most 16 hours a day for internet and if someone would
estimate average times that the discrete number of sites to visit would be
rather low. It is entirely possible (not 100% sure) that after initial shock
communities will restructure a little, some really obscure sites with little
unique content or services will die, but users won't leave. they'll just shift
to occupy all the sites they really want to visit.

And right now I see that small and obscure websites are NOT findable in search
engines. They don't do SEO and SMO, they are totally dominated by ad driven
monsters they produce and produce and produce... well something. Sometimes
good content sometimes not. Mostly not actually. I almost never find really
good unknown stuff in Google&Co, only by direct links from friends and random
people. Such sites are like dark matter of the internet, real but invisible
knowledge. Invisible behind the noise from ad giants.

~~~
jiggy2011
I don't know about you, but when I'm working, especially doing some form of
research I can easily visit in excess of 40 websites or so a day and probably
hundreds a month, having to pay up for each individual one could get expensive
not be mention it would be a serious inconvenience. And how do I know if a
site is worth signing up for if I have no idea of it's content?

Remember the site expertsexchange.com? The Q&A site that put their answers
behind a paywall, now remember how stackoverflow ate their lunch with a few
small unobtrusive adverts.

I actually do find plenty of useful content on small websites, phpBBs & blogs
through google. Sites with unique content tend to rank well especially if you
are searching for specific terms.

------
rickmb
"Do Not Track" should not be a default in a browser.

It should be the default for every individual in a free country, from birth.

The fact that I'm living, breathing human being with a right to privacy should
already be enough to imply that no corporation has the right to track my
movements with my very explicit, informed and legally verifiable consent.

Browser manufacturers should not even be a party in this.

------
snitzr
Microsoft owns part of Facebook. Is DNT the opposite of Facebook's own
tracking goals?

------
the_unknown
If sites respect the DNT flag sent by the browser then this really should be a
great step forward for user privacy contributing to a better web _from a
user's perspective_.

As a user I don't care about your politics, alliances, bias, or nefarious (to
me) goals. I simply am asked when I start using the browser whether it is okay
for sites to track me and I choose the "heck no, of course not" option or the
"yeah, whatever, go nuts" option. If I accept all defaults including using
Bing as my search engine and DNT as being on who are you (evil web developer
at mega-corp) to say my choice is invalid?

------
mistercow
Sounds to me like MS is trying to call the advertisers' bluff. Perhaps they
think government intervention is more likely than some others suspect (or are
banking on advertisers believing that).

------
jiggy2011
There's a bit of a problem with having a binary do/don't track switch. For
example if the default becomes "do not track" then that essentially make stuff
like google analytics useless and removes a powerful tool for optimising and
improving user experience on websites.

On the other hand I really don't like it the idea of a website trying to glean
my "real" identity and use that to do things which may be anti privacy.

I'm going to brace for Windows 8 release when clients suddenly start asking
why their traffic has dropped off a cliff.

------
shadowmint
If they want to stick to their guns, aggressively block tracking pixels.

This is just messing around with marketing to 'be cool' with their new browser
because Chrome is kicking their ass at the moment.

------
jiggy2011
If you want to get your conspiracy theory head on this could be an attempt to
pick winners in the online ad world. What if it becomes: Do not track (apart
from Microsoft preferred partners).

As an aside: Lots of people also seem to have big misunderstandings about
browser privacy settings, for example I've spoken with people who believe that
the "private browsing" feature in the browser would allow them to browse porn
without the IT dept finding out..

------
frontier
Just IE s#%&ing over web standards like it always has!

~~~
dfranke
Embrace and extinguish.

------
artursapek
I wonder if we can expect Hacker News posts in the next few months pointing
out big name advertisers who ignore DNT as bad guys.

------
prezjordan
I love the contrast in comments here as opposed to the astroturfing in
r/technology. Thank you, HN, for being rational.

------
jjoergensen
If Microsoft wanted to make DNT completely useless and ignored - they may have
accomplished their goal.

------
cooldeal
Looks like Microsoft has added some language at setup to inform the user.

From [http://www.zdnet.com/microsoft-sticks-to-default-do-not-
trac...](http://www.zdnet.com/microsoft-sticks-to-default-do-not-track-
settings-in-ie-10-7000002289/)

>Customers will receive prominent notice that their selection of Express
Settings turns DNT “on.” In addition, by using the Customize approach, users
will be able to independently turn “on” and “off” a number of settings,
including the setting for the DNT signal. A “Learn More” link with detailed
information about each recommended setting will help customers decide whether
to select Express Settings or Customize. A Privacy Statement link is also
available on the screen. Windows 7 customers using IE10 will receive prominent
notice that DNT is turned on in their new browser, together with a link
providing more information about the setting.

