Do Not Track gets support in iOS 6, but patent woes loom
Summary: Apple snuck support for the Do Not Track standard into iOS6, but may have violated the W3C standard in the process. Meanwhile, the W3C has formed a special group to deal with a pesky patent-infringement claim.
When Firefox introduced Do Not Track as a browser feature, Mozilla put out a press release and built a detailed FAQ.
Microsoft published multiple blog posts by the company’s Chief Privacy Officer to defend the decision to enable Do Not Track in Internet Explorer 10. The company even built a comprehensive multi-browser test page.
Google told CNET’s Stephen Shankland earlier this year that Chrome would support Do Not Track “by the end of the year,” presumably meaning 2012.
Apple’s Safari page boasts that “Safari takes your privacy seriously. You can turn on Do Not Track, an emerging privacy standard.” That option debuted in Safari 6 on OS X, where the settings are exactly where you would expect them: on the Privacy tab of the Options dialog box, labeled “Ask websites not to track me.”
So what about Safari in iOS 6? I can’t find any official indication from Apple that the mobile browser supports DNT. If you open Settings and tap Safari on an iPad, there’s nothing that mentions tracking—just this switch that lets you toggle something called Private Browsing (which is off by default).
And would you believe it? Flipping that switch adds the DNT:1 header to every Safari request, as confirmed by a visit to a DNT test page set up by 3PMobile (description here, actual test page here).
Technically, that may be a violation of the Tracking Preference Expression (DNT) standard, at least as embodied in the current draft by the W3C working group. The section headed “Determining User Preference” makes it clear: “[That] expression … MUST reflect the user's preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user's control. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”
There’s a “Private Browsing” option on the OS X version of Safari, which discards cookies but doesn’t enable DNT. And I can’t find any documentation of this iOS behavior, which is decidedly different. Without that documentation, it's hard to argue that a user would know that sliding that switch sends out the DNT header.
The advertising industry threw an epic hissy fit over Microsoft’s decision to make Do Not Track the default setting when users set up Windows 8 for the first time. In that case, though, the “Do Not Track” language is called out clearly in the consent dialog box, and users have to agree to accept that setting.
Peter Cranstone, CEO of 3PMobile, is the one who first discovered this behavior. It shouldn’t be surprising that he pays close attention to this issue, because his company has a very big dog in this hunt. That dog is U.S. Patent number 8,156,206, whose claims include this one:
A computer-implemented method comprising: providing an end user of an Internet-enabled device with an ability to selectively enable a current web browser privacy setting from among a plurality of web browser privacy settings by presenting a user interface containing options regarding the plurality of web browser privacy settings to the end user via a display of the Internet-enabled device; receiving, by a web browser running on the Internet-enabled device, a navigation request relating to a web server; responsive to the navigation request, causing a HyperText Transport Protocol (HTTP) request to be generated, wherein a value associated with an HTTP header field of the HTTP request is set based on the current web browser privacy setting; and directing the web server to return to the web browser content associated with the navigation request tailored in accordance with the current web browser privacy setting by transmitting the HTTP request to the web server.
That’s essentially a description of the Do Not Track header. Mozilla dismissed it as a “false patent claim.” But the W3C has taken Cranstone’s complaints seriously enough to convene a Patent Advisory Group (PAG), with this reason listed in the opening “Goals” section:
The mission of this Patent Advisory Group is to study issues and propose solutions related to the Tracking Preference Expression Working Draft. An outside party (who is contributing postings to the Working Group mailing list) has been alerting articipants [sic] in the Working Group about his US Patent Nr. 8,156,206. Some of these communications were at time disruptive to the conversations of the Working Group, and have been the reason for serious concern among participants in the Working Group.
Forming a PAG has the potential to grind the standards-setting process to a halt. Cranstone says he has offered a royalty-free license for the patent to Mozilla and the W3C, but both have rejected the offer.
It’s hard to tell whether the possible patent squabble is a speed bump, a pothole, or a massive sinkhole that will swallow the nascent Do Not Track standard completely. Whatever the cause, the ratification of the standard has been pushed from the end of this year to sometime in 2013.
A meeting of the W3C working group in Amsterdam concluded yesterday. It remains to be seen whether that meeting will result in a smooth resolution of outstanding issues, a hardening of competing positions, or just more foot-dragging and bickering.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Apple should do what microsoft does
This would damage google more than the lawsuits ever will.
Wouldn't change a thing.
I beg your pardon?
IE9/IE10 + Do Not Track + Tracking Protection Filters + Simple AdBlock = Best. Surfing. Ever.
Always track
Um...
There, fixed that for you.
so, in other words, because Apache
I prefer a system where DNT just works.
