• United States



Microsoft flip-flop: Do Not Track to be off by default

Apr 06, 20154 mins
Data and Information SecurityMicrosoftSecurity

Whether or not DNT switched off by default actually did "favor tracking as opposed to privacy," it was what Microsoft claimed when it turned Do Not Track on by default in IE. Now Microsoft says DNT will be off by default in IE and Spartan.

Do you remember when Microsoft said it was “putting people first” and enabling Do Not Track (DNT) by default in Internet Explorer because the company believed “that consumers should have more control over how information about their online behavior is tracked, shared and used?” Microsoft changed its tune and thought process on DNT.

“As industry standards evolve, how we implement those standards evolve as well,” wrote Microsoft’s Chief Privacy Officer Brendon Lynch. “So to reflect the current requirements of the privacy standard for tracking preferences, Microsoft is changing how Do Not Track (DNT) is implemented in future versions of our browsers: We will no longer enable it as the default state in Windows Express Settings.”

Microsoft’s new DNT off-by-default decision is to clear up any misunderstanding about whether or not its DNT implementation was complying with the W3C standard. “Without this change, websites that receive a DNT signal from the new browsers could argue that it doesn’t reflect the users’ preference, and therefore, choose not to honor it.”

While DNT acts like a suggestion that you don’t want tracked, as opposed to an enforceable message that truly stops sites from tracking you in order to serve up relevant ads, Microsoft’s about-face change is disheartening. Previously, Microsoft said having DNT on by default “advances the idea of privacy as the default state.”

Microsoft’s stance on DNT in 2012

Back then, Lynch said, “In a world where consumers live a large part of their lives online, it is critical that we build trust that their personal information will be treated with respect, and that they will be given a choice to have their information used for unexpected purposes.” In 2012, Microsoft said its decision to turn on “Do Not Track by default in IE10 on Windows 8” was “an important step in this process of establishing privacy by default, putting consumers in control and building trust online.”

Some called Microsoft’s DNT-by-default decision a calculated strike at Google as the W3C DNT proposal said it should not be on by default. Mozilla, which originally proposed Do Not Track, said, “DNT is intended to express an individual’s choice, or preference, to not be tracked. It’s important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it’s not the browser being tracked, it’s the user.”

“An ordinary user agent must not send a Tracking Preference signal without a user’s explicit consent,” the DNT proposal stated in 2012. Despite that the W3C DNT  proposal added that a user’s “explicit consent” was “required,” Microsoft’s Lynch said, “We agree with those who say this is all about user choice. However, we respectfully disagree with those who argue that the default setting for DNT should favor tracking as opposed to privacy.”

Microsoft flip-flop for DNT to favor tracking not privacy

Regarding Microsoft’s flip-flop on turning DNT on by default in its browsers, Lynch pointed at the current World Wide Web Consortium (W3C) DNT draft, which states:

Key to that notion of expression is that the signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site, or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions. The basic principle is that a tracking preference expression is only transmitted when it reflects a deliberate choice by the user. In the absence of user choice, there is no tracking preference expressed.

That idea is not new at all, as it basically is what Mozilla and the DNT draft stated in 2012 — back when Microsoft championed privacy by default by turning on DNT. Whether or not DNT switched on by default actually did “favor tracking as opposed to privacy,” it was what Microsoft claimed, knowing that most people will not take the initiative to turn DNT on if it “ships” as off. But now Microsoft plans to comply and fall in line with Google and Mozilla, as DNT will be off by default in Internet Explorer and Spartan.

“DNT will not be the default state in Windows Express Settings moving forward,” wrote Lynch, “but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so. This change will apply when customers set up a new PC for the first time, as well as when they upgrade from a previous version of Windows or Internet Explorer.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.