When Microsoft shipped its Release Preview of Windows 8 in June, it announced that the default browser, Internet Explorer 10, would have the Do Not Track (DNT) signal enabled by default. That action unleashed a heated debate in the Tracking Protection Working Group of the World Wide Web Consortium (W3C).
To the advertising and analytics companies that make up the tracking industry, this issue is an existential one. If the default browser in the world’s most popular operating system is set to disallow tracking, the effect would be profoundly disruptive to companies that live and die by their ability to follow users around the web.
After much discussion, the working group agreed that DNT could only be turned on by a browser if that decision "reflects the user’s preference." The result was a consensus by the working group that a browser (technically, a user-agent) should not enable DNT by default.
Today, Microsoft answered those critics by saying it still intends to enable DNT in Internet Explorer in IE 10. But the final released version will make one concession, according to Microsoft Chief Privacy Officer Brendon Lynch, who announced the decision in a blog post:
DNT will be enabled in the “Express Settings” portion of the Windows 8 set-up experience. There, customers will also be given a “Customize” option, allowing them to easily switch DNT “off” if they’d like.
Microsoft says anyone who goes through the express setup will know without question that they’re agreeing to enable DNT:
Customers will receive prominent notice that their selection of Express Settings turns DNT “on.” In addition, by using the Customize approach, users will be able to independently turn “on” and “off” a number of settings, including the setting for the DNT signal. A “Learn More” link with detailed information about each recommended setting will help customers decide whether to select Express Settings or Customize. A Privacy Statement link is also available on the screen. Windows 7 customers using IE10 will receive prominent notice that DNT is turned on in their new browser, together with a link providing more information about the setting.
The decision is likely to inspire more outrage from the W3C Tracking Protection Working Group, which is in the homestretch of its standards-setting process.
One of Microsoft’s most ardent foes in this debate is Mike Zaneis, SVP & General Counsel of the Interactive Advertising Bureau, who has argued strenuously that the tracking industry should feel free to ignore DNT signals from anyone using any browser that enables DNT by default:
This group has decided that browsers should be shipped with DNT turned off. Furthermore, we have agreed that browsers shipped with DNT turned on would be non-compliant with the spec (Aleecia has been very public with this position). Therefore, a company can be compliant with the W3C spec and ignore a signal that they know to have been sent by a default setting.
The question ultimately comes down to defaults. Both sides know that most users are inclined to accept the default settings rather than go through a customization process. The tracking industry wants that default to be “Go ahead and track me, I don’t care,” while Microsoft argues that displaying the effect of the default settings diuring initial setup is sufficient to ensure that the DNT setting matches the user’s intent.
If the W3C working group ultimately sides with the tracking industry, the effect on users will be pure confusion. The IAB argues that it’s OK to completely ignore a DNT signal from a “non-compliant” browser like IE 10. But another working group member argues that that approach is flawed. Tamir Israel, of the Canadian Internet Policy and Public Interest Clinic, responded to Zaneis with a list of objections:
* allowing for second guessing of facially valid signals leads to significant confusion on the part of users, many of whom will be using IE10 under the assumption that they are not being tracked;
* at least in some, if not all, jurisdictions servers open themselves up to significant potential liability if they ignore such signals, even if the browser sending them is non-compliant;
* it is essentially browser sniffing, which sets a bad precedent the impact of which far exceeds IE10 implications. It will allow anyone at any point of the exchange to basically ignore any signal they don't like based on purely subjective factors;
With its decision, Microsoft is consciously staking out a pro-privacy position for IE 10 and throwing down a gauntlet to the Tracking Protection Working Group, which thought it had hammered out an uneasy consensus between privacy groups and advertisers.
The working group is scheduled to meet tomorrow. Although today’s announcement by Microsoft isn’t on the agenda, I’m betting that it will be a topic of still more vigorous discussion.