Why Microsoft's Do Not Track Browser Won't Work for Consumers
I can understand why Microsoft would want to add Do Not Track as a default feature for Internet Explorer. Microsoft can appeal to consumers worried about online advertising with a compelling feature and perhaps hurt a competitor, namely Google.
But it won't work, at least not in the way Microsoft hopes it will. For all its controversy, it's amazing how few people know how Do Not Track actually works. What IE 10 will do is send a signal (turned on by default) to the website (and third-party data collectors on that site) that the user does not want to be tracked.
No company is legally required to honor this signal and Microsoft, unless they buy, license or develop a script-blocking technology, can't actually stop the tracking. If you want to take matters into your own hands as a consumer, don't rely on the browser maker. Just download Ghostery or any of its competitors for free. Ghostery blocks the scripts for you, rather than leaving you guessing if the ad network or other tracking company will decide to honor the DNT signal.
This is just one reason why the Digital Advertising Alliance, the World Wide Web Consortium and Mozilla all think IE 10 with DNT as a default setting is a bad idea. (Big disclosure: my company, Evidon, provides the tech solution for the industry's own opt-out program). The entire behavioral advertising industry agreed to honor this signal when it was turned on, but not set to on by default. What will happen now? It's anyone's guess. But, there's a pretty strong chance it ends up like a past failed effort, the Platform for Privacy Preferences, or P3P.
Here's the history. In 2002, the WC3 recommended The Platform for Privacy Preferences Project (P3P). It's a protocol allowing websites to declare their intended use of information they collect about web browser users. Microsoft launched P3P and everyone thought it was going to be a game-changer. The Privacy Protection Protocols that were embedded in IE 6, circa March of 2001, were hailed as a great first step for consumers by privacy experts, concerned with DoubleClick's plans to marry online and offline consumer data, thanks to their acquisition of Abacus.
As CNET reported then, however, they didn't go far enough. What's most interesting about that article is the final quote from Microsoft's product head for IE: "If we came up with some extremist solution that companies wouldn't sign off on, then the Web wouldn't work," he said. "The compromise here is in the default settings, but consumers can go further if they want to."
When Microsoft introduced P3P, publishers scrambled to embed the correct compact language in their privacy policies, so that the header would be acceptable to the browser. Many did. But, the P3P standard never really took hold. A year later, with the proliferation of other browsers and the new kinds of tracking that were enabled through Java, Flash, and other means, nobody was talking about P3P anymore. When did you last read about it?
Why did this happen? Because it was hard to implement for businesses, difficult for consumers to understand and since companies are not required to implement – it's basically a vestige of a previous era that adds little to no value. There was neither business logic nor a straightforward engineering logic to honor it. Sound familiar?
Anyone who has been in our industry and followed issues related to online privacy for the past dozen years or so knows why our industry's self regulatory program is so vital to all of our interests. We all need to be on the same page, working within the same program rules, for that program to work. And make no mistake about it – the DAA program works. While there are mixed messages from different FTC Commissioners and Members of Congress, FTC Commissioner J. Thomas Rosch said it best last week. He wrote that IE 10's default setting, "Does not solve at all the fact that the recipients of the signal must still choose to honor the signal and refrain from tracking consumers and/or collecting data about them."
The industry is all lined up to support a Do Not Track signal when the consumer, not Microsoft, has decided they want to stop tracking. What's old may be new again. But this time, our industry has a self-regulatory program with the backing of every major agency, advertiser, network, DSP and third party online – not to mention the FTC.
While Microsoft wrote down the value of its ad tech business by $6.2 billion yesterday, it's still a formidable business with a large ad network and ad serving relationships with thousands of web sites. Not something you just throw away.
(Another disclosure: Microsoft is an Evidon client)