Do Not Track gets support in iOS 6, but patent woes loom

Do Not Track gets support in iOS 6, but patent woes loom

Summary: Apple snuck support for the Do Not Track standard into iOS6, but may have violated the W3C standard in the process. Meanwhile, the W3C has formed a special group to deal with a pesky patent-infringement claim.

TOPICS: Privacy, Apple

When Firefox introduced Do Not Track as a browser feature, Mozilla put out a press release and built a detailed FAQ.

Microsoft published multiple blog posts by the company’s Chief Privacy Officer to defend the decision to enable Do Not Track in Internet Explorer 10. The company even built a comprehensive multi-browser test page.

Google told CNET’s Stephen Shankland earlier this year that Chrome would support Do Not Track “by the end of the year,” presumably meaning 2012.

Apple’s Safari page boasts that “Safari takes your privacy seriously. You can turn on Do Not Track, an emerging privacy standard.” That option debuted in Safari 6 on OS X, where the settings are exactly where you would expect them: on the Privacy tab of the Options dialog box, labeled “Ask websites not to track me.”

So what about Safari in iOS 6? I can’t find any official indication from Apple that the mobile browser supports DNT. If you open Settings and tap Safari on an iPad, there’s nothing that mentions tracking—just this switch that lets you toggle something called Private Browsing (which is off by default).

iOS 6 and stealth DNT support

And would you believe it? Flipping that switch adds the DNT:1 header to every Safari request, as confirmed by a visit to a DNT test page set up by 3PMobile (description here, actual test page here).

Technically, that may be a violation of the Tracking Preference Expression (DNT) standard, at least as embodied in the current draft by the W3C working group. The section headed “Determining User Preference” makes it clear: “[That] expression … MUST reflect the user's preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user's control. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”

There’s a “Private Browsing” option on the OS X version of Safari, which discards cookies but doesn’t enable DNT. And I can’t find any documentation of this iOS behavior, which is decidedly different. Without that documentation, it's hard to argue that a user would know that sliding that switch sends out the DNT header.

The advertising industry threw an epic hissy fit over Microsoft’s decision to make Do Not Track the default setting when users set up Windows 8 for the first time. In that case, though, the “Do Not Track” language is called out clearly in the consent dialog box, and users have to agree to accept that setting.

Peter Cranstone, CEO of 3PMobile, is the one who first discovered this behavior. It shouldn’t be surprising that he pays close attention to this issue, because his company has a very big dog in this hunt. That dog is U.S. Patent number 8,156,206, whose claims include this one:

A computer-implemented method comprising: providing an end user of an Internet-enabled device with an ability to selectively enable a current web browser privacy setting from among a plurality of web browser privacy settings by presenting a user interface containing options regarding the plurality of web browser privacy settings to the end user via a display of the Internet-enabled device; receiving, by a web browser running on the Internet-enabled device, a navigation request relating to a web server; responsive to the navigation request, causing a HyperText Transport Protocol (HTTP) request to be generated, wherein a value associated with an HTTP header field of the HTTP request is set based on the current web browser privacy setting; and directing the web server to return to the web browser content associated with the navigation request tailored in accordance with the current web browser privacy setting by transmitting the HTTP request to the web server.

That’s essentially a description of the Do Not Track header. Mozilla dismissed it as a “false patent claim.” But the W3C has taken Cranstone’s complaints seriously enough to convene a Patent Advisory Group (PAG), with this reason listed in the opening “Goals” section:

The mission of this Patent Advisory Group is to study issues and propose solutions related to the Tracking Preference Expression Working Draft. An outside party (who is contributing postings to the Working Group mailing list) has been alerting articipants [sic] in the Working Group about his US Patent Nr. 8,156,206. Some of these communications were at time disruptive to the conversations of the Working Group, and have been the reason for serious concern among participants in the Working Group.

