Do Not Track

Memo to web users with “Do Not Track” enabled: You’re being tracked anyway.

Phillip Nones Advertising, Business, Economics, Government, Social Commentary, Uncategorized , , , , , , , , , , , , ,

do not trackFor anyone who thinks he or she is circumventing web tracking via enabling Do Not Track (DNT) functionality … think again.

A recently released study from researchers at KU Leuven-iMinds, a Dutch-based university think tank, shows that nearly 150 of the world’s leading websites have ditched tracking cookies in favor of “device fingerprinting” (or “browser fingerprinting” as it’s sometimes called).

What’s that?  It’s the practice of evaluating selected properties of desktop computers, tablets and smartphone to build a unique user identifier.  These properties include seemingly innocuous details found on each device, such as:

  • Versions of installed software and plugins
  • Screen size
  • A listing of installed fonts

An analysis by the Electronic Frontier Foundation (EFF) has shown that for the majority of browsers, the combination of these properties creates a unique ID – thereby allowing a user to be tracked without the perpetrator needing to rely on cookies — or having to deal with pesky legal restrictions pertaining to the restriction of cookies’ use.

Overwhelmingly, browser fingerprinting targets popular and commonly used JavaScript or Flash functions, so that nearly every person who accesses the web is a target – without their knowledge or consent.

According to the Leuven-iMinds analysis, the use of JavaScript-based fingerprinting allows websites to track non-Flash mobile phones and devices.  So it’s cold comfort thinking that the iPad platform will offer protection against this form of “non-cookie tracking.”

Is there anything good about device fingerprinting?  Perhaps … in that it can be used for some justifiable security-related activities such as protection against account hijacking, fraud detection, plus anti-bot and anti-scraping services.

But the accompanying bad news is this:  It can also be used for analytics and marketing purposes via the fingerprinting scripts hidden behind banner advertising.

How to fight back, if one is so-inclined?  The Leuven-iMinds researchers have developed a free tool that analyzes websites for suspicious scripts.  Known as FPDetective, it’s being made available to other researchers to conduct their own investigations.

So you’re able to identify the offenders.  But then what — short of never visiting their websites again?

Revenge of the Nerds: Microsoft will make “Do Not Track” the Default Setting for IE 10.

Phillip Nones Uncategorized , , , , , , , , , ,

Do Not TrackIs it just me, or has Microsoft seemed to be the quiet wallflower in recent months? Meanwhile, Facebook and Google have been getting all the attention – good and bad.

But now, here comes this announcement: Microsoft will make the “do not track” feature in the next version of its Internet Explorer browser the “default” option when it ships.

This move poses a threat to the efforts of online advertising giants – including arch-rival Google – to track browsing behaviors and serve up relevant advertising – you know, the high-priced kind.

Could it be that Microsoft is doing a Monty Python “I fart in your general direction” number on Google? And how does this move affect the evolving privacy standards in the online realm?

It should be remembered that the “do not track” feature doesn’t actually block tracking cookies. But it does send a message to every website visited, stating the preference not to track.

It’s a request, not a command, but more sites are now honoring the request. Including, importantly, Twitter … which announced in May that it would embrace the emerging privacy standard.

The Federal Trade Commission also backs the new privacy standard, even as the agency has become more hostile to the online advertising industry’s tracking practices. In fact, the FTC has been threatening to advocate for privacy legislation.

Indeed, online advertisers are now walking a fine line in all of this. Ostensibly, they’re supporting privacy policies … but the ones they’re advocating aren’t too onerous on their ability to collect behavioral data.

What’s most concerning to advertisers is the possibility that they may eventually need to change the way they build profiles of users in order to sell premium-priced targeted ads.  That’s a nightmare scenario they’re attempting to avoid at all costs.

In this environment, how much of a threat is Microsoft’s move? Potentially big, since it’s likely that ~25% or more of web users will upgrade to the IE 10 product over time – with all of them having the “do not track” feature “on” by default.

Microsoft claims that it’s making the change “to better protect user privacy.” That seems logical on its face – and in keeping with Microsoft’s recent moves to incorporate privacy technologies in its browser products.

But one has to wonder if it’s also one of those “nyah” moments directed squarely at Google.

Because as we all know, there’s absolutely no love lost between these two behemoths.