It was worthless in the first place.
Only if the browser/user chooses to discard all tracking keys is it under the users control. Anything else cannot be forced.
No.
There, fixed that for you.
re: Um...
Well, he's an Apache co-founder and also a co-author of the DNT user preference protocol. While did write it, the patch was released by the Apache Project. It's not like one random contributor could do this.
Re: re: Um...
"It's not like one random contributor could do this. ( Add a patch to Apache
without any real discussion or voting on that specific addition )".
Well, that pretty much IS 'what happened'.
Once the entire 'Apache Group' realized that this patch HAD gone into the
latest 'release' without a normal amount of general discussion or a
specific 'vote' ( especially for a patch as 'obnoxious' as this one )...
only then did a real discussion about this 'patch' take place.
The consensus of the Apache DEV group (now) is that it should have never
happened and that it should be REMOVED from the next release of Apache.
There were a number of developers calling for Roy Fielding's 'commit'
privileges to be revoked because of this 'incident', but it doesn't look
like that's actually going to happen.
Here is a link to the actual (public) discussion that took place amongst
the most important Apache developers AFTER they realized they had
shipped a version of Apache with Roy's 'Kill IE10 DNT signal' patch in it.
The thread includes comments from Roy Fielding himself where he
still asserts that he did 'nothing wrong'... but he is +0 ( indifferent ) now
about whether the patch is 'removed' or not.
http://www.gossamer-threads.com/lists/apache/dev/418222
re: Re: re: Um...
> a normal amount of general discussion or a specific 'vote'
I wasn't there so I don't know, but Fielding makes the claim in his twitter feed that it was voted on.
I know some developers are ticked off but it's not because they agree with MS. I tend to agree with them because why put Apache in a position to take the blame for DNT not working? MS has made sure advertising networks won't respect the DNT header simply by baking it into it's market-leading browser.
Besides, the reason I posted about Fielding was because, by leaving out important details, Bott's post was misleading. Considering the facts that Fielding's a Principal Scientist at Adobe, a co-founder of the Apache project and co-author of the DNT protocol, referring to him only as "an Adobe employee who also contributes to Apache" is misleading. That's like referring to something President Obama has done by saying it was done by "a federal employee who contributes to policy-making."
Then you need to also dump Bing, hotmail,...
Nope
I don't see the problem...
And before any trolls try scolding me on technicalities or semantics, just remember the companies being dealt with here. Microsoft is doing what's right for consumers (not companies, what a shocker), Apple is going half-in because of user pressure, Mozilla is riding the fence as best they can, and everyone else so far is pro-advertising. So which path do you think those advertising folks are gonna go if they're angry about Microsoft and Apple?
who are those advertising supporters?
As you may probably know, Microsoft is a big wannabe advertiser. They sink billions every year trying to compete in that market. As a matter of fact Ballmer was to throw +40B, to get a foothold in the market, via Yahoo. For MS, advertising is Eldorado, a whole new frontier of unlimited cash flow. Because, thanks to OSS, it is increasingly hard to get a dollar from software, and it will become harder and harder (OSS is getting better and better). You also must know that MS last quarter operated at loss. Bottom line, they need money. That's the importance of advertising. All the rest of your cheap spin is just part of that broader strategy to debilitate Google.
Seriously?
http://www.microsoft.com/investor/reports/ar12/financial-highlights/index.html
http://www.microsoft.com/investor/AnnualReports/default.aspx
I would have to guess that anyone who believe for pay software is going away is either prescient into 2050 and beyond or has a finger on the scale of the analysis!
this is the most outrageous and ridiculous story....
That patent claim should be quashed, no doubt about it...
the language of the standard is also not clear...
“[That] expression … MUST reflect the user's preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user's control. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”
Lets say the user has not made a choice as in the case of iOS. So iOS is not sending any preference expression... So how does a lack of expression be dealt with by the server/service vendor? Does the standard cover that scenario? I would assume that would be like the user has consent for tracking him/her. So both iOS/Safari and IE is correct... The standard's definition is not succinct and that may have paved the way for the crap patent claim.
Just FRAND U.S. Patent number 8,156,206
Not even necessary
Ed, are your certain that it is unnecessary?
https://wiki.mozilla.org/DNT_false_patent_claim
"In a welcome and positive gesture of good faith, Mr. Cranstone indicated that he was willing to grant Mozilla a free license. We offered that the best way to help was to make sure that everyone had the same license opportunity without having to negotiate a non-standard license agreement. We suggested that the existing W3C RF license provisions would be best so that everyone would obtain real RF license rights consistent with other web standards and without one-off license arrangements ... Mr. Cranstone declined the W3C RF approach ..."