Forming a PAG has the potential to grind the standards-setting process to a halt. Cranstone says he has offered a royalty-free license for the patent to Mozilla and the W3C, but both have rejected the offer.

It’s hard to tell whether the possible patent squabble is a speed bump, a pothole, or a massive sinkhole that will swallow the nascent Do Not Track standard completely. Whatever the cause, the ratification of the standard has been pushed from the end of this year to sometime in 2013.

A meeting of the W3C working group in Amsterdam concluded yesterday. It remains to be seen whether that meeting will result in a smooth resolution of outstanding issues, a hardening of competing positions, or just more foot-dragging and bickering.

Topics: Privacy, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Apple should do what microsoft does

    Not really turn DNT on by default, but on the first startup, have a big popup asking users if they want to be tracked or not.

    This would damage google more than the lawsuits ever will.
    • Wouldn't change a thing.

      Google doesn't need to track you UNLESS you log in to a google service...
      • I beg your pardon?

        The whole point of this is that the ads track you regardless of what you use, AND it's in fact exacerbated by going to their sites. Just one reason I've totally dumped Google anything.

        IE9/IE10 + Do Not Track + Tracking Protection Filters + Simple AdBlock = Best. Surfing. Ever.
        • Always track

          Since Microsoft breaks the do not track protocol, Apache sevrers will as default ignore IE 10s setting. Basically turn on always track for IE 10 users...
          • Um...

            Since an Adobe employee who also contributes to Apache has decided that privacy preferences set by anyone using Internet Explorer 10 should not be counted, then Apache will render the entire DNT effort meaningless.

            There, fixed that for you.
            Ed Bott
          • so, in other words, because Apache

            IE 10 privacy settings are useless. There, fixed for you.

            I prefer a system where DNT just works.
          • It was worthless in the first place.

            As a "voluntary" standard isn't a standard.

            Only if the browser/user chooses to discard all tracking keys is it under the users control. Anything else cannot be forced.
          • No.

            Since IE 10 is in violation of the DNT specification, Apache has decided to ignore it.

            There, fixed that for you.
          • re: Um...

            > Since an Adobe employee who also contributes to Apache has decided that...

            Well, he's an Apache co-founder and also a co-author of the DNT user preference protocol. While did write it, the patch was released by the Apache Project. It's not like one random contributor could do this.
            none none
          • Re: re: Um...

            @none none> You wrote...

            "It's not like one random contributor could do this. ( Add a patch to Apache
            without any real discussion or voting on that specific addition )".

            Well, that pretty much IS 'what happened'.

            Once the entire 'Apache Group' realized that this patch HAD gone into the
            latest 'release' without a normal amount of general discussion or a
            specific 'vote' ( especially for a patch as 'obnoxious' as this one )...
            only then did a real discussion about this 'patch' take place.

            The consensus of the Apache DEV group (now) is that it should have never
            happened and that it should be REMOVED from the next release of Apache.

            There were a number of developers calling for Roy Fielding's 'commit'
            privileges to be revoked because of this 'incident', but it doesn't look
            like that's actually going to happen.

            Here is a link to the actual (public) discussion that took place amongst
            the most important Apache developers AFTER they realized they had
            shipped a version of Apache with Roy's 'Kill IE10 DNT signal' patch in it.

            The thread includes comments from Roy Fielding himself where he
            still asserts that he did 'nothing wrong'... but he is +0 ( indifferent ) now
            about whether the patch is 'removed' or not.

          • re: Re: re: Um...

            > this patch HAD gone into the latest 'release' without
            > a normal amount of general discussion or a specific 'vote'

            I wasn't there so I don't know, but Fielding makes the claim in his twitter feed that it was voted on.

            I know some developers are ticked off but it's not because they agree with MS. I tend to agree with them because why put Apache in a position to take the blame for DNT not working? MS has made sure advertising networks won't respect the DNT header simply by baking it into it's market-leading browser.

            Besides, the reason I posted about Fielding was because, by leaving out important details, Bott's post was misleading. Considering the facts that Fielding's a Principal Scientist at Adobe, a co-founder of the Apache project and co-author of the DNT protocol, referring to him only as "an Adobe employee who also contributes to Apache" is misleading. That's like referring to something President Obama has done by saying it was done by "a federal employee who contributes to policy-making."
            none none
        • Then you need to also dump Bing, hotmail,...

          Because all of those do the same thing Google does.
          • Nope

            while I use hotmail, I get ads next my email are not relevant to the content in my email, OTOH, when I use my Gmail, I see ads next to my email are using the keywords in my email. Also in Bing Search you will not see the ads based on your previous search terms even if you turn off search history, and other side it is not that.
            Ram U
  • I don't see the problem...

    Advertising supporters (like Google), have already expressed that it doesn't matter what the user preference is or what Microsoft and Apple and others do... they're going to ignore the standard anyway and do what they want.

    And before any trolls try scolding me on technicalities or semantics, just remember the companies being dealt with here. Microsoft is doing what's right for consumers (not companies, what a shocker), Apple is going half-in because of user pressure, Mozilla is riding the fence as best they can, and everyone else so far is pro-advertising. So which path do you think those advertising folks are gonna go if they're angry about Microsoft and Apple?
    • who are those advertising supporters?

      or a better question, who doesn't support advertising? where are those anti-advertisers?
      As you may probably know, Microsoft is a big wannabe advertiser. They sink billions every year trying to compete in that market. As a matter of fact Ballmer was to throw +40B, to get a foothold in the market, via Yahoo. For MS, advertising is Eldorado, a whole new frontier of unlimited cash flow. Because, thanks to OSS, it is increasingly hard to get a dollar from software, and it will become harder and harder (OSS is getting better and better). You also must know that MS last quarter operated at loss. Bottom line, they need money. That's the importance of advertising. All the rest of your cheap spin is just part of that broader strategy to debilitate Google.
      • Seriously?

        I think you should not handle your own retirement plans.

        I would have to guess that anyone who believe for pay software is going away is either prescient into 2050 and beyond or has a finger on the scale of the analysis!
  • this is the most outrageous and ridiculous story....

    I have heard for quite sometime...

    That patent claim should be quashed, no doubt about it...
    the language of the standard is also not clear...

    “[That] expression … MUST reflect the user's preference, not the choice of some vendor, institution, or network-imposed mechanism outside the user's control. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user.”

    Lets say the user has not made a choice as in the case of iOS. So iOS is not sending any preference expression... So how does a lack of expression be dealt with by the server/service vendor? Does the standard cover that scenario? I would assume that would be like the user has consent for tracking him/her. So both iOS/Safari and IE is correct... The standard's definition is not succinct and that may have paved the way for the crap patent claim.
  • Just FRAND U.S. Patent number 8,156,206

    Microsoft, Apple and Google should purchase and acquire all of the rights to the patent in question from 3PMobile and donate it to the W3C organization. The W3C organization, with assistance from Microsoft, Apple and Google, will FRAND the patent, charge a nominal fee and use the proceeds to fund its activities.
    Rabid Howler Monkey
    • Not even necessary

      The patent owner has already offered a royalty-free perpetual license to the W3C and Mozilla (and presumably anyone else who wants to use it).
      Ed Bott
      • Ed, are your certain that it is unnecessary?

        From the link that you referenced in your article:
        "In a welcome and positive gesture of good faith, Mr. Cranstone indicated that he was willing to grant Mozilla a free license. We offered that the best way to help was to make sure that everyone had the same license opportunity without having to negotiate a non-standard license agreement. We suggested that the existing W3C RF license provisions would be best so that everyone would obtain real RF license rights consistent with other web standards and without one-off license arrangements ... Mr. Cranstone declined the W3C RF approach ..."
        Rabid Howler Monkey