• United States



Is Microsoft right and W3C wrong about Do Not Track being turned on by default?

Jun 12, 20125 mins
Data and Information SecurityEnterprise ApplicationsInternet Explorer

After Microsoft announced Do Not Track would be turned on by default in Internet Explorer 10, the latest W3C DNT draft proposal suggests Do Not Track should not be on by default. Microsoft stands by its privacy-by-design decision. Who is right? Should the decision to be tracked or not to be tracked be left as 'unknown' until the user chooses otherwise?

Some of us, including Senator Al Franken, believe privacy is a fundamental right. Choice is great, but it’s also a problem since many users will not take steps to change settings and protect themselves or their privacy. Microsoft led the privacy-by-default pack with Internet Explorer 10 on Windows 8 when the company announced “Do Not Track” (DNT) will be enabled by default. However, the latest W3C Do Not Track proposal says DNT should not be on by default; Ironically, Microsoft will have to change DNT privacy by default for the Mighty M to “claim it supports the developing privacy standard.”

Mozilla, which originally proposed Do Not Track, praised Microsoft on its Privacy Blog for putting its “full weight behind DNT.” Yet Alex Fowler went on to explain, “At its foundation, DNT is intended to express an individual’s choice, or preference, to not be tracked. It’s important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it’s not the browser being tracked, it’s the user.” That is also why Mozilla recommends “the right starting point for a DNT system is a default of preference unknown.”

“Explicit consent required” was added to the DNT compromise proposal, which states, “An ordinary user agent must not send a Tracking Preference signal without a user’s explicit consent.” The editors of the DNT compromise are Peter Eckersley of the EFF, Tom Lowenthal of Mozilla and Jonathan Mayer of Stanford University. Mayer wrote, “I can assure you now: there will be components of the proposal that you will not like. Some industry and advocacy participants will flatly reject it. But when everyone in the center of the group is just a bit unhappy, I think we’ve found our consensus.”

Brendon Lynch, Microsoft’s Chief Privacy Officer, followed up with another post after W3C “rejected” DNT privacy by default. Lynch mentioned the Pew Internet & American Life Project in which 68% of people said they “were ‘Not OK’ with targeted advertising because they don’t like having their online behavior tracked and analyzed.” Although Microsoft is a part of and has “great respect” for the W3C working group, the company believes the “appropriate privacy-friendly default for DNT in IE10 is ‘on’.” Lynch concluded, “We agree with those who say this is all about user choice. However, we respectfully disagree with those who argue that the default setting for DNT should favor tracking as opposed to privacy.”

Several people have suggested that Microsoft’s decision to turn DNT on by default may be a strike at its rival Google, but all big advertising networks profit by vacuuming up and collecting web user behavior data. Not all tracking stops even when Do Not Track is “on.” Digital Trends suggested, “Do Not Track may not protect anybody’s privacy.”

Personally, I believe DNT is a good thing and I support Microsoft’s decision to have it automatically on in IE10. However, Don’t Track looks even more appealing to a privacy freak. The difference is that Don’t Track literally means nothing about what you are searching for online is saved, and that is why I stand by and highly recommend using DuckDuckGo. Unlike some people, I’m not interested in targeted ads and use all kinds of privacy and security add-ons to block and stop as much as possible. Sadly “don’t track” me at all in any way, anywhere while I’m surfing the web, not ever, does not yet exist once you leave DDG.

In other Microsoft news, today the company detailed its new process for automating certificate revocation. Also, WSUS administrators are advised to apply the Windows Server Update Services update prior to deploying this month’s security bulletins. The Redmond Giant sent this:

Additionally, to minimize disruptions and help protect customers’ systems from potential cyber-attacks, Microsoft issued seven security updates today through its regular monthly release cycle. Of note, one update addressing four issues in Microsoft Lync was added after the Advance Notification Service was released on Thursday, and another (Visual Basic for Applications) was removed from the list. Microsoft conducts stringent testing on each bulletin throughout the release process, and occasionally that results in withdrawing or re-adding a particular bulletin to ensure customers receive updates as soon as they are ready to ship.

The top priority bulletins this month are MS12-037 (Internet Explorer) and MS12-036 (Windows). Microsoft recommends that customers test and deploy these top-priority bulletins as soon as possible.

More details on June’s security updates, including Microsoft’s deployment priority recommendations and Exploitability Index, can be found on the Microsoft Security Response Center blog.

Like this? Here’s more posts:
  • Get ready for more TSA pat-downs
  • Study Finds 1 in 2 Americans are ‘Clueless’ about Webcam Hacking
  • Inception-like Remee lets you take control of your dreams
  • Microsoft ‘sorry’ for raunchy Windows Azure video with dancing girls, bad sexual lyrics
  • Sanitize Microsoft Office: How to remove personal metadata
  • Trolling Terrorists with Propaganda: The US hack of al-Qaida that wasn’t a hack
  • Male or female, who’s the better social engineer? Battle of the SExes!
  • Apple and Google Maps: Will eye-in-the-sky ‘spy planes’ place our privacy at risk?
  • Emergency Windows patch stops Flame malware from spoofing Microsoft security certificate
  • SOPA supporters meet in secret to strangle Internet freedom & online speech
  • Feds investigate who leaked classified Stuxnet cyberattack details to NYT
  • This is why people pirate Windows
  • Hacktivists UGNazi attack 4chan, CloudFlare and Wounded Warrior Project
  • FBI Creates Surveillance Unit to Build Backdoors into the Web

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.