
IE10 to send "Do Not Track" DNT header by default - cpeterso
https://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/05/31/advancing-consumer-trust-and-privacy-internet-explorer-in-windows-8.aspx?Redirected=true
======
magicalist
Mozilla's reaction: [http://blog.mozilla.org/privacy/2012/05/31/do-not-track-
its-...](http://blog.mozilla.org/privacy/2012/05/31/do-not-track-its-the-
users-voice-that-matters/)

"There are three different signals to consider in broadcasting the user’s
preferences for tracking:

    
    
      User says they accept tracking
      User says they reject tracking
      User hasn’t chosen anything
    

Firefox defaults to state 3: we don’t know what the user wants, so we’re not
sending any signals to servers. This causes the presence of the signal to mean
more — the signal being sent should be the user’s choice, not ours. Therefore,
Firefox doesn’t broadcast anything until our user has told us what to send."

~~~
recoiledsnake
>we don’t know what the user wants

How about they ask their users on first install?

~~~
simonbrown
So everyone clicks "no" (or gets confused and asks a technical relative),
Firefox always sends the DNT header, so no sites respect it.

~~~
cooldeal
>or gets confused and asks a technical relative

Isn't that a good thing for users to know about tracking? Firefox can always
include some small popup help with the prompt explaining the DNT.

>so no sites respect it

But they will lose a big excuse(it's default) not to support it.

------
singingwolfboy
This is a really bad idea. Most people don't change defaults -- the idea
behind DNT is that the people who care about privacy can easily take steps to
assure their own privacy. As long as businesses know that browsers sending the
DNT header are sending it _intentionally_ , there's a chance that websites
will respect it.

With this change, DNT becomes meaningless. How can businesses determine which
users are OK with being tracked, and which are not? Since it's technologically
easier to simply track everyone, and it makes good business sense to gather as
many metrics as possible, businesses will simply argue that they can't respect
a header that most people don't know/care about (since it was on by default).
That makes things worse for the people who _do_ care about it.

~~~
jlarocco
I had the exact opposite feeling.

First, everybody cares about privacy. Just because businesses have taken
advantage of users being clueless, doesn't mean those clueless people don't
care about privacy.

Second, your "nobody knows about it" argument can cut the other way. How can a
business track people when most people don't know/care that they can opt out
of being tracked?

Nobody wants to mention it, but the truth is that if it were on by default,
few people would turn off DNT once they knew what it was for.

I don't like MS, and I don't even own a computer that can run IE10, but I
think this is a great idea.

~~~
ktsmith
I spent several years working for a marketing firm and based on my experience
with the industry I would guess that there will be no adoption of honoring
these tags if they are sent by default unless it becomes legally mandated.

~~~
jlarocco
Well there's really nothing Microsoft can do about that, is there?

It seems silly for marketing firms to tell everybody, "Oh yeah, we're totally
serious about privacy and we'll honor DNT," and then backtrack when lots of
browsers start sending it.

It's not Microsoft looking bad here.

~~~
ktsmith
Other than companies like Google most marketing companies couldn't give a shit
about what you think of them as you aren't their customer. Additionally a lot
of marketing companies would likely publicly get behind a DNT header when the
recommendation is that browsers send "no preference set" by default. As soon
as a browser vendor goes to default DNT the marketers support of the standard
and honoring of it will go out the window as it's not in their interests to
participate any longer.

The end result will be that Microsofts choice will result in everyone being
tracked rather than only those people that have no preference set or have
explicitly opted in.

A good example of companies not honoring a restrictive default is the P3P
header. Damn near everyone sends a P3P header but most of them don't actually
honor the settings from the header, or have the other components set up. It's
all about getting third party cookies set successfully and not honoring how MS
implemented P3P in IE or what the user wants.

~~~
jlarocco
It will be the marketing companies choosing to disregard the DNT headers and
track everybody, not Microsoft.

Blaming it on Microsoft makes no sense.

~~~
ktsmith
Microsofts actions will have consequences, pointing out the consequences of
their actions makes perfect sense.

------
eli
Seems like a terrible idea. I think the vast majority of online marketing
companies are very willing to let people opt-out of tracking [1], but people
who haven't expressed a preference? If DNT header becomes the default for
browsers then I predict ignoring DNT will become the default for ad networks.

[1] <http://www.networkadvertising.org/managing/opt_out.asp>

~~~
cooldeal
In that case I hope someone makes an extension that blocks ads from such
networks by default.

~~~
simonbrown
How many people will install it that haven't installed Adblock Plus?

------
ch0wn
Oh wow, I haven't seen a page that destroyed by Chrome's default to not load
insecure content like this one. <http://imgur.com/qfdqG>

~~~
lomegor
I've seen worse. Agh, I can't find it now... but some Microsoft website for
developers... can't remember which one though.

------
kevinpet
The header isn't called "tracking permission", it's "Do Not Track", an
explicit negative. Genius move on MS part though. By making DNT too
detrimental for advertisers to implement, they ensure no one will implement
it, which means they will also be able to ignore it.

~~~
Animus7
Indeed. I seriously think this is a sly attempt at crippling DNT and boosting
ad revenues (also, remember: Microsoft owns a significant stake in Facebook,
whose "Like" beacons would be adversely affected by legislation regulating
DNT).

As a bonus, they get to look like a modern, privacy-conscious, I've-got-your-
back company while they're at it. From a business perspective, it's really
smart.

Disclaimer: Used to work for Microsoft, though nothing web-related.

------
paulgb
I like the idea of privacy-by-default, but I can't help thinking they're
announcing it prematurely for the PR. It may even undermine voluntary adoption
of the tag, since it no longer represents an explicit request not to track.

~~~
recoiledsnake
They just released a new version of IE10 preview and it's expected to go gold
in about 2 months, so they're giving time for websites to prepare before
releasing it.

>It may even undermine voluntary adoption of the tag, since it no longer
represents an explicit request not to track

I think this is sort of like how Apple disabled third party cookies in Safari
on the iPhone by default and then Google was caught circumventing it. It could
end up in a PR nightmare for advertizing companies if they don't follow DNT
requests, whether opt-in or opt-out.

------
jarin
Isn't that kind of behavior just going to lead to websites ignoring it by
default?

------
jordo37
This seems like an unfortunate case of Microsoft looking to what will be the
standard several years from now - a good thing for most web technology, given
their slow browser development speed. However, due to the politics and
industry regulation that is still being decided, this will actually sway the
direction of DNT and make it useless (as many users have pointed out here).
There are two fundamental things to keep in mind:

1) There will always be ads on the internet. We are not moving to a direct pay
internet economy anytime soon. 2) Behavior targeting is significantly more
effective than other types of targeting including the context based approach
heavily favored by privacy advocates. (See
[http://idaconcpts.com/2011/04/13/behavioral-targeting-
double...](http://idaconcpts.com/2011/04/13/behavioral-targeting-doubles-ad-
effectiveness/)). Because of this, the advertising companies will find ways to
keep doing behavior targetting - ranging from the benign like site
retargetting to the more troubling association with private data.

DNT as an opt out solution is great because it allows people who probably
won't click on ads to say they don't want them. Private users and advertising
companies both win. But third party cookies exist for a reason and if they are
removed from the equation then advertising companies will simply find another
way.

------
AdrianRossouw
meaning nobody will honor it.

------
limejuice
If IE10 installer asked you this question: Do you want websites to track you?
() Yes () No I think most people would say No. So, defaulting to No seems like
the correct thing to do.

I don't know if that would really hurt Google or Facebook because if you have
a google account, you are opted-in to have google or facebook track you.

It might hurt 'lurker' ad networks which track you without you even having any
account or relationship with them.

~~~
raldi
And if waiters asked restaurant patrons if they wanted dihydrogen monoxide
used in the cooking of their food, most people would say no. That doesn't mean
we should stop cooking with water.

------
lmkg
I'm not normally one for tinfoil-hat theories... but given that "online
advertising" is basically synonymous with Google, how does this decision
impact Google?

------
lasr21
From: <http://daringfireball.net/linked/2012/06/01/opt-in-opt-out>

"If “Do Not Track” defaults to on, most users will have it on; if it defaults
to off, most users will have it off. Defaulting to off is no more a
representation of “the user’s voice” than defaulting to on is."

