One of many planned explorations towards a more elegant and privacy-enhancing approach to user choice and control.
I've recently been blogging about online tracking and behavioral advertising, and I think it's time to take the first step towards a solution. Complete solutions to the transparency gap and lack of user-data control are being actively explored and as part of
Mozilla's larger aim to improve users' control over their data, we want to take the first step. I'm proposing we implement a HTTP header that Firefox users can elect to send that tells ad networks they don't want to be tracked.
What is tracking in the context of "Do Not Track" for Online Behavioral Ads?
The definition here is hotly debated, but the general consensus seems to include at a minimum:
Tracking is the accumulation and use of a profile by advertising networks through invisible or subtle noting of which sites an individual visits, and the use of the profile data to customize advertisements displayed.
Currently, to opt-out of online behavioral advertisements, you have to get a site to set an "opt-out" cookie so they won't track you. There are various web sites that help out (
NAI,
IAB UK) and there are Firefox Add-Ons (
TACO,
beef taco, etc.) that can streamline this process. But this is a bit of a hack: it's nearly impossible to maintain a list of all the sites whose tracking people may want to opt-out from. It would be more attractive if there was one universal "opt-out" signal that would tell
all sites you want to opt out.
Bug 628197 calls for the implementation of a HTTP header that is transmitted with every HTTP request that advertises the Firefox user's desire to not be tracked by advertising networks.
A checkbox in Firefox's preferences panel could ask if the user wants Firefox to request opt-out from tracking, and when checked the HTTP header "Tracking-Preference: do-not-track" will be sent. This is a similar approach to others that have explored an HTTP header for opt-out (
donottrack.us,
UBAO), and I agree it's a good step to take.
Servers don't know about this yet, so it won't have immediate effect on tracking, but in the meantime the presence of the header can be observed by web sites (in a similar way to a cookie) to help understand how desired opt-out of OBA is. Once this feature ships in Firefox, it's time for web sites to do the right thing; honor users' choice when they receive Do Not Track HTTP headers and opt-out these users from tracking.
Mike Hanson has also been thinking about this for a while. He's written
a good analysis of problems surrounding online tracking, including a survey of some approaches we could take. An HTTP header that expresses a user's desire to opt-out seems to be the most productive step we can take that doesn't shut off important and innovative bits of the web that fund many of the services and content we make use of in our daily lives.
Do Not Track HTTP headers for behavioral advertising are only one piece of the data choice and control puzzle.
Improving transparency into online data collection and sharing practices is another step that we think will help set peoples' minds at ease. Additionally, we're still working on other technology at Mozilla to improve people's control over how they're tracked online -- features that aim to give people a deeper understanding of how tracking happens, and the ability to shut it down when the Do Not Track request isn't honored. In concert, I hope the HTTP header and future efforts will help people regain transparency and control over how they're profiled or tracked online.
EDIT: Test builds of Firefox are available here if you want to try out my initially proposed implementation. Of course it will change before we ship, but these builds provide a proof of concept.
EDIT: The newest Firefox 4.0 beta has the initial implementation in it.
Download the beta if you'd like to try it out